From 69a76e9b4058f789269daab2549758c6afae6a7d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:30:08 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/0xxx/CVE-2004-0112.json | 400 ++++++++++++++--------------- 2004/0xxx/CVE-2004-0335.json | 150 +++++------ 2004/0xxx/CVE-2004-0340.json | 150 +++++------ 2004/0xxx/CVE-2004-0517.json | 150 +++++------ 2004/0xxx/CVE-2004-0711.json | 150 +++++------ 2004/0xxx/CVE-2004-0975.json | 210 +++++++-------- 2004/1xxx/CVE-2004-1076.json | 180 ++++++------- 2004/1xxx/CVE-2004-1212.json | 150 +++++------ 2004/1xxx/CVE-2004-1289.json | 130 +++++----- 2004/1xxx/CVE-2004-1391.json | 170 ++++++------ 2004/1xxx/CVE-2004-1586.json | 140 +++++----- 2004/1xxx/CVE-2004-1865.json | 160 ++++++------ 2008/2xxx/CVE-2008-2024.json | 160 ++++++------ 2008/2xxx/CVE-2008-2625.json | 170 ++++++------ 2008/3xxx/CVE-2008-3010.json | 190 +++++++------- 2008/3xxx/CVE-2008-3734.json | 180 ++++++------- 2008/3xxx/CVE-2008-3800.json | 210 +++++++-------- 2008/3xxx/CVE-2008-3971.json | 180 ++++++------- 2008/6xxx/CVE-2008-6118.json | 160 ++++++------ 2008/6xxx/CVE-2008-6430.json | 160 ++++++------ 2008/6xxx/CVE-2008-6640.json | 140 +++++----- 2008/6xxx/CVE-2008-6653.json | 160 ++++++------ 2008/6xxx/CVE-2008-6874.json | 150 +++++------ 2013/2xxx/CVE-2013-2223.json | 190 +++++++------- 2013/2xxx/CVE-2013-2252.json | 34 +-- 2013/2xxx/CVE-2013-2834.json | 140 +++++----- 2013/2xxx/CVE-2013-2982.json | 130 +++++----- 2017/11xxx/CVE-2017-11257.json | 160 ++++++------ 2017/14xxx/CVE-2017-14091.json | 130 +++++----- 2017/14xxx/CVE-2017-14469.json | 122 ++++----- 2017/15xxx/CVE-2017-15167.json | 34 +-- 2017/15xxx/CVE-2017-15845.json | 122 ++++----- 2017/8xxx/CVE-2017-8331.json | 34 +-- 2017/9xxx/CVE-2017-9165.json | 120 ++++----- 2017/9xxx/CVE-2017-9573.json | 120 ++++----- 2017/9xxx/CVE-2017-9856.json | 140 +++++----- 2018/1000xxx/CVE-2018-1000426.json | 134 +++++----- 2018/12xxx/CVE-2018-12119.json | 34 +-- 2018/12xxx/CVE-2018-12364.json | 372 +++++++++++++-------------- 2018/12xxx/CVE-2018-12579.json | 130 +++++----- 2018/12xxx/CVE-2018-12760.json | 140 +++++----- 2018/13xxx/CVE-2018-13254.json | 34 +-- 2018/13xxx/CVE-2018-13422.json | 120 ++++----- 2018/16xxx/CVE-2018-16098.json | 122 ++++----- 2018/16xxx/CVE-2018-16111.json | 34 +-- 2018/16xxx/CVE-2018-16164.json | 150 +++++------ 2018/16xxx/CVE-2018-16437.json | 130 +++++----- 2018/4xxx/CVE-2018-4067.json | 34 +-- 2018/4xxx/CVE-2018-4730.json | 34 +-- 2018/4xxx/CVE-2018-4824.json | 34 +-- 2018/4xxx/CVE-2018-4875.json | 140 +++++----- 51 files changed, 3559 insertions(+), 3559 deletions(-) diff --git a/2004/0xxx/CVE-2004-0112.json b/2004/0xxx/CVE-2004-0112.json index 810004bb70e..2064a8fc3c9 100644 --- a/2004/0xxx/CVE-2004-0112.json +++ b/2004/0xxx/CVE-2004-0112.json @@ -1,202 +1,202 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107953412903636&w=2" - }, - { - "name" : "http://www.openssl.org/news/secadv_20040317.txt", - "refsource" : "CONFIRM", - "url" : "http://www.openssl.org/news/secadv_20040317.txt" - }, - { - "name" : "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", - "refsource" : "MISC", - "url" : "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" - }, - { - "name" : "APPLE-SA-2005-08-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2005-08-17", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" - }, - { - "name" : "20040317 Cisco OpenSSL Implementation Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" - }, - { - "name" : "CLA-2004:834", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834" - }, - { - "name" : "GLSA-200403-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200403-03.xml" - }, - { - "name" : "MDKSA-2004:023", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023" - }, - { - "name" : "NetBSD-SA2004-005", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc" - }, - { - "name" : "RHSA-2004:120", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-120.html" - }, - { - "name" : "RHSA-2004:121", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-121.html" - }, - { - "name" : "SCOSA-2004.10", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" - }, - { - "name" : "SSA:2004-077", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961" - }, - { - "name" : "SuSE-SA:2004:007", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_07_openssl.html" - }, - { - "name" : "57524", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" - }, - { - "name" : "2004-0012", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2004/0012" - }, - { - "name" : "SSRT4717", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=108403806509920&w=2" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=61798", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=61798" - }, - { - "name" : "http://lists.apple.com/mhonarc/security-announce/msg00045.html", - "refsource" : "CONFIRM", - "url" : "http://lists.apple.com/mhonarc/security-announce/msg00045.html" - }, - { - "name" : "TA04-078A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" - }, - { - "name" : "VU#484726", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/484726" - }, - { - "name" : "O-101", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-101.shtml" - }, - { - "name" : "9899", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9899" - }, - { - "name" : "oval:org.mitre.oval:def:1049", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049" - }, - { - "name" : "oval:org.mitre.oval:def:928", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928" - }, - { - "name" : "oval:org.mitre.oval:def:9580", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580" - }, - { - "name" : "11139", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11139" - }, - { - "name" : "openssl-kerberos-ciphersuites-dos(15508)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9899", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9899" + }, + { + "name": "SSRT4717", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=108403806509920&w=2" + }, + { + "name": "RHSA-2004:121", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html" + }, + { + "name": "MDKSA-2004:023", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023" + }, + { + "name": "CLA-2004:834", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834" + }, + { + "name": "SCOSA-2004.10", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" + }, + { + "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", + "refsource": "MISC", + "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" + }, + { + "name": "57524", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" + }, + { + "name": "SuSE-SA:2004:007", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html" + }, + { + "name": "http://lists.apple.com/mhonarc/security-announce/msg00045.html", + "refsource": "CONFIRM", + "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html" + }, + { + "name": "http://www.openssl.org/news/secadv_20040317.txt", + "refsource": "CONFIRM", + "url": "http://www.openssl.org/news/secadv_20040317.txt" + }, + { + "name": "NetBSD-SA2004-005", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc" + }, + { + "name": "O-101", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml" + }, + { + "name": "TA04-078A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" + }, + { + "name": "oval:org.mitre.oval:def:1049", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049" + }, + { + "name": "openssl-kerberos-ciphersuites-dos(15508)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508" + }, + { + "name": "VU#484726", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/484726" + }, + { + "name": "GLSA-200403-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml" + }, + { + "name": "oval:org.mitre.oval:def:9580", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580" + }, + { + "name": "11139", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11139" + }, + { + "name": "RHSA-2004:120", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html" + }, + { + "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107953412903636&w=2" + }, + { + "name": "APPLE-SA-2005-08-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" + }, + { + "name": "SSA:2004-077", + "refsource": "SLACKWARE", + "url": "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961" + }, + { + "name": "2004-0012", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2004/0012" + }, + { + "name": "20040317 Cisco OpenSSL Implementation Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=61798", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=61798" + }, + { + "name": "APPLE-SA-2005-08-17", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" + }, + { + "name": "oval:org.mitre.oval:def:928", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0335.json b/2004/0xxx/CVE-2004-0335.json index 2db2ee39913..6b76cc0b331 100644 --- a/2004/0xxx/CVE-2004-0335.json +++ b/2004/0xxx/CVE-2004-0335.