From 70f90af0d46ee73d04e308e65969699c1ead1357 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:57:16 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2003/0xxx/CVE-2003-0222.json | 170 +++++++++++++------------- 2003/1xxx/CVE-2003-1228.json | 170 +++++++++++++------------- 2003/1xxx/CVE-2003-1432.json | 190 ++++++++++++++--------------- 2004/0xxx/CVE-2004-0346.json | 140 +++++++++++----------- 2004/0xxx/CVE-2004-0375.json | 190 ++++++++++++++--------------- 2004/0xxx/CVE-2004-0808.json | 200 +++++++++++++++---------------- 2004/0xxx/CVE-2004-0862.json | 34 +++--- 2004/0xxx/CVE-2004-0929.json | 150 +++++++++++------------ 2004/1xxx/CVE-2004-1902.json | 180 ++++++++++++++-------------- 2004/2xxx/CVE-2004-2074.json | 140 +++++++++++----------- 2004/2xxx/CVE-2004-2338.json | 140 +++++++++++----------- 2004/2xxx/CVE-2004-2531.json | 180 ++++++++++++++-------------- 2008/2xxx/CVE-2008-2098.json | 180 ++++++++++++++-------------- 2008/2xxx/CVE-2008-2280.json | 140 +++++++++++----------- 2008/2xxx/CVE-2008-2720.json | 180 ++++++++++++++-------------- 2008/2xxx/CVE-2008-2884.json | 160 ++++++++++++------------- 2008/6xxx/CVE-2008-6028.json | 150 +++++++++++------------ 2008/6xxx/CVE-2008-6183.json | 160 ++++++++++++------------- 2008/6xxx/CVE-2008-6901.json | 150 +++++++++++------------ 2012/1xxx/CVE-2012-1298.json | 34 +++--- 2012/1xxx/CVE-2012-1684.json | 150 +++++++++++------------ 2012/5xxx/CVE-2012-5250.json | 150 +++++++++++------------ 2012/5xxx/CVE-2012-5473.json | 150 +++++++++++------------ 2012/5xxx/CVE-2012-5631.json | 34 +++--- 2012/5xxx/CVE-2012-5681.json | 34 +++--- 2012/5xxx/CVE-2012-5877.json | 170 +++++++++++++------------- 2017/11xxx/CVE-2017-11188.json | 130 ++++++++++---------- 2017/11xxx/CVE-2017-11211.json | 160 ++++++++++++------------- 2017/11xxx/CVE-2017-11713.json | 34 +++--- 2017/11xxx/CVE-2017-11783.json | 142 +++++++++++----------- 2017/3xxx/CVE-2017-3049.json | 140 +++++++++++----------- 2017/3xxx/CVE-2017-3097.json | 140 +++++++++++----------- 2017/3xxx/CVE-2017-3705.json | 34 +++--- 2017/7xxx/CVE-2017-7569.json | 120 +++++++++---------- 2017/8xxx/CVE-2017-8388.json | 120 +++++++++---------- 2017/8xxx/CVE-2017-8452.json | 120 +++++++++---------- 2017/8xxx/CVE-2017-8615.json | 34 +++--- 2017/8xxx/CVE-2017-8786.json | 160 ++++++++++++------------- 2017/8xxx/CVE-2017-8858.json | 130 ++++++++++---------- 2018/10xxx/CVE-2018-10513.json | 130 ++++++++++---------- 2018/10xxx/CVE-2018-10862.json | 210 ++++++++++++++++----------------- 2018/10xxx/CVE-2018-10896.json | 160 ++++++++++++------------- 2018/10xxx/CVE-2018-10960.json | 34 +++--- 2018/12xxx/CVE-2018-12527.json | 34 +++--- 2018/12xxx/CVE-2018-12778.json | 140 +++++++++++----------- 2018/12xxx/CVE-2018-12936.json | 34 +++--- 2018/12xxx/CVE-2018-12962.json | 34 +++--- 2018/13xxx/CVE-2018-13139.json | 140 +++++++++++----------- 2018/13xxx/CVE-2018-13187.json | 130 ++++++++++---------- 2018/13xxx/CVE-2018-13507.json | 130 ++++++++++---------- 2018/13xxx/CVE-2018-13558.json | 130 ++++++++++---------- 2018/13xxx/CVE-2018-13657.json | 130 ++++++++++---------- 2018/16xxx/CVE-2018-16706.json | 120 +++++++++---------- 2018/17xxx/CVE-2018-17891.json | 122 +++++++++---------- 2018/17xxx/CVE-2018-17979.json | 34 +++--- 55 files changed, 3451 insertions(+), 3451 deletions(-) diff --git a/2003/0xxx/CVE-2003-0222.json b/2003/0xxx/CVE-2003-0222.json index c51be5d1982..7429256a650 100644 --- a/2003/0xxx/CVE-2003-0222.json +++ b/2003/0xxx/CVE-2003-0222.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a \"CREATE DATABASE LINK\" query containing a connect string with a long USING parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105162831008176&w=2" - }, - { - "name" : "20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=105163376015735&w=2" - }, - { - "name" : "http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf", - "refsource" : "CONFIRM", - "url" : "http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf" - }, - { - "name" : "N-085", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/n-085.shtml" - }, - { - "name" : "7453", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7453" - }, - { - "name" : "oracle-database-link-bo(11885)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a \"CREATE DATABASE LINK\" query containing a connect string with a long USING parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105162831008176&w=2" + }, + { + "name": "N-085", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/n-085.shtml" + }, + { + "name": "oracle-database-link-bo(11885)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11885" + }, + { + "name": "http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf", + "refsource": "CONFIRM", + "url": "http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf" + }, + { + "name": "20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=105163376015735&w=2" + }, + { + "name": "7453", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7453" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1228.json b/2003/1xxx/CVE-2003-1228.json index 04904ec9b1e..4a3be9e2154 100644 --- a/2003/1xxx/CVE-2003-1228.json +++ b/2003/1xxx/CVE-2003-1228.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the prepare_reply function in request.c for Mathopd 1.2 through 1.5b13, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via an HTTP request with a long path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031205 [Fwd: Security Alert; possible buffer overflow in all Mathopd versions]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107064887507504&w=2" - }, - { - "name" : "20031208 Re: [Fwd: Security Alert; possible buffer overflow in all Mathopd", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107090601705839&w=2" - }, - { - "name" : "http://www.securiteam.com/unixfocus/5FP0C1FCAW.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/unixfocus/5FP0C1FCAW.html" - }, - { - "name" : "9871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9871" - }, - { - "name" : "10385", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10385/" - }, - { - "name" : "mathopd-preparereply-bo(15474)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the prepare_reply function in request.c for Mathopd 1.2 through 1.5b13, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via an HTTP request with a long path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031208 Re: [Fwd: Security Alert; possible buffer overflow in all Mathopd", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107090601705839&w=2" + }, + { + "name": "http://www.securiteam.com/unixfocus/5FP0C1FCAW.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/unixfocus/5FP0C1FCAW.html" + }, + { + "name": "10385", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10385/" + }, + { + "name": "20031205 [Fwd: Security Alert; possible buffer overflow in all Mathopd versions]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107064887507504&w=2" + }, + { + "name": "9871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9871" + }, + { + "name": "mathopd-preparereