diff --git a/2004/0xxx/CVE-2004-0463.json b/2004/0xxx/CVE-2004-0463.json index ab3adb14fff..ad6c405099c 100644 --- a/2004/0xxx/CVE-2004-0463.json +++ b/2004/0xxx/CVE-2004-0463.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0463", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2004-0463", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0937.json b/2004/0xxx/CVE-2004-0937.json index d4575ab6ef2..da20ff00b16 100644 --- a/2004/0xxx/CVE-2004-0937.json +++ b/2004/0xxx/CVE-2004-0937.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041018 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true" - }, - { - "name" : "VU#968818", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/968818" - }, - { - "name" : "11448", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11448" - }, - { - "name" : "antivirus-zip-protection-bypass(17761)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17761" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "antivirus-zip-protection-bypass(17761)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17761" + }, + { + "name": "VU#968818", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/968818" + }, + { + "name": "11448", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11448" + }, + { + "name": "20041018 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1441.json b/2004/1xxx/CVE-2004-1441.json index 7e0856dbd97..ec4e85fb44b 100644 --- a/2004/1xxx/CVE-2004-1441.json +++ b/2004/1xxx/CVE-2004-1441.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power 2.04PF allows remote attackers to inject arbitrary web script or HTML via the action parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040715 XSS in Board Power forum", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0642.html" - }, - { - "name" : "VU#744590", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/744590" - }, - { - "name" : "10734", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10734" - }, - { - "name" : "boardpower-icq-xss(16698)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power 2.04PF allows remote attackers to inject arbitrary web script or HTML via the action parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040715 XSS in Board Power forum", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0642.html" + }, + { + "name": "10734", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10734" + }, + { + "name": "boardpower-icq-xss(16698)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16698" + }, + { + "name": "VU#744590", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/744590" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1804.json b/2004/1xxx/CVE-2004-1804.json index 14195ec22db..c504fdfff30 100644 --- a/2004/1xxx/CVE-2004-1804.json +++ b/2004/1xxx/CVE-2004-1804.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wMCam server 2.1.348 allows remote attackers to cause a denial of service (no new connections) via multiple malformed HTTP requests without the GET command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040310 DoS in wMCam server 2.1.348", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107894337524376&w=2" - }, - { - "name" : "9839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9839" - }, - { - "name" : "wmcam-multiple-connections-dos(15431)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wMCam server 2.1.348 allows remote attackers to cause a denial of service (no new connections) via multiple malformed HTTP requests without the GET command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wmcam-multiple-connections-dos(15431)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15431" + }, + { + "name": "9839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9839" + }, + { + "name": "20040310 DoS in wMCam server 2.1.348", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107894337524376&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1825.json b/2004/1xxx/CVE-2004-1825.json index 5c57f3d050e..60b17c55de7 100644 --- a/2004/1xxx/CVE-2004-1825.json +++ b/2004/1xxx/CVE-2004-1825.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1825", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_change_template parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1825", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040316 Mambo Open Source Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107945576020593&w=2" - }, - { - "name" : "9890", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9890" - }, - { - "name" : "4665", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4665" - }, - { - "name" : "4308", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4308" - }, - { - "name" : "11140", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11140" - }, - { - "name" : "mambo-return-moschangetemplate-xss(15499)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_change_template parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9890", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9890" + }, + { + "name": "mambo-return-moschangetemplate-xss(15499)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15499" + }, + { + "name": "11140", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11140" + }, + { + "name": "4308", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4308" + }, + { + "name": "20040316 Mambo Open Source Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107945576020593&w=2" + }, + { + "name": "4665", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4665" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3040.json b/2008/3xxx/CVE-2008-3040.json index 903327ed13e..e2b63ea2a23 100644 --- a/2008/3xxx/CVE-2008-3040.json +++ b/2008/3xxx/CVE-2008-3040.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080701-1/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080701-1/" - }, - { - "name" : "30054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30054" - }, - { - "name" : "damfrontend-info-disclosure(43478)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20080701-1/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080701-1/" + }, + { + "name": "30054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30054" + }, + { + "name": "damfrontend-info-disclosure(43478)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43478" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3065.json b/2008/3xxx/CVE-2008-3065.json index 8b5a81d0162..0c411ab2bda 100644 --- a/2008/3xxx/CVE-2008-3065.json +++ b/2008/3xxx/CVE-2008-3065.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3065", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3065", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3267.json b/2008/3xxx/CVE-2008-3267.json index 0ca7eaef24f..cf92e10f360 100644 --- a/2008/3xxx/CVE-2008-3267.json +++ b/2008/3xxx/CVE-2008-3267.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote attackers to execute arbitrary SQL commands via the cat_a parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6110", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6110" - }, - { - "name" : "ADV-2008-2158", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2158/references" - }, - { - "name" : "31164", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31164" - }, - { - "name" : "4029", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4029" - }, - { - "name" : "mojojobs-mojojobs-sql-injection(43933)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote attackers to execute arbitrary SQL commands via the cat_a parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mojojobs-mojojobs-sql-injection(43933)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43933" + }, + { + "name": "6110", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6110" + }, + { + "name": "31164", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31164" + }, + { + "name": "ADV-2008-2158", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2158/references" + }, + { + "name": "4029", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4029" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3855.json b/2008/3xxx/CVE-2008-3855.json index d35f9ea2fba..5c04c981521 100644 --- a/2008/3xxx/CVE-2008-3855.json +++ b/2008/3xxx/CVE-2008-3855.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows local users to gain privileges, aka a \"FILE CREATION VULNERABILITY.\" NOTE: this may be the same as CVE-2007-5664." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21255607", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21255607" - }, - { - "name" : "IZ12735", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ12735" - }, - { - "name" : "29601", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29601" - }, - { - "name" : "ADV-2008-1769", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1769" - }, - { - "name" : "30558", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30558" - }, - { - "name" : "ibm-db2-adminserver-privilege-escalation(42932)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42932" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows local users to gain privileges, aka a \"FILE CREATION VULNERABILITY.\" NOTE: this may be the same as CVE-2007-5664." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607" + }, + { + "name": "ibm-db2-adminserver-privilege-escalation(42932)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42932" + }, + { + "name": "IZ12735", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IZ12735" + }, + { + "name": "ADV-2008-1769", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1769" + }, + { + "name": "29601", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29601" + }, + { + "name": "30558", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30558" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4097.json b/2008/4xxx/CVE-2008-4097.json index addb2b01609..08b8898d9f3 100644 --- a/2008/4xxx/CVE-2008-4097.json +++ b/2008/4xxx/CVE-2008-4097.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-4097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080909 Re: CVE request: MySQL incomplete fix for CVE-2008-2079", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/09/20" - }, - { - "name" : "[oss-security] 20080916 Re: CVE request: MySQL incomplete fix for CVE-2008-2079", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/16/3" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25" - }, - { - "name" : "MDVSA-2009:094", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:094" - }, - { - "name" : "SUSE-SR:2008:025", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html" - }, - { - "name" : "USN-671-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-671-1" - }, - { - "name" : "32759", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32759" - }, - { - "name" : "32769", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32769" - }, - { - "name" : "mysql-myisam-symlinks-security-bypass(45648)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within pathnames for subdirectories of the MySQL home data directory, which are followed when tables are created in the future. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-2079." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2009:094", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:094" + }, + { + "name": "USN-671-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-671-1" + }, + { + "name": "32769", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32769" + }, + { + "name": "[oss-security] 20080909 Re: CVE request: MySQL incomplete fix for CVE-2008-2079", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/09/20" + }, + { + "name": "mysql-myisam-symlinks-security-bypass(45648)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45648" + }, + { + "name": "[oss-security] 20080916 Re: CVE request: MySQL incomplete fix for CVE-2008-2079", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/16/3" + }, + { + "name": "32759", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32759" + }, + { + "name": "SUSE-SR:2008:025", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480292#25" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4418.json b/2008/4xxx/CVE-2008-4418.json index 1a5b2cc5cda..4c22ce59ae6 100644 --- a/2008/4xxx/CVE-2008-4418.json +++ b/2008/4xxx/CVE-2008-4418.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX02393", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122893704624601&w=2" - }, - { - "name" : "SSRT080057", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122893704624601&w=2" - }, - { - "name" : "32754", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32754" - }, - { - "name" : "ADV-2008-3411", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3411" - }, - { - "name" : "50679", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50679" - }, - { - "name" : "1021377", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021377" - }, - { - "name" : "4705", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4705" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1021377", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021377" + }, + { + "name": "ADV-2008-3411", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3411" + }, + { + "name": "4705", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4705" + }, + { + "name": "HPSBUX02393", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122893704624601&w=2" + }, + { + "name": "50679", + "refsource": "OSVDB", + "url": "http://osvdb.org/50679" + }, + { + "name": "SSRT080057", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122893704624601&w=2" + }, + { + "name": "32754", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32754" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4643.json b/2008/4xxx/CVE-2008-4643.json index caf7c4f5491..a86b43ac6e2 100644 --- a/2008/4xxx/CVE-2008-4643.json +++ b/2008/4xxx/CVE-2008-4643.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in hits.php in myWebland myStats allows remote attackers to execute arbitrary SQL commands via the sortby parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6759", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6759" - }, - { - "name" : "31772", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31772" - }, - { - "name" : "32289", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32289" - }, - { - "name" : "4455", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4455" - }, - { - "name" : "mystats-hits-sql-injection(45917)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in hits.php in myWebland myStats allows remote attackers to execute arbitrary SQL commands via the sortby parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4455", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4455" + }, + { + "name": "6759", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6759" + }, + { + "name": "32289", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32289" + }, + { + "name": "31772", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31772" + }, + { + "name": "mystats-hits-sql-injection(45917)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45917" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4848.json b/2008/4xxx/CVE-2008-4848.json index 405daac5667..18263cee23f 100644 --- a/2008/4xxx/CVE-2008-4848.json +++ b/2008/4xxx/CVE-2008-4848.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4848", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-4848", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4944.json b/2008/4xxx/CVE-2008-4944.json index cc65c0f22eb..1df9385615c 100644 --- a/2008/4xxx/CVE-2008-4944.json +++ b/2008/4xxx/CVE-2008-4944.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "writtercontrol in cdcontrol 1.90 allows local users to overwrite arbitrary files via a symlink attack on /tmp/v-recorder*-out temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2" - }, - { - "name" : "http://uvw.ru/report.lenny.txt", - "refsource" : "MISC", - "url" : "http://uvw.ru/report.lenny.txt" - }, - { - "name" : "http://bugs.debian.org/496438", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/496438" - }, - { - "name" : "http://dev.gentoo.org/~rbu/security/debiantemp/cdcontrol", - "refsource" : "CONFIRM", - "url" : "http://dev.gentoo.org/~rbu/security/debiantemp/cdcontrol" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770", - "refsource" : "CONFIRM", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770" - }, - { - "name" : "30892", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30892" - }, - { - "name" : "cdcontrol-writtercontrol-symlink(44839)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44839" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "writtercontrol in cdcontrol 1.90 allows local users to overwrite arbitrary files via a symlink attack on /tmp/v-recorder*-out temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dev.gentoo.org/~rbu/security/debiantemp/cdcontrol", + "refsource": "CONFIRM", + "url": "http://dev.gentoo.org/~rbu/security/debiantemp/cdcontrol" + }, + { + "name": "http://bugs.debian.org/496438", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/496438" + }, + { + "name": "cdcontrol-writtercontrol-symlink(44839)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44839" + }, + { + "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=235770", + "refsource": "CONFIRM", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770" + }, + { + "name": "http://uvw.ru/report.lenny.txt", + "refsource": "MISC", + "url": "http://uvw.ru/report.lenny.txt" + }, + { + "name": "30892", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30892" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6141.json b/2008/6xxx/CVE-2008-6141.json index b0ec5093659..df0622035c4 100644 --- a/2008/6xxx/CVE-2008-6141.json +++ b/2008/6xxx/CVE-2008-6141.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Avaya IP Softphone 6.0 SP4 and 6.01.85 allows remote attackers to cause a denial of service (crash) via a large amount of H.323 data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.voipshield.com/research-details.php?id=125", - "refsource" : "MISC", - "url" : "http://www.voipshield.com/research-details.php?id=125" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-363.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-363.htm" - }, - { - "name" : "31635", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31635" - }, - { - "name" : "32206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32206" - }, - { - "name" : "ADV-2008-2775", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2775" - }, - { - "name" : "avaya-ipsoftphone-h323-dos(45745)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45745" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Avaya IP Softphone 6.0 SP4 and 6.01.85 allows remote attackers to cause a denial of service (crash) via a large amount of H.323 data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.voipshield.com/research-details.php?id=125", + "refsource": "MISC", + "url": "http://www.voipshield.com/research-details.php?id=125" + }, + { + "name": "avaya-ipsoftphone-h323-dos(45745)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45745" + }, + { + "name": "31635", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31635" + }, + { + "name": "ADV-2008-2775", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2775" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-363.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-363.htm" + }, + { + "name": "32206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32206" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6274.json b/2008/6xxx/CVE-2008-6274.json index 6d5e93b9cda..eb7838bbcac 100644 --- a/2008/6xxx/CVE-2008-6274.json +++ b/2008/6xxx/CVE-2008-6274.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in index.php in FamilyProject 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the logmbr parameter (aka login field) or (2) the mdpmbr parameter (aka pass or \"Mot de passe\" field). NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7248", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7248" - }, - { - "name" : "32501", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32501" - }, - { - "name" : "50314", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50314" - }, - { - "name" : "32900", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32900" - }, - { - "name" : "familyproject-index-sql-injection(46929)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in index.php in FamilyProject 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the logmbr parameter (aka login field) or (2) the mdpmbr parameter (aka pass or \"Mot de passe\" field). NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "familyproject-index-sql-injection(46929)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46929" + }, + { + "name": "32900", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32900" + }, + { + "name": "32501", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32501" + }, + { + "name": "50314", + "refsource": "OSVDB", + "url": "http://osvdb.org/50314" + }, + { + "name": "7248", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7248" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6718.json b/2008/6xxx/CVE-2008-6718.json index a221aefe8aa..43d5255fc97 100644 --- a/2008/6xxx/CVE-2008-6718.json +++ b/2008/6xxx/CVE-2008-6718.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "U&M Software JustBookIt 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) user_manual.php, (2) user_config.php, (3) user_kundnamn.php, (4) user_kundlista.php, (5) user_aktiva_kunder.php, (6) database.php, and possibly (7) index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7033", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7033" - }, - { - "name" : "32166", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "U&M Software JustBookIt 1.0 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to (1) user_manual.php, (2) user_config.php, (3) user_kundnamn.php, (4) user_kundlista.php, (5) user_aktiva_kunder.php, (6) database.php, and possibly (7) index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32166", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32166" + }, + { + "name": "7033", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7033" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6748.json b/2008/6xxx/CVE-2008-6748.json index 446ec30c347..aade067405a 100644 --- a/2008/6xxx/CVE-2008-6748.json +++ b/2008/6xxx/CVE-2008-6748.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081230 Megacubo 5.0.7 (mega://) remote eval() injection exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499654/100/0/threaded" - }, - { - "name" : "7623", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7623" - }, - { - "name" : "http://retrogod.altervista.org/9sg_megacubo.html", - "refsource" : "MISC", - "url" : "http://retrogod.altervista.org/9sg_megacubo.html" - }, - { - "name" : "33062", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33062" - }, - { - "name" : "51106", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51106" - }, - { - "name" : "33326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33326" - }, - { - "name" : "megacubo-mega-command-execution(47697)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33062", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33062" + }, + { + "name": "33326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33326" + }, + { + "name": "http://retrogod.altervista.org/9sg_megacubo.html", + "refsource": "MISC", + "url": "http://retrogod.altervista.org/9sg_megacubo.html" + }, + { + "name": "20081230 Megacubo 5.0.7 (mega://) remote eval() injection exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499654/100/0/threaded" + }, + { + "name": "megacubo-mega-command-execution(47697)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47697" + }, + { + "name": "7623", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7623" + }, + { + "name": "51106", + "refsource": "OSVDB", + "url": "http://osvdb.org/51106" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7146.json b/2008/7xxx/CVE-2008-7146.json index d5e842fdcf6..5caf7233410 100644 --- a/2008/7xxx/CVE-2008-7146.json +++ b/2008/7xxx/CVE-2008-7146.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allows remote attackers to obtain sensitive information via a direct request to (1) Knowledge_Impact_Course.htm, (2) LRN-formatted_Course.htm, or (3) Create_Course.htm in help/1/Instructor/, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://osvdb.org/ref/42/intralearn-21-multiple.txt", - "refsource" : "MISC", - "url" : "http://osvdb.org/ref/42/intralearn-21-multiple.txt" - }, - { - "name" : "42991", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42991" - }, - { - "name" : "42992", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42992" - }, - { - "name" : "42993", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allows remote attackers to obtain sensitive information via a direct request to (1) Knowledge_Impact_Course.htm, (2) LRN-formatted_Course.htm, or (3) Create_Course.htm in help/1/Instructor/, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42993", + "refsource": "OSVDB", + "url": "http://osvdb.org/42993" + }, + { + "name": "42992", + "refsource": "OSVDB", + "url": "http://osvdb.org/42992" + }, + { + "name": "http://osvdb.org/ref/42/intralearn-21-multiple.txt", + "refsource": "MISC", + "url": "http://osvdb.org/ref/42/intralearn-21-multiple.txt" + }, + { + "name": "42991", + "refsource": "OSVDB", + "url": "http://osvdb.org/42991" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7197.json b/2008/7xxx/CVE-2008-7197.json index 77aa256261e..44fc786686f 100644 --- a/2008/7xxx/CVE-2008-7197.json +++ b/2008/7xxx/CVE-2008-7197.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in G15Daemon before 1.9.4 have unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[fm-news] 20080113 Newsletter for Saturday, January 12th 2008", - "refsource" : "MLIST", - "url" : "http://archives.neohapsis.com/archives/apps/freshmeat/2008-01/0019.html" - }, - { - "name" : "40528", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/40528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in G15Daemon before 1.9.4 have unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[fm-news] 20080113 Newsletter for Saturday, January 12th 2008", + "refsource": "MLIST", + "url": "http://archives.neohapsis.com/archives/apps/freshmeat/2008-01/0019.html" + }, + { + "name": "40528", + "refsource": "OSVDB", + "url": "http://osvdb.org/40528" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7252.json b/2008/7xxx/CVE-2008-7252.json index fab2e21f9cb..dd310a1c7df 100644 --- a/2008/7xxx/CVE-2008-7252.json +++ b/2008/7xxx/CVE-2008-7252.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/libraries/File.class.php?r1=11528&r2=11527&pathrev=11528", - "refsource" : "CONFIRM", - "url" : "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/libraries/File.class.php?r1=11528&r2=11527&pathrev=11528" - }, - { - "name" : "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11528", - "refsource" : "CONFIRM", - "url" : "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11528" - }, - { - "name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2010-2.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2010-2.php" - }, - { - "name" : "DSA-2034", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2010/dsa-2034" - }, - { - "name" : "SUSE-SR:2010:001", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html" - }, - { - "name" : "37826", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37826" - }, - { - "name" : "38211", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38211" - }, - { - "name" : "39503", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39503" - }, - { - "name" : "ADV-2010-0910", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "38211", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38211" + }, + { + "name": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11528", + "refsource": "CONFIRM", + "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11528" + }, + { + "name": "39503", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39503" + }, + { + "name": "SUSE-SR:2010:001", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html" + }, + { + "name": "ADV-2010-0910", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0910" + }, + { + "name": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/libraries/File.class.php?r1=11528&r2=11527&pathrev=11528", + "refsource": "CONFIRM", + "url": "http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_11/phpMyAdmin/libraries/File.class.php?r1=11528&r2=11527&pathrev=11528" + }, + { + "name": "DSA-2034", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2010/dsa-2034" + }, + { + "name": "http://www.phpmyadmin.net/home_page/security/PMASA-2010-2.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2010-2.php" + }, + { + "name": "37826", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37826" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2576.json b/2013/2xxx/CVE-2013-2576.json index 0b323556ef6..29c761209d3 100644 --- a/2013/2xxx/CVE-2013-2576.json +++ b/2013/2xxx/CVE-2013-2576.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Artweaver before 3.1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AWD file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130722 CORE-2013-0701 - Artweaver Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-07/0154.html" - }, - { - "name" : "27047", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/27047" - }, - { - "name" : "http://www.coresecurity.com/advisories/artweaver-buffer-overflow-vulnerability", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/advisories/artweaver-buffer-overflow-vulnerability" - }, - { - "name" : "http://www.artweaver.de/en/help/80", - "refsource" : "CONFIRM", - "url" : "http://www.artweaver.de/en/help/80" - }, - { - "name" : "http://www.artweaver.de/en/help/81", - "refsource" : "CONFIRM", - "url" : "http://www.artweaver.de/en/help/81" - }, - { - "name" : "95573", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/95573" - }, - { - "name" : "54167", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54167" - }, - { - "name" : "artweaver-cve20132576-awd-bo(85924)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85924" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Artweaver before 3.1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AWD file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.artweaver.de/en/help/81", + "refsource": "CONFIRM", + "url": "http://www.artweaver.de/en/help/81" + }, + { + "name": "27047", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/27047" + }, + { + "name": "95573", + "refsource": "OSVDB", + "url": "http://osvdb.org/95573" + }, + { + "name": "http://www.artweaver.de/en/help/80", + "refsource": "CONFIRM", + "url": "http://www.artweaver.de/en/help/80" + }, + { + "name": "http://www.coresecurity.com/advisories/artweaver-buffer-overflow-vulnerability", + "refsource": "MISC", + "url": "http://www.coresecurity.com/advisories/artweaver-buffer-overflow-vulnerability" + }, + { + "name": "20130722 CORE-2013-0701 - Artweaver Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0154.html" + }, + { + "name": "54167", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54167" + }, + { + "name": "artweaver-cve20132576-awd-bo(85924)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85924" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2663.json b/2013/2xxx/CVE-2013-2663.json index 0c619e5f2e9..c5349b6fc94 100644 --- a/2013/2xxx/CVE-2013-2663.json +++ b/2013/2xxx/CVE-2013-2663.