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LAN SUITE Web Mail 602Pro, when configured to use the \"Directory browsing\" feature, allows remote attackers to obtain a directory listing via an HTTP request to (1) index.html, (2) cgi-bin/, or (3) users/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040228 LAN SUITE Web Mail 602Pro Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107799540630302&w=2" - }, - { - "name" : "20040310 Re: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-03/0096.html" - }, - { - "name" : "602pro-directory-listing(15349)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15349" - }, - { - "name" : "9780", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LAN SUITE Web Mail 602Pro, when configured to use the \"Directory browsing\" feature, allows remote attackers to obtain a directory listing via an HTTP request to (1) index.html, (2) cgi-bin/, or (3) users/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040310 Re: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0096.html" + }, + { + "name": "9780", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9780" + }, + { + "name": "602pro-directory-listing(15349)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15349" + }, + { + "name": "20040228 LAN SUITE Web Mail 602Pro Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107799540630302&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0340.json b/2004/0xxx/CVE-2004-0340.json index 6ae1057876f..c5901ad4930 100644 --- a/2004/0xxx/CVE-2004-0340.json +++ b/2004/0xxx/CVE-2004-0340.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040228 Critical WFTPD buffer overflow vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107801208004699&w=2" - }, - { - "name" : "9767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9767" - }, - { - "name" : "11001", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11001" - }, - { - "name" : "wftpd-ftp-commands-bo(15340)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15340" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wftpd-ftp-commands-bo(15340)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15340" + }, + { + "name": "11001", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11001" + }, + { + "name": "20040228 Critical WFTPD buffer overflow vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107801208004699&w=2" + }, + { + "name": "9767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9767" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0517.json b/2004/0xxx/CVE-2004-0517.json index 35960d985b3..66c3792581e 100644 --- a/2004/0xxx/CVE-2004-0517.json +++ b/2004/0xxx/CVE-2004-0517.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Mac OS X 10.3.4, related to \"handling of process IDs during package installation,\" a different vulnerability than CVE-2004-0516." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2004-05-28", - "refsource" : "APPLE", - "url" : "http://lists.seifried.org/pipermail/security/2004-May/003743.html" - }, - { - "name" : "10432", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10432" - }, - { - "name" : "1010331", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010331" - }, - { - "name" : "macosx-package-installation(16290)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Mac OS X 10.3.4, related to \"handling of process IDs during package installation,\" a different vulnerability than CVE-2004-0516." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1010331", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010331" + }, + { + "name": "APPLE-SA-2004-05-28", + "refsource": "APPLE", + "url": "http://lists.seifried.org/pipermail/security/2004-May/003743.html" + }, + { + "name": "macosx-package-installation(16290)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16290" + }, + { + "name": "10432", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10432" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0711.json b/2004/0xxx/CVE-2004-0711.json index 8ec1c04a719..2dfb128487c 100644 --- a/2004/0xxx/CVE-2004-0711.json +++ b/2004/0xxx/CVE-2004-0711.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in \"*\" as wildcards as if they were the legal \"/*\" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#184558", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/184558" - }, - { - "name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_56.00.jsp", - "refsource" : "CONFIRM", - "url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_56.00.jsp" - }, - { - "name" : "weblogic-urlpattern-obtain-information(15927)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15927" - }, - { - "name" : "10184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in \"*\" as wildcards as if they were the legal \"/*\" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10184" + }, + { + "name": "VU#184558", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/184558" + }, + { + "name": "weblogic-urlpattern-obtain-information(15927)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15927" + }, + { + "name": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_56.00.jsp", + "refsource": "CONFIRM", + "url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_56.00.jsp" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0975.json b/2004/0xxx/CVE-2004-0975.json index 0f87fb58162..b86b96fb8f5 100644 --- a/2004/0xxx/CVE-2004-0975.json +++ b/2004/0xxx/CVE-2004-0975.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-603", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-603" - }, - { - "name" : "GLSA-200411-15", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml" - }, - { - "name" : "RHSA-2005:476", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-476.html" - }, - { - "name" : "2004-0050", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2004/0050" - }, - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302" - }, - { - "name" : "11293", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11293" - }, - { - "name" : "oval:org.mitre.oval:def:164", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164" - }, - { - "name" : "oval:org.mitre.oval:def:10621", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621" - }, - { - "name" : "12973", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12973" - }, - { - "name" : "script-temporary-file-overwrite(17583)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200411-15", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302" + }, + { + "name": "script-temporary-file-overwrite(17583)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583" + }, + { + "name": "2004-0050", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2004/0050" + }, + { + "name": "oval:org.mitre.oval:def:164", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164" + }, + { + "name": "DSA-603", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-603" + }, + { + "name": "RHSA-2005:476", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-476.html" + }, + { + "name": "11293", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11293" + }, + { + "name": "oval:org.mitre.oval:def:10621", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621" + }, + { + "name": "12973", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12973" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1076.json b/2004/1xxx/CVE-2004-1076.json index 47812c58397..2eac1f26de6 100644 --- a/2004/1xxx/CVE-2004-1076.json +++ b/2004/1xxx/CVE-2004-1076.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the RtConfigLoad function in rt-config.c for Atari800 before 1.3.4 allow local users to execute arbitrary code via large values in the configuration file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041125 Atari800 - local root.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110142899319841&w=2" - }, - { - "name" : "20041126 Re: Atari800 - local root. (fwd)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110149441815270&w=2" - }, - { - "name" : "DSA-609", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-609" - }, - { - "name" : "http://cvs.sourceforge.net/viewcvs.py/atari800/atari800/DOC/ChangeLog?view=markup", - "refsource" : "CONFIRM", - "url" : "http://cvs.sourceforge.net/viewcvs.py/atari800/atari800/DOC/ChangeLog?view=markup" - }, - { - "name" : "11756", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11756" - }, - { - "name" : "12610", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/12610" - }, - { - "name" : "13670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13670/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the RtConfigLoad function in rt-config.c for Atari800 before 1.3.4 allow local users to execute arbitrary code via large values in the configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13670/" + }, + { + "name": "20041126 Re: Atari800 - local root. (fwd)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110149441815270&w=2" + }, + { + "name": "DSA-609", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-609" + }, + { + "name": "12610", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/12610" + }, + { + "name": "http://cvs.sourceforge.net/viewcvs.py/atari800/atari800/DOC/ChangeLog?view=markup", + "refsource": "CONFIRM", + "url": "http://cvs.sourceforge.net/viewcvs.py/atari800/atari800/DOC/ChangeLog?view=markup" + }, + { + "name": "11756", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11756" + }, + { + "name": "20041125 Atari800 - local root.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110142899319841&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1212.json b/2004/1xxx/CVE-2004-1212.json index 505463351c1..b686e26a3a7 100644 --- a/2004/1xxx/CVE-2004-1212.json +++ b/2004/1xxx/CVE-2004-1212.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in btdownload.php in Blog Torrent preview 0.8 allows remote attackers to download arbitrary files via a .. (dot dot) in the file argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041202 Blog Torrent preview 0.8 - arbitary file download", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110200971917165&w=2" - }, - { - "name" : "http://cvs.sourceforge.net/viewcvs.py/battletorrent/btorrent_server/btdownload.php?r1=1.6&r2=1.7", - "refsource" : "CONFIRM", - "url" : "http://cvs.sourceforge.net/viewcvs.py/battletorrent/btorrent_server/btdownload.php?r1=1.6&r2=1.7" - }, - { - "name" : "11795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11795" - }, - { - "name" : "blogtorrent-btdownloadphp-dir-traversal(18356)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18356" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in btdownload.php in Blog Torrent preview 0.8 allows remote attackers to download arbitrary files via a .. (dot dot) in the file argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11795" + }, + { + "name": "blogtorrent-btdownloadphp-dir-traversal(18356)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18356" + }, + { + "name": "20041202 Blog Torrent preview 0.8 - arbitary file download", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110200971917165&w=2" + }, + { + "name": "http://cvs.sourceforge.net/viewcvs.py/battletorrent/btorrent_server/btdownload.php?r1=1.6&r2=1.7", + "refsource": "CONFIRM", + "url": "http://cvs.sourceforge.net/viewcvs.py/battletorrent/btorrent_server/btdownload.php?r1=1.6&r2=1.7" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1289.json b/2004/1xxx/CVE-2004-1289.json index 9623b40820c..12e3abd08d7 100644 --- a/2004/1xxx/CVE-2004-1289.json +++ b/2004/1xxx/CVE-2004-1289.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in (1) the getline function in pcalutil.c and (2) the get_holiday function in readfile.c for pcal 4.7.1 allow remote attackers to execute arbitrary code via a crafted calendar file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tigger.uic.edu/~jlongs2/holes/pcal.txt", - "refsource" : "MISC", - "url" : "http://tigger.uic.edu/~jlongs2/holes/pcal.txt" - }, - { - "name" : "pcal-getline-pcalutil-bo(18552)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in (1) the getline function in pcalutil.c and (2) the get_holiday function in readfile.c for pcal 4.7.1 allow remote attackers to execute arbitrary code via a crafted calendar file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tigger.uic.edu/~jlongs2/holes/pcal.txt", + "refsource": "MISC", + "url": "http://tigger.uic.edu/~jlongs2/holes/pcal.txt" + }, + { + "name": "pcal-getline-pcalutil-bo(18552)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18552" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1391.json b/2004/1xxx/CVE-2004-1391.json index 17daa719860..ecb5990d4e1 100644 --- a/2004/1xxx/CVE-2004-1391.json +++ b/2004/1xxx/CVE-2004-1391.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious mount program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040903 [RLSA_01-2004] QNX PPPoEd local root vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0155.html" - }, - { - "name" : "http://www.rfdslabs.com.br/qnx-advs-01-2004.txt", - "refsource" : "MISC", - "url" : "http://www.rfdslabs.com.br/qnx-advs-01-2004.txt" - }, - { - "name" : "VU#577566", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/577566" - }, - { - "name" : "11105", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11105" - }, - { - "name" : "9661", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/9661" - }, - { - "name" : "qnx-rtp-mount-command-execute(17284)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious mount program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.rfdslabs.com.br/qnx-advs-01-2004.txt", + "refsource": "MISC", + "url": "http://www.rfdslabs.com.br/qnx-advs-01-2004.txt" + }, + { + "name": "11105", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11105" + }, + { + "name": "9661", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/9661" + }, + { + "name": "qnx-rtp-mount-command-execute(17284)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17284" + }, + { + "name": "20040903 [RLSA_01-2004] QNX PPPoEd local root vulnerabilities", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0155.html" + }, + { + "name": "VU#577566", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/577566" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1586.json b/2004/1xxx/CVE-2004-1586.json index 744df817859..779156296f3 100644 --- a/2004/1xxx/CVE-2004-1586.json +++ b/2004/1xxx/CVE-2004-1586.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Flash Messaging clients can ignore disconnecting commands such as \"shutdown\" from the Flash Messaging Server 5.2.0g (rev 1.1.2), which could allow remote attackers to stay connected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041007 Server crash in Flash Messaging 5.2.0g", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109716787607302&w=2" - }, - { - "name" : "1011569", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011569" - }, - { - "name" : "12759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12759/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Flash Messaging clients can ignore disconnecting commands such as \"shutdown\" from the Flash Messaging Server 5.2.0g (rev 1.1.2), which could allow remote attackers to stay connected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041007 Server crash in Flash Messaging 5.2.0g", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109716787607302&w=2" + }, + { + "name": "1011569", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011569" + }, + { + "name": "12759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12759/" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1865.json b/2004/1xxx/CVE-2004-1865.json index 24cbc5f29a9..42f41fded09 100644 --- a/2004/1xxx/CVE-2004-1865.json +++ b/2004/1xxx/CVE-2004-1865.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other means, e.g. through Smarty templates, then this issue would not give any additional privileges, and thus would not be considered a vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040326 bblog 0.7.2 cross site scripting", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108034226717745&w=2" - }, - { - "name" : "13397", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13397" - }, - { - "name" : "10510", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10510" - }, - { - "name" : "1009564", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009564" - }, - { - "name" : "bblog-name-xss(15635)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15635" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other means, e.g. through Smarty templates, then this issue would not give any additional privileges, and thus would not be considered a vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bblog-name-xss(15635)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15635" + }, + { + "name": "1009564", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009564" + }, + { + "name": "10510", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10510" + }, + { + "name": "13397", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13397" + }, + { + "name": "20040326 bblog 0.7.2 cross site scripting", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108034226717745&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2024.json b/2008/2xxx/CVE-2008-2024.json index 00543c12059..ecd05d01d70 100644 --- a/2008/2xxx/CVE-2008-2024.json +++ b/2008/2xxx/CVE-2008-2024.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2024", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the glang[] parameter in a registernew action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5494", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5494" - }, - { - "name" : "http://www.minibb.net/forums/9_5110_0.html", - "refsource" : "MISC", - "url" : "http://www.minibb.net/forums/9_5110_0.html" - }, - { - "name" : "28930", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28930" - }, - { - "name" : "29997", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29997" - }, - { - "name" : "minibb-glang-xss(42013)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the glang[] parameter in a registernew action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28930", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28930" + }, + { + "name": "29997", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29997" + }, + { + "name": "5494", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5494" + }, + { + "name": "minibb-glang-xss(42013)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42013" + }, + { + "name": "http://www.minibb.net/forums/9_5110_0.html", + "refsource": "MISC", + "url": "http://www.minibb.net/forums/9_5110_0.