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2663", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2663", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2904.json b/2013/2xxx/CVE-2013-2904.json index a2c99cd6814..3608073969c 100644 --- a/2013/2xxx/CVE-2013-2904.json +++ b/2013/2xxx/CVE-2013-2904.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via an onload event that changes an IFRAME element so that its src attribute is no longer an XML document, leading to unintended garbage collection of this document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://crbug.com/260428", - "refsource" : "CONFIRM", - "url" : "http://crbug.com/260428" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=154680&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=154680&view=revision" - }, - { - "name" : "DSA-2741", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2741" - }, - { - "name" : "oval:org.mitre.oval:def:18550", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18550" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via an onload event that changes an IFRAME element so that its src attribute is no longer an XML document, leading to unintended garbage collection of this document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://src.chromium.org/viewvc/blink?revision=154680&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=154680&view=revision" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html" + }, + { + "name": "oval:org.mitre.oval:def:18550", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18550" + }, + { + "name": "DSA-2741", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2741" + }, + { + "name": "http://crbug.com/260428", + "refsource": "CONFIRM", + "url": "http://crbug.com/260428" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6145.json b/2013/6xxx/CVE-2013-6145.json index 5da238610be..ad6af788beb 100644 --- a/2013/6xxx/CVE-2013-6145.json +++ b/2013/6xxx/CVE-2013-6145.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6145", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-6145", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6912.json b/2013/6xxx/CVE-2013-6912.json index 76c867a2c23..0203336b98f 100644 --- a/2013/6xxx/CVE-2013-6912.json +++ b/2013/6xxx/CVE-2013-6912.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-6912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cs.cybozu.co.jp/information/20131202up01.php", - "refsource" : "MISC", - "url" : "http://cs.cybozu.co.jp/information/20131202up01.php" - }, - { - "name" : "https://support.cybozu.com/ja-jp/article/6927", - "refsource" : "CONFIRM", - "url" : "https://support.cybozu.com/ja-jp/article/6927" - }, - { - "name" : "JVN#23981867", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN23981867/index.html" - }, - { - "name" : "JVNDB-2013-000113", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113" - }, - { - "name" : "100560", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/100560" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cs.cybozu.co.jp/information/20131202up01.php", + "refsource": "MISC", + "url": "http://cs.cybozu.co.jp/information/20131202up01.php" + }, + { + "name": "100560", + "refsource": "OSVDB", + "url": "http://osvdb.org/100560" + }, + { + "name": "JVNDB-2013-000113", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113" + }, + { + "name": "https://support.cybozu.com/ja-jp/article/6927", + "refsource": "CONFIRM", + "url": "https://support.cybozu.com/ja-jp/article/6927" + }, + { + "name": "JVN#23981867", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN23981867/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/10xxx/CVE-2017-10800.json b/2017/10xxx/CVE-2017-10800.json index 5efc7a4aeb1..529543f3593 100644 --- a/2017/10xxx/CVE-2017-10800.json +++ b/2017/10xxx/CVE-2017-10800.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-10800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-10800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/e5761e3a2012", - "refsource" : "CONFIRM", - "url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/e5761e3a2012" - }, - { - "name" : "DSA-4321", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4321" - }, - { - "name" : "99356", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99356" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4321", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4321" + }, + { + "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/e5761e3a2012", + "refsource": "CONFIRM", + "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/e5761e3a2012" + }, + { + "name": "99356", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99356" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11014.json b/2017/11xxx/CVE-2017-11014.json index becbb69a839..468db90008c 100644 --- a/2017/11xxx/CVE-2017-11014.json +++ b/2017/11xxx/CVE-2017-11014.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-11-01T00:00:00", - "ID" : "CVE-2017-11014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing a Measurement Request IE in a Roam Neighbor Action Report, a buffer overflow can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Input in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-11-01T00:00:00", + "ID": "CVE-2017-11014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-11-01" - }, - { - "name" : "101774", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101774" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while parsing a Measurement Request IE in a Roam Neighbor Action Report, a buffer overflow can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101774", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101774" + }, + { + "name": "https://source.android.com/security/bulletin/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11459.json b/2017/11xxx/CVE-2017-11459.json index 1aa81f9e159..71a5f58a0ff 100644 --- a/2017/11xxx/CVE-2017-11459.json +++ b/2017/11xxx/CVE-2017-11459.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://erpscan.io/advisories/erpscan-17-019-sap-trex-rce/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-17-019-sap-trex-rce/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://erpscan.io/advisories/erpscan-17-019-sap-trex-rce/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-17-019-sap-trex-rce/" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11470.json b/2017/11xxx/CVE-2017-11470.json index db6dc4cd45f..4cf783081df 100644 --- a/2017/11xxx/CVE-2017-11470.json +++ b/2017/11xxx/CVE-2017-11470.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.securiteam.com/index.php/archives/3223#more-3223", - "refsource" : "MISC", - "url" : "https://blogs.securiteam.com/index.php/archives/3223#more-3223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php via the element parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.securiteam.com/index.php/archives/3223#more-3223", + "refsource": "MISC", + "url": "https://blogs.securiteam.com/index.php/archives/3223#more-3223" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14454.json b/2017/14xxx/CVE-2017-14454.json index 5df2ad72a18..1a610d68352 100644 --- a/2017/14xxx/CVE-2017-14454.json +++ b/2017/14xxx/CVE-2017-14454.