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2625.json b/2008/2xxx/CVE-2008-2625.json index 832fa24c91c..ade6df7d259 100644 --- a/2008/2xxx/CVE-2008-2625.json +++ b/2008/2xxx/CVE-2008-2625.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue involves an authentication bypass by establishing a TNS connection and impersonating a user session via a crafted authentication message during proxy authentication mode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081019 CVE-2008-2625: Oracle DBMS ? Proxy Authentication Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497539/100/0/threaded" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html" - }, - { - "name" : "ADV-2008-2825", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2825" - }, - { - "name" : "1021050", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021050" - }, - { - "name" : "32291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32291" - }, - { - "name" : "oracle-db-corerdbms-unauth-access(45880)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue involves an authentication bypass by establishing a TNS connection and impersonating a user session via a crafted authentication message during proxy authentication mode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20081019 CVE-2008-2625: Oracle DBMS ? Proxy Authentication Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497539/100/0/threaded" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html" + }, + { + "name": "oracle-db-corerdbms-unauth-access(45880)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45880" + }, + { + "name": "32291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32291" + }, + { + "name": "1021050", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021050" + }, + { + "name": "ADV-2008-2825", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2825" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3010.json b/2008/3xxx/CVE-2008-3010.json index 0fa1e30e6f5..eebae2f0888 100644 --- a/2008/3xxx/CVE-2008-3010.json +++ b/2008/3xxx/CVE-2008-3010.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka \"ISATAP Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-3010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS08-076", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-076" - }, - { - "name" : "TA08-344A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-344A.html" - }, - { - "name" : "32654", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32654" - }, - { - "name" : "oval:org.mitre.oval:def:5689", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5689" - }, - { - "name" : "33058", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33058" - }, - { - "name" : "ADV-2008-3388", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3388" - }, - { - "name" : "1021374", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021374" - }, - { - "name" : "1021375", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka \"ISATAP Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1021374", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021374" + }, + { + "name": "oval:org.mitre.oval:def:5689", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5689" + }, + { + "name": "TA08-344A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html" + }, + { + "name": "1021375", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021375" + }, + { + "name": "33058", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33058" + }, + { + "name": "ADV-2008-3388", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3388" + }, + { + "name": "32654", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32654" + }, + { + "name": "MS08-076", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-076" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3734.json b/2008/3xxx/CVE-2008-3734.json index 6f2da8bbcc7..194ef6c2251 100644 --- a/2008/3xxx/CVE-2008-3734.json +++ b/2008/3xxx/CVE-2008-3734.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6257", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6257" - }, - { - "name" : "30720", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30720" - }, - { - "name" : "1020713", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020713" - }, - { - "name" : "1020714", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020714" - }, - { - "name" : "31504", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31504" - }, - { - "name" : "4173", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4173" - }, - { - "name" : "wsftp-response-format-string(44512)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44512" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6257", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6257" + }, + { + "name": "1020713", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020713" + }, + { + "name": "4173", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4173" + }, + { + "name": "wsftp-response-format-string(44512)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44512" + }, + { + "name": "1020714", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020714" + }, + { + "name": "30720", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30720" + }, + { + "name": "31504", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31504" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3800.json b/2008/3xxx/CVE-2008-3800.json index 7299cd7ebae..82fe3726dd7 100644 --- a/2008/3xxx/CVE-2008-3800.json +++ b/2008/3xxx/CVE-2008-3800.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2008-3800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml" - }, - { - "name" : "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml" - }, - { - "name" : "31367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31367" - }, - { - "name" : "oval:org.mitre.oval:def:6086", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086" - }, - { - "name" : "1020942", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020942" - }, - { - "name" : "1020939", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020939" - }, - { - "name" : "ADV-2008-2670", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2670" - }, - { - "name" : "ADV-2008-2671", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2671" - }, - { - "name" : "31990", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31990" - }, - { - "name" : "32013", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31990", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31990" + }, + { + "name": "31367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31367" + }, + { + "name": "oval:org.mitre.oval:def:6086", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086" + }, + { + "name": "32013", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32013" + }, + { + "name": "ADV-2008-2670", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2670" + }, + { + "name": "ADV-2008-2671", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2671" + }, + { + "name": "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml" + }, + { + "name": "1020942", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020942" + }, + { + "name": "1020939", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020939" + }, + { + "name": "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3971.json b/2008/3xxx/CVE-2008-3971.json index c03b04f7090..710f93654f2 100644 --- a/2008/3xxx/CVE-2008-3971.json +++ b/2008/3xxx/CVE-2008-3971.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the open_man_file function in callbacks.c in gmanedit 0.4.1 allows remote attackers to execute arbitrary code via a crafted man page, which is not properly handled during utf8 conversion. NOTE: another overflow was reported using a configuration file, but that vector does not have a scenario that crosses privilege boundaries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080906 CVE id requests: gmanedit", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/06/2" - }, - { - "name" : "[oss-security] 20080909 Re: CVE id requests: gmanedit", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/09/13" - }, - { - "name" : "[oss-security] 20080909 Re: CVE id requests: gmanedit", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/09/19" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497835", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497835" - }, - { - "name" : "31040", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31040" - }, - { - "name" : "gmanedit-readconffromfile-bo(44962)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44962" - }, - { - "name" : "gmanedit-glocaletoutf8-bo(44963)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44963" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the open_man_file function in callbacks.c in gmanedit 0.4.1 allows remote attackers to execute arbitrary code via a crafted man page, which is not properly handled during utf8 conversion. NOTE: another overflow was reported using a configuration file, but that vector does not have a scenario that crosses privilege boundaries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20080906 CVE id requests: gmanedit", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/06/2" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497835", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497835" + }, + { + "name": "[oss-security] 20080909 Re: CVE id requests: gmanedit", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/09/19" + }, + { + "name": "gmanedit-glocaletoutf8-bo(44963)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44963" + }, + { + "name": "gmanedit-readconffromfile-bo(44962)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44962" + }, + { + "name": "[oss-security] 20080909 Re: CVE id requests: gmanedit", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/09/13" + }, + { + "name": "31040", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31040" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6118.json b/2008/6xxx/CVE-2008-6118.json index 4fad3732071..7f1f0455f30 100644 --- a/2008/6xxx/CVE-2008-6118.json +++ b/2008/6xxx/CVE-2008-6118.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7205", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7205" - }, - { - "name" : "32437", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32437" - }, - { - "name" : "32819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32819" - }, - { - "name" : "ADV-2008-3235", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3235" - }, - { - "name" : "gooplecms-upload-security-bypass(46799)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46799" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-3235", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3235" + }, + { + "name": "gooplecms-upload-security-bypass(46799)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46799" + }, + { + "name": "32819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32819" + }, + { + "name": "32437", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32437" + }, + { + "name": "7205", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7205" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6430.json b/2008/6xxx/CVE-2008-6430.json index 283e1abbb8e..6fd71456698 100644 --- a/2008/6xxx/CVE-2008-6430.json +++ b/2008/6xxx/CVE-2008-6430.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5714", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5714" - }, - { - "name" : "29468", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29468" - }, - { - "name" : "45852", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45852" - }, - { - "name" : "30490", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30490" - }, - { - "name" : "mycontent-index-sql-injection(42783)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30490", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30490" + }, + { + "name": "5714", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5714" + }, + { + "name": "29468", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29468" + }, + { + "name": "mycontent-index-sql-injection(42783)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42783" + }, + { + "name": "45852", + "refsource": "OSVDB", + "url": "http://osvdb.org/45852" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6640.json b/2008/6xxx/CVE-2008-6640.json index 37ec0cf8b47..c4d502d01ad 100644 --- a/2008/6xxx/CVE-2008-6640.json +++ b/2008/6xxx/CVE-2008-6640.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) uyeadmin.asp and (2) profil.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/bid/29057/exploit", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/bid/29057/exploit" - }, - { - "name" : "29057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29057" - }, - { - "name" : "batmanportal-id-sql-injection(42231)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) uyeadmin.asp and (2) profil.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "batmanportal-id-sql-injection(42231)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42231" + }, + { + "name": "http://www.securityfocus.com/bid/29057/exploit", + "refsource": "MISC", + "url": "http://www.securityfocus.com/bid/29057/exploit" + }, + { + "name": "29057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29057" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6653.json b/2008/6xxx/CVE-2008-6653.json index 41556022ff9..d3678e824af 100644 --- a/2008/6xxx/CVE-2008-6653.json +++ b/2008/6xxx/CVE-2008-6653.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5527", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5527" - }, - { - "name" : "http://forum.wh-com.de/index.php?topic=497.0", - "refsource" : "CONFIRM", - "url" : "http://forum.wh-com.de/index.php?topic=497.0" - }, - { - "name" : "29000", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29000" - }, - { - "name" : "50423", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50423" - }, - { - "name" : "webhosting-catid-sql-injection(42124)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50423", + "refsource": "OSVDB", + "url": "http://osvdb.org/50423" + }, + { + "name": "5527", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5527" + }, + { + "name": "29000", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29000" + }, + { + "name": "http://forum.wh-com.de/index.php?topic=497.0", + "refsource": "CONFIRM", + "url": "http://forum.wh-com.de/index.php?topic=497.0" + }, + { + "name": "webhosting-catid-sql-injection(42124)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42124" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6874.json b/2008/6xxx/CVE-2008-6874.json index 2b903c50999..463cd24178e 100644 --- a/2008/6xxx/CVE-2008-6874.json +++ b/2008/6xxx/CVE-2008-6874.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in ASP SiteWare autoDealer 1 and 2 allow remote attackers to execute arbitrary SQL commands via the iType parameter in (1) Auto1/type.asp or (2) auto2/type.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7463", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7463" - }, - { - "name" : "32812", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32812" - }, - { - "name" : "23572", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/23572" - }, - { - "name" : "autodealer-type-sql-injection(47365)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in ASP SiteWare autoDealer 1 and 2 allow remote attackers to execute arbitrary SQL commands via the iType parameter in (1) Auto1/type.asp or (2) auto2/type.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "autodealer-type-sql-injection(47365)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47365" + }, + { + "name": "7463", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7463" + }, + { + "name": "23572", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/23572" + }, + { + "name": "32812", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32812" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2223.json b/2013/2xxx/CVE-2013-2223.json index d649eefa25f..a60e2f30ad4 100644 --- a/2013/2xxx/CVE-2013-2223.json +++ b/2013/2xxx/CVE-2013-2223.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information (uninitialized heap memory) or cause a denial of service (out-of-bounds read) via a crafted packet, as demonstrated by a truncated Ping packet that is not properly handled by the getEpHash function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130630 Re: CVE request: Multiple issues in GNU ZRTPCPP", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q2/638" - }, - { - "name" : "http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html", - "refsource" : "MISC", - "url" : "http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html" - }, - { - "name" : "https://github.com/wernerd/ZRTPCPP/commit/4654f330317c9948bb61d138eb24d49690ca4637", - "refsource" : "CONFIRM", - "url" : "https://github.com/wernerd/ZRTPCPP/commit/4654f330317c9948bb61d138eb24d49690ca4637" - }, - { - "name" : "GLSA-201309-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201309-13.xml" - }, - { - "name" : "openSUSE-SU-2013:1599", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00052.html" - }, - { - "name" : "openSUSE-SU-2013:1600", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00053.html" - }, - { - "name" : "53818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53818" - }, - { - "name" : "54998", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54998" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information (uninitialized heap memory) or cause a denial of service (out-of-bounds read) via a crafted packet, as demonstrated by a truncated Ping packet that is not properly handled by the getEpHash function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:1600", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00053.html" + }, + { + "name": "https://github.com/wernerd/ZRTPCPP/commit/4654f330317c9948bb61d138eb24d49690ca4637", + "refsource": "CONFIRM", + "url": "https://github.com/wernerd/ZRTPCPP/commit/4654f330317c9948bb61d138eb24d49690ca4637" + }, + { + "name": "http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html", + "refsource": "MISC", + "url": "http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html" + }, + { + "name": "54998", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54998" + }, + { + "name": "openSUSE-SU-2013:1599", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00052.html" + }, + { + "name": "GLSA-201309-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201309-13.xml" + }, + { + "name": "[oss-security] 20130630 Re: CVE request: Multiple issues in GNU ZRTPCPP", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q2/638" + }, + { + "name": "53818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53818" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2252.json b/2013/2xxx/CVE-2013-2252.json index c7af709eb72..89c77545374 100644 --- a/2013/2xxx/CVE-2013-2252.json +++ b/2013/2xxx/CVE-2013-2252.