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14454", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14454", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14457.json b/2017/14xxx/CVE-2017-14457.json index 368d0b54830..1f786caf691 100644 --- a/2017/14xxx/CVE-2017-14457.json +++ b/2017/14xxx/CVE-2017-14457.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-01-09T00:00:00", - "ID" : "CVE-2017-14457", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CPP-Ethereum", - "version" : { - "version_data" : [ - { - "version_value" : "Ethereum commit 4e1015743b95821849d001618a7ce82c7c073768" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can create/send malicious a smart contract to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-01-09T00:00:00", + "ID": "CVE-2017-14457", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CPP-Ethereum", + "version": { + "version_data": [ + { + "version_value": "Ethereum commit 4e1015743b95821849d001618a7ce82c7c073768" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0503", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0503" - }, - { - "name" : "102475", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102475" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can create/send malicious a smart contract to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102475", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102475" + }, + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0503", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0503" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14576.json b/2017/14xxx/CVE-2017-14576.json index 6457c21820f..2b9a8aa1997 100644 --- a/2017/14xxx/CVE-2017-14576.json +++ b/2017/14xxx/CVE-2017-14576.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a \"Possible Stack Corruption starting at Unknown Symbol @ 0x00000000049f0281.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14576", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14576" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a \"Possible Stack Corruption starting at Unknown Symbol @ 0x00000000049f0281.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14576", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14576" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15268.json b/2017/15xxx/CVE-2017-15268.json index b1d69f5e7b9..0e0cf97e6d8 100644 --- a/2017/15xxx/CVE-2017-15268.json +++ b/2017/15xxx/CVE-2017-15268.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[qemu-devel] 20171010 [PATCH v1 1/7] io: monitor encoutput buffer size from websocket GSource", - "refsource" : "MLIST", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02278.html" - }, - { - "name" : "https://bugs.launchpad.net/qemu/+bug/1718964", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/qemu/+bug/1718964" - }, - { - "name" : "DSA-4213", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4213" - }, - { - "name" : "RHSA-2018:0816", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0816" - }, - { - "name" : "RHSA-2018:1104", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1104" - }, - { - "name" : "USN-3575-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3575-1/" - }, - { - "name" : "101277", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4213", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4213" + }, + { + "name": "RHSA-2018:0816", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0816" + }, + { + "name": "101277", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101277" + }, + { + "name": "RHSA-2018:1104", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1104" + }, + { + "name": "https://bugs.launchpad.net/qemu/+bug/1718964", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/qemu/+bug/1718964" + }, + { + "name": "USN-3575-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3575-1/" + }, + { + "name": "[qemu-devel] 20171010 [PATCH v1 1/7] io: monitor encoutput buffer size from websocket GSource", + "refsource": "MLIST", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02278.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15461.json b/2017/15xxx/CVE-2017-15461.json index 1998c84bf66..6e9039ee332 100644 --- a/2017/15xxx/CVE-2017-15461.json +++ b/2017/15xxx/CVE-2017-15461.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15461", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15461", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9255.json b/2017/9xxx/CVE-2017-9255.json index cb42585a46d..824ad22a75d 100644 --- a/2017/9xxx/CVE-2017-9255.json +++ b/2017/9xxx/CVE-2017-9255.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jun/32", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jun/32" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Jun/32", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Jun/32" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9665.json b/2017/9xxx/CVE-2017-9665.json index 0931272a2b1..08965864b26 100644 --- a/2017/9xxx/CVE-2017-9665.json +++ b/2017/9xxx/CVE-2017-9665.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9665", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9665", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0209.json b/2018/0xxx/CVE-2018-0209.json index 051db3cdc66..ecccb582056 100644 --- a/2018/0xxx/CVE-2018-0209.json +++ b/2018/0xxx/CVE-2018-0209.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco 550X Series Stackable Managed Switches", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco 550X Series Stackable Managed Switches" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem communication channel through the Cisco 550X Series Stackable Managed Switches could allow an authenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device nay need to be manually reloaded to recover. The vulnerability is due to lack of proper input throttling of ingress SNMP traffic over an internal interface. An attacker could exploit this vulnerability by sending a crafted, heavy stream of SNMP traffic to the targeted device. An exploit could allow the attacker to cause the device to reload unexpectedly, causing a DoS condition. Cisco Bug IDs: CSCvg22135." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-119" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco 550X Series Stackable Managed Switches", + "version": { + "version_data": [ + { + "version_value": "Cisco 550X Series Stackable Managed Switches" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-550x", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-550x" - }, - { - "name" : "103406", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103406" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Simple Network Management Protocol (SNMP) subsystem communication channel through the Cisco 550X Series Stackable Managed Switches could allow an authenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device nay need to be manually reloaded to recover. The vulnerability is due to lack of proper input throttling of ingress SNMP traffic over an internal interface. An attacker could exploit this vulnerability by sending a crafted, heavy stream of SNMP traffic to the targeted device. An exploit could allow the attacker to cause the device to reload unexpectedly, causing a DoS condition. Cisco Bug IDs: CSCvg22135." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103406", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103406" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-550x", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-550x" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0222.json b/2018/0xxx/CVE-2018-0222.json index d1bd7e6be9d..5adaf2c8cdf 100644 --- a/2018/0xxx/CVE-2018-0222.json +++ b/2018/0xxx/CVE-2018-0222.