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2252", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2252", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2834.json b/2013/2xxx/CVE-2013-2834.json index 7a69cdae69f..95f00ae1498 100644 --- a/2013/2xxx/CVE-2013-2834.json +++ b/2013/2xxx/CVE-2013-2834.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2835." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.chromium.org/gitweb/?p=chromiumos/overlays/chromiumos-overlay.git;a=commit;h=9181705680e1f53fd1e895ebe84c1b7f18c5c380", - "refsource" : "CONFIRM", - "url" : "http://git.chromium.org/gitweb/?p=chromiumos/overlays/chromiumos-overlay.git;a=commit;h=9181705680e1f53fd1e895ebe84c1b7f18c5c380" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2013/04/stable-channel-update-for-chrome-os.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/04/stable-channel-update-for-chrome-os.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=227158", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=227158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2835." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=227158", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=227158" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/04/stable-channel-update-for-chrome-os.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/04/stable-channel-update-for-chrome-os.html" + }, + { + "name": "http://git.chromium.org/gitweb/?p=chromiumos/overlays/chromiumos-overlay.git;a=commit;h=9181705680e1f53fd1e895ebe84c1b7f18c5c380", + "refsource": "CONFIRM", + "url": "http://git.chromium.org/gitweb/?p=chromiumos/overlays/chromiumos-overlay.git;a=commit;h=9181705680e1f53fd1e895ebe84c1b7f18c5c380" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2982.json b/2013/2xxx/CVE-2013-2982.json index 2c5bdf0ad7d..673a50ddbb3 100644 --- a/2013/2xxx/CVE-2013-2982.json +++ b/2013/2xxx/CVE-2013-2982.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to upload arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-2982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640830", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640830" - }, - { - "name" : "sterling-b2b-cve20132982-upload(83997)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83997" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to upload arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sterling-b2b-cve20132982-upload(83997)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83997" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21640830", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640830" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11257.json b/2017/11xxx/CVE-2017-11257.json index d953b810882..47b837bd071 100644 --- a/2017/11xxx/CVE-2017-11257.json +++ b/2017/11xxx/CVE-2017-11257.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-11257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Acrobat Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2017.009.20058 and earlier" - }, - { - "version_value" : "2017.008.30051 and earlier" - }, - { - "version_value" : "2015.006.30306 and earlier" - }, - { - "version_value" : "11.0.20 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe Systems Incorporated" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Type Confusion" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-11257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_value": "2017.009.20058 and earlier" + }, + { + "version_value": "2017.008.30051 and earlier" + }, + { + "version_value": "2015.006.30306 and earlier" + }, + { + "version_value": "11.0.20 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Adobe Systems Incorporated" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" - }, - { - "name" : "100181", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100181" - }, - { - "name" : "1039098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" + }, + { + "name": "100181", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100181" + }, + { + "name": "1039098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039098" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14091.json b/2017/14xxx/CVE-2017-14091.json index 09fa0fe7916..da1fa59ee9f 100644 --- a/2017/14xxx/CVE-2017-14091.json +++ b/2017/14xxx/CVE-2017-14091.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2017-14091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro ScanMail for Exchange", - "version" : { - "version_data" : [ - { - "version_value" : "12.0" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insecure Permissions" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2017-14091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro ScanMail for Exchange", + "version": { + "version_data": [ + { + "version_value": "12.0" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities" - }, - { - "name" : "https://success.trendmicro.com/solution/1118486", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1118486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Permissions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://success.trendmicro.com/solution/1118486", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1118486" + }, + { + "name": "https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14469.json b/2017/14xxx/CVE-2017-14469.json index d7924989435..e3f43ff8681 100644 --- a/2017/14xxx/CVE-2017-14469.json +++ b/2017/14xxx/CVE-2017-14469.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-03-28T00:00:00", - "ID" : "CVE-2017-14469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Allen Bradley", - "version" : { - "version_data" : [ - { - "version_value" : "Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0028 Fault Type: Non-User Description: Values 0x01 and 0x02 are invalid values for the user fault routine. By writing directly to the file it is possible to set these values. When this is done and the device is moved into a run state, a fault is triggered. NOTE: This is not possible through RSLogix." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-03-28T00:00:00", + "ID": "CVE-2017-14469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Allen Bradley", + "version": { + "version_data": [ + { + "version_value": "Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0028 Fault Type: Non-User Description: Values 0x01 and 0x02 are invalid values for the user fault routine. By writing directly to the file it is possible to set these values. When this is done and the device is moved into a run state, a fault is triggered. NOTE: This is not possible through RSLogix." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15167.json b/2017/15xxx/CVE-2017-15167.json index fee5c9b6559..b2198cbf60a 100644 --- a/2017/15xxx/CVE-2017-15167.json +++ b/2017/15xxx/CVE-2017-15167.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15167", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15167", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15845.json b/2017/15xxx/CVE-2017-15845.json index 8d0910de82c..d3cc324a2bb 100644 --- a/2017/15xxx/CVE-2017-15845.json +++ b/2017/15xxx/CVE-2017-15845.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-01-02T00:00:00", - "ID" : "CVE-2017-15845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an invalid input of firmware size (negative value) from user space can potentially lead to the memory leak or buffer overflow during the WLAN cal data store operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer Underflow in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-01-02T00:00:00", + "ID": "CVE-2017-15845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an invalid input of firmware size (negative value) from user space can potentially lead to the memory leak or buffer overflow during the WLAN cal data store operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Underflow in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8331.json b/2017/8xxx/CVE-2017-8331.json index ec0361acd87..818371c67bd 100644 --- a/2017/8xxx/CVE-2017-8331.json +++ b/2017/8xxx/CVE-2017-8331.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8331", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8331", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9165.json b/2017/9xxx/CVE-2017-9165.json index 80bc7f6838b..1ff40a667cc 100644 --- a/2017/9xxx/CVE-2017-9165.json +++ b/2017/9xxx/CVE-2017-9165.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:17:11." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:17:11." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9573.json b/2017/9xxx/CVE-2017-9573.json index eb6bc7d7c0b..55f0cf2bc3e 100644 --- a/2017/9xxx/CVE-2017-9573.json +++ b/2017/9xxx/CVE-2017-9573.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9856.json b/2017/9xxx/CVE-2017-9856.json index 8180a74916b..46342552c05 100644 --- a/2017/9xxx/CVE-2017-9856.json +++ b/2017/9xxx/CVE-2017-9856.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are \"encrypted\" using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the device. NOTE: the vendor reports that only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://horusscenario.com/CVE-information/", - "refsource" : "MISC", - "url" : "https://horusscenario.com/CVE-information/" - }, - { - "name" : "http://www.sma.de/en/statement-on-cyber-security.html", - "refsource" : "MISC", - "url" : "http://www.sma.de/en/statement-on-cyber-security.html" - }, - { - "name" : "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf", - "refsource" : "MISC", - "url" : "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are \"encrypted\" using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the device. NOTE: the vendor reports that only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sma.de/en/statement-on-cyber-security.html", + "refsource": "MISC", + "url": "http://www.sma.de/en/statement-on-cyber-security.html" + }, + { + "name": "https://horusscenario.com/CVE-information/", + "refsource": "MISC", + "url": "https://horusscenario.com/CVE-information/" + }, + { + "name": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf", + "refsource": "MISC", + "url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000426.json b/2018/1000xxx/CVE-2018-1000426.json index f3fd60d8d2e..bd43e2350de 100644 --- a/2018/1000xxx/CVE-2018-1000426.json +++ b/2018/1000xxx/CVE-2018-1000426.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-12-28T04:34:37.686723", - "ID" : "CVE-2018-1000426", - "REQUESTER" : "ml@beckweb.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jenkins Git Changelog Plugin", - "version" : { - "version_data" : [ - { - "version_value" : "2.6 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Jenkins project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attackers able to control the Git history parsed by the plugin to have Jenkins render arbitrary HTML on some pages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-12-28T04:34:37.686723", + "ID": "CVE-2018-1000426", + "REQUESTER": "ml@beckweb.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1122", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1122" - }, - { - "name" : "106532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attackers able to control the Git history parsed by the plugin to have Jenkins render arbitrary HTML on some pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106532" + }, + { + "name": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1122", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1122" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12119.json b/2018/12xxx/CVE-2018-12119.json index b9aa5f48a04..fec1b4a8765 100644 --- a/2018/12xxx/CVE-2018-12119.json +++ b/2018/12xxx/CVE-2018-12119.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12119", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12119", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12364.json b/2018/12xxx/CVE-2018-12364.json index 55fca50e1a4..066d4161811 100644 --- a/2018/12xxx/CVE-2018-12364.json +++ b/2018/12xxx/CVE-2018-12364.json @@ -1,188 +1,188 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-12364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60" - }, - { - "version_affected" : "<", - "version_value" : "52.9" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60.1" - }, - { - "version_affected" : "<", - "version_value" : "52.9" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "61" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CSRF attacks through 307 redirects and NPAPI plugins" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-12364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60" + }, + { + "version_affected": "<", + "version_value": "52.9" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60.1" + }, + { + "version_affected": "<", + "version_value": "52.9" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "61" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html" - }, - { - "name" : "[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1436241", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1436241" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-15/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-15/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-16/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-16/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-17/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-17/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-18/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-18/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-19/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-19/" - }, - { - "name" : "DSA-4235", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4235" - }, - { - "name" : "DSA-4244", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4244" - }, - { - "name" : "GLSA-201810-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201810-01" - }, - { - "name" : "GLSA-201811-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-13" - }, - { - "name" : "RHSA-2018:2112", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2112" - }, - { - "name" : "RHSA-2018:2113", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2113" - }, - { - "name" : "RHSA-2018:2251", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2251" - }, - { - "name" : "RHSA-2018:2252", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2252" - }, - { - "name" : "USN-3705-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3705-1/" - }, - { - "name" : "USN-3714-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3714-1/" - }, - { - "name" : "104560", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104560" - }, - { - "name" : "1041193", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CSRF attacks through 307 redirects and NPAPI plugins" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201810-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201810-01" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-15/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-15/" + }, + { + "name": "RHSA-2018:2112", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2112" + }, + { + "name": "GLSA-201811-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-13" + }, + { + "name": "DSA-4235", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4235" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-18/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-18/" + }, + { + "name": "RHSA-2018:2113", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2113" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-16/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-16/" + }, + { + "name": "DSA-4244", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4244" + }, + { + "name": "104560", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104560" + }, + { + "name": "1041193", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041193" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-19/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-19/" + }, + { + "name": "RHSA-2018:2252", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2252" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1436241", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1436241" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-17/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-17/" + }, + { + "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html" + }, + { + "name": "RHSA-2018:2251", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2251" + }, + { + "name": "USN-3705-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3705-1/" + }, + { + "name": "USN-3714-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3714-1/" + }, + { + "name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12579.json b/2018/12xxx/CVE-2018-12579.json index df979eb3f7d..9d4a0d8275c 100644 --- a/2018/12xxx/CVE-2018-12579.json +++ b/2018/12xxx/CVE-2018-12579.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. An attacker could gain access to the admin panel or a customer account when using the password reset function. To do so, it is required to own a domain name similar to the one the victim uses for their e-mail accounts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.oxid-esales.com/view.php?id=6818", - "refsource" : "CONFIRM", - "url" : "https://bugs.oxid-esales.com/view.php?id=6818" - }, - { - "name" : "https://oxidforge.org/en/security-bulletin-2018-002.html", - "refsource" : "CONFIRM", - "url" : "https://oxidforge.org/en/security-bulletin-2018-002.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. An attacker could gain access to the admin panel or a customer account when using the password reset function. To do so, it is required to own a domain name similar to the one the victim uses for their e-mail accounts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.oxid-esales.com/view.php?id=6818", + "refsource": "CONFIRM", + "url": "https://bugs.oxid-esales.com/view.php?id=6818" + }, + { + "name": "https://oxidforge.org/en/security-bulletin-2018-002.html", + "refsource": "CONFIRM", + "url": "https://oxidforge.org/en/security-bulletin-2018-002.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12760.json b/2018/12xxx/CVE-2018-12760.json index bcd450621b1..22ed4e34037 100644 --- a/2018/12xxx/CVE-2018-12760.json +++ b/2018/12xxx/CVE-2018-12760.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds write" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "104701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104701" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + }, + { + "name": "104701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104701" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13254.json b/2018/13xxx/CVE-2018-13254.json index 9e2bb76126a..52da18befd4 100644 --- a/2018/13xxx/CVE-2018-13254.json +++ b/2018/13xxx/CVE-2018-13254.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13254", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13254", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13422.json b/2018/13xxx/CVE-2018-13422.json index ae46327dc6b..522c6681490 100644 --- a/2018/13xxx/CVE-2018-13422.json +++ b/2018/13xxx/CVE-2018-13422.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TCExam before 14.1.2 has XSS via an ff_ or xl_ field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/tecnickcom/tcexam/pull/223", - "refsource" : "MISC", - "url" : "https://github.com/tecnickcom/tcexam/pull/223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TCExam before 14.1.2 has XSS via an ff_ or xl_ field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tecnickcom/tcexam/pull/223", + "refsource": "MISC", + "url": "https://github.com/tecnickcom/tcexam/pull/223" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16098.json b/2018/16xxx/CVE-2018-16098.json index 8f3fd76abfd..c73e73f2f22 100644 --- a/2018/16xxx/CVE-2018-16098.json +++ b/2018/16xxx/CVE-2018-16098.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "DATE_PUBLIC" : "2019-01-10T00:00:00", - "ID" : "CVE-2018-16098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Various ThinkPad products", - "version" : { - "version_data" : [ - { - "version_value" : "Various" - } - ] - } - } - ] - }, - "vendor_name" : "Lenovo Group Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Code execution" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2019-01-10T00:00:00", + "ID": "CVE-2018-16098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Various ThinkPad products", + "version": { + "version_data": [ + { + "version_value": "Various" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo Group Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/solutions/LEN-24573", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/solutions/LEN-24573" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/solutions/LEN-24573", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/solutions/LEN-24573" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16111.json b/2018/16xxx/CVE-2018-16111.json index c9c1e2e69a5..af8ff160ac7 100644 --- a/2018/16xxx/CVE-2018-16111.json +++ b/2018/16xxx/CVE-2018-16111.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16111", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-16111", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16164.json b/2018/16xxx/CVE-2018-16164.json index a0294fc0efc..eec7e03134c 100644 --- a/2018/16xxx/CVE-2018-16164.json +++ b/2018/16xxx/CVE-2018-16164.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-16164", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Event Calendar WD version", - "version" : { - "version_data" : [ - { - "version_value" : "1.1.21 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Web-Dorado" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16164", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Event Calendar WD version", + "version": { + "version_data": [ + { + "version_value": "1.1.21 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Web-Dorado" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://plugins.trac.wordpress.org/changeset/1961423/", - "refsource" : "MISC", - "url" : "https://plugins.trac.wordpress.org/changeset/1961423/" - }, - { - "name" : "https://wordpress.org/plugins/event-calendar-wd/#developers", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/event-calendar-wd/#developers" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/9199", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/9199" - }, - { - "name" : "JVN#75738023", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN75738023/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#75738023", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN75738023/index.html" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/9199", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/9199" + }, + { + "name": "https://plugins.trac.wordpress.org/changeset/1961423/", + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/changeset/1961423/" + }, + { + "name": "https://wordpress.org/plugins/event-calendar-wd/#developers", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/event-calendar-wd/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16437.json b/2018/16xxx/CVE-2018-16437.json index 9544d8c1f23..2a21dd418ef 100644 --- a/2018/16xxx/CVE-2018-16437.json +++ b/2018/16xxx/CVE-2018-16437.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ttk7.cn/post-78.html", - "refsource" : "MISC", - "url" : "http://www.ttk7.cn/post-78.html" - }, - { - "name" : "http://bbs.gxlcms.com/forum.php?mod=viewthread&tid=787&extra=page%3D1", - "refsource" : "CONFIRM", - "url" : "http://bbs.gxlcms.com/forum.php?mod=viewthread&tid=787&extra=page%3D1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bbs.gxlcms.com/forum.php?mod=viewthread&tid=787&extra=page%3D1", + "refsource": "CONFIRM", + "url": "http://bbs.gxlcms.com/forum.php?mod=viewthread&tid=787&extra=page%3D1" + }, + { + "name": "http://www.ttk7.cn/post-78.html", + "refsource": "MISC", + "url": "http://www.ttk7.cn/post-78.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4067.json b/2018/4xxx/CVE-2018-4067.json index 0bf8a261f59..985c5e1c108 100644 --- a/2018/4xxx/CVE-2018-4067.json +++ b/2018/4xxx/CVE-2018-4067.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4067", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4067", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4730.json b/2018/4xxx/CVE-2018-4730.json index 91cc423f96a..cd4199990cd 100644 --- a/2018/4xxx/CVE-2018-4730.json +++ b/2018/4xxx/CVE-2018-4730.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4730", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4730", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4824.json b/2018/4xxx/CVE-2018-4824.json index e068e53e331..91ff16dba24 100644 --- a/2018/4xxx/CVE-2018-4824.json +++ b/2018/4xxx/CVE-2018-4824.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4824", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4824", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4875.json b/2018/4xxx/CVE-2018-4875.json index 198385dd87f..2ca479e1a42 100644 --- a/2018/4xxx/CVE-2018-4875.json +++ b/2018/4xxx/CVE-2018-4875.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4875", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Experience Manager 6.1, 6.0", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Experience Manager 6.1, 6.0" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a reflected cross-site scripting vulnerability related to the handling of malicious content embedded in image files uploaded to the DAM." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Reflected cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4875", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager 6.1, 6.0", + "version": { + "version_data": [ + { + "version_value": "Adobe Experience Manager 6.1, 6.0" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-04.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-04.html" - }, - { - "name" : "102991", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102991" - }, - { - "name" : "1040365", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040365" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a reflected cross-site scripting vulnerability related to the handling of malicious content embedded in image files uploaded to the DAM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102991", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102991" + }, + { + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb18-04.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb18-04.html" + }, + { + "name": "1040365", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040365" + } + ] + } +} \ No newline at end of file