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Digital Network Architecture Center", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Digital Network Architecture Center" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the default administrative account for the affected software. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands with root privileges. This vulnerability affects all releases of Cisco DNA Center Software prior to Release 1.1.3. Cisco Bug IDs: CSCvh98929." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-798" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Digital Network Architecture Center", + "version": { + "version_data": [ + { + "version_value": "Cisco Digital Network Architecture Center" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dnac", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dnac" - }, - { - "name" : "104193", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to log in to an affected system by using an administrative account that has default, static user credentials. The vulnerability is due to the presence of undocumented, static user credentials for the default administrative account for the affected software. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands with root privileges. This vulnerability affects all releases of Cisco DNA Center Software prior to Release 1.1.3. Cisco Bug IDs: CSCvh98929." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104193", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104193" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dnac", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-dnac" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000007.json b/2018/1000xxx/CVE-2018-1000007.json index 04e507fedfe..65c400e8c84 100644 --- a/2018/1000xxx/CVE-2018-1000007.json +++ b/2018/1000xxx/CVE-2018-1000007.json @@ -1,99 +1,99 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2018-01-22", - "ID" : "CVE-2018-1000007", - "REQUESTER" : "daniel@haxx.se", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "libcurl", - "version" : { - "version_data" : [ - { - "version_value" : "7.1 through 7.57.0" - } - ] - } - } - ] - }, - "vendor_name" : "libcurl" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-201" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-01-22", + "ID": "CVE-2018-1000007", + "REQUESTER": "daniel@haxx.se", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180129 [SECURITY] [DLA 1263-1] curl security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00038.html" - }, - { - "name" : "https://curl.haxx.se/docs/adv_2018-b3bf.html", - "refsource" : "CONFIRM", - "url" : "https://curl.haxx.se/docs/adv_2018-b3bf.html" - }, - { - "name" : "DSA-4098", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4098" - }, - { - "name" : "RHSA-2018:3157", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3157" - }, - { - "name" : "RHSA-2018:3558", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3558" - }, - { - "name" : "USN-3554-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3554-2/" - }, - { - "name" : "USN-3554-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3554-1/" - }, - { - "name" : "1040274", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3554-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3554-2/" + }, + { + "name": "USN-3554-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3554-1/" + }, + { + "name": "RHSA-2018:3558", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3558" + }, + { + "name": "DSA-4098", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4098" + }, + { + "name": "https://curl.haxx.se/docs/adv_2018-b3bf.html", + "refsource": "CONFIRM", + "url": "https://curl.haxx.se/docs/adv_2018-b3bf.html" + }, + { + "name": "1040274", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040274" + }, + { + "name": "RHSA-2018:3157", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3157" + }, + { + "name": "[debian-lts-announce] 20180129 [SECURITY] [DLA 1263-1] curl security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00038.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000127.json b/2018/1000xxx/CVE-2018-1000127.json index b1a4908945a..e7cc9e825b9 100644 --- a/2018/1000xxx/CVE-2018-1000127.json +++ b/2018/1000xxx/CVE-2018-1000127.json @@ -1,94 +1,94 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "3/8/2018 0:33:22", - "ID" : "CVE-2018-1000127", - "REQUESTER" : "dormando@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "memcached", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 1.4.37" - } - ] - } - } - ] - }, - "vendor_name" : "memcached" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Integer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "3/8/2018 0:33:22", + "ID": "CVE-2018-1000127", + "REQUESTER": "dormando@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180329 [SECURITY] [DLA 1329-1] memcached security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00031.html" - }, - { - "name" : "https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00", - "refsource" : "CONFIRM", - "url" : "https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00" - }, - { - "name" : "https://github.com/memcached/memcached/issues/271", - "refsource" : "CONFIRM", - "url" : "https://github.com/memcached/memcached/issues/271" - }, - { - "name" : "https://github.com/memcached/memcached/wiki/ReleaseNotes1437", - "refsource" : "CONFIRM", - "url" : "https://github.com/memcached/memcached/wiki/ReleaseNotes1437" - }, - { - "name" : "DSA-4218", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4218" - }, - { - "name" : "RHSA-2018:2290", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2290" - }, - { - "name" : "USN-3601-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3601-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:2290", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2290" + }, + { + "name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1329-1] memcached security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00031.html" + }, + { + "name": "https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00", + "refsource": "CONFIRM", + "url": "https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00" + }, + { + "name": "USN-3601-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3601-1/" + }, + { + "name": "DSA-4218", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4218" + }, + { + "name": "https://github.com/memcached/memcached/wiki/ReleaseNotes1437", + "refsource": "CONFIRM", + "url": "https://github.com/memcached/memcached/wiki/ReleaseNotes1437" + }, + { + "name": "https://github.com/memcached/memcached/issues/271", + "refsource": "CONFIRM", + "url": "https://github.com/memcached/memcached/issues/271" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000851.json b/2018/1000xxx/CVE-2018-1000851.json index 594be735778..e029a139a72 100644 --- a/2018/1000xxx/CVE-2018-1000851.json +++ b/2018/1000xxx/CVE-2018-1000851.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-11-27T13:54:33.490711", - "DATE_REQUESTED" : "2018-11-27T14:18:02", - "ID" : "CVE-2018-1000851", - "REQUESTER" : "matias@bitpay.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Copay Bitcoin Wallet", - "version" : { - "version_data" : [ - { - "version_value" : "5.01 to 5.1.0 included." - } - ] - } - } - ] - }, - "vendor_name" : "Copay Bitcoin Wallet" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/Unknown vulnerability in wallet private key storage that can result in Users' private key can be compromised. . This attack appear to be exploitable via Affected version run the malicious code at startup . This vulnerability appears to have been fixed in 5.2.0 and later ." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Other/Unknown" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-11-27T13:54:33.490711", + "DATE_REQUESTED": "2018-11-27T14:18:02", + "ID": "CVE-2018-1000851", + "REQUESTER": "matias@bitpay.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/", - "refsource" : "MISC", - "url" : "https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/" - }, - { - "name" : "https://blog.bitpay.com/npm-package-vulnerability-copay/", - "refsource" : "MISC", - "url" : "https://blog.bitpay.com/npm-package-vulnerability-copay/" - }, - { - "name" : "https://github.com/bitpay/copay/issues/9346", - "refsource" : "MISC", - "url" : "https://github.com/bitpay/copay/issues/9346" - }, - { - "name" : "https://github.com/dominictarr/event-stream/issues/116", - "refsource" : "MISC", - "url" : "https://github.com/dominictarr/event-stream/issues/116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Copay Bitcoin Wallet version 5.01 to 5.1.0 included. contains a Other/Unknown vulnerability in wallet private key storage that can result in Users' private key can be compromised. . This attack appear to be exploitable via Affected version run the malicious code at startup . This vulnerability appears to have been fixed in 5.2.0 and later ." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/dominictarr/event-stream/issues/116", + "refsource": "MISC", + "url": "https://github.com/dominictarr/event-stream/issues/116" + }, + { + "name": "https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/", + "refsource": "MISC", + "url": "https://arstechnica.com/information-technology/2018/11/hacker-backdoors-widely-used-open-source-software-to-steal-bitcoin/" + }, + { + "name": "https://blog.bitpay.com/npm-package-vulnerability-copay/", + "refsource": "MISC", + "url": "https://blog.bitpay.com/npm-package-vulnerability-copay/" + }, + { + "name": "https://github.com/bitpay/copay/issues/9346", + "refsource": "MISC", + "url": "https://github.com/bitpay/copay/issues/9346" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12195.json b/2018/12xxx/CVE-2018-12195.json index 4f41077d4cf..a7f70facecc 100644 --- a/2018/12xxx/CVE-2018-12195.json +++ b/2018/12xxx/CVE-2018-12195.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12195", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12195", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12605.json b/2018/12xxx/CVE-2018-12605.json index 1756f4382ed..d5cabe499cc 100644 --- a/2018/12xxx/CVE-2018-12605.json +++ b/2018/12xxx/CVE-2018-12605.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/", - "refsource" : "CONFIRM", - "url" : "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/" - }, - { - "name" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/45168", - "refsource" : "CONFIRM", - "url" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/45168" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/45168", + "refsource": "CONFIRM", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/45168" + }, + { + "name": "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/", + "refsource": "CONFIRM", + "url": "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16236.json b/2018/16xxx/CVE-2018-16236.json index c72a5cb2f34..308e1928d7e 100644 --- a/2018/16xxx/CVE-2018-16236.json +++ b/2018/16xxx/CVE-2018-16236.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cxsecurity.com/issue/WLB-2018080093", - "refsource" : "MISC", - "url" : "https://cxsecurity.com/issue/WLB-2018080093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cxsecurity.com/issue/WLB-2018080093", + "refsource": "MISC", + "url": "https://cxsecurity.com/issue/WLB-2018080093" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16699.json b/2018/16xxx/CVE-2018-16699.json index b813c0e1694..cd7d089ff46 100644 --- a/2018/16xxx/CVE-2018-16699.json +++ b/2018/16xxx/CVE-2018-16699.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16699", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16699", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16942.json b/2018/16xxx/CVE-2018-16942.json index 7770d1a3228..0add2164973 100644 --- a/2018/16xxx/CVE-2018-16942.json +++ b/2018/16xxx/CVE-2018-16942.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16942", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16942", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4366.json b/2018/4xxx/CVE-2018-4366.json index 869bb844bb1..41c217788c3 100644 --- a/2018/4xxx/CVE-2018-4366.json +++ b/2018/4xxx/CVE-2018-4366.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4366", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4366", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4441.json b/2018/4xxx/CVE-2018-4441.json index 0425571bae1..f3856591856 100644 --- a/2018/4xxx/CVE-2018-4441.json +++ b/2018/4xxx/CVE-2018-4441.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4441", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4441", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4781.json b/2018/4xxx/CVE-2018-4781.json index 5d90a44cb10..a61e1c22183 100644 --- a/2018/4xxx/CVE-2018-4781.json +++ b/2018/4xxx/CVE-2018-4781.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4781", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4781", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4893.json b/2018/4xxx/CVE-2018-4893.json index 4a87ba44141..8027b28b68a 100644 --- a/2018/4xxx/CVE-2018-4893.json +++ b/2018/4xxx/CVE-2018-4893.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of XPS font processing. A successful attack can lead to sensitive data exposure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "name" : "102996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102996" - }, - { - "name" : "1040364", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of XPS font processing. A successful attack can lead to sensitive data exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102996" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" + }, + { + "name": "1040364", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040364" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4896.json b/2018/4xxx/CVE-2018-4896.json index 0d4850028e6..79ec2e78a80 100644 --- a/2018/4xxx/CVE-2018-4896.json +++ b/2018/4xxx/CVE-2018-4896.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data. A successful attack can lead to sensitive data exposure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "name" : "102996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102996" - }, - { - "name" : "1040364", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data. A successful attack can lead to sensitive data exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102996" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" + }, + { + "name": "1040364", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040364" + } + ] + } +} \ No newline at end of file diff --git a/2018/6xxx/CVE-2018-6517.json b/2018/6xxx/CVE-2018-6517.json index 25de2137b0e..08276328a90 100644 --- a/2018/6xxx/CVE-2018-6517.json +++ b/2018/6xxx/CVE-2018-6517.json @@ -1,18 +1,60 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-6517", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-6517", + "ASSIGNER": "security@puppet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Puppet", + "product": { + "product_data": [ + { + "product_name": "Chloride", + "version": { + "version_data": [ + { + "version_value": "prior to 0.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": { + "lang": "eng", + "value": "Improper handling of known_hosts file" + } + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://puppet.com/security/cve/CVE-2018-6517", + "url": "https://puppet.com/security/cve/CVE-2018-6517" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. In version 0.3.0 this is updated so that the user's known_hosts file is not updated by chloride." + } + ] + } +} \ No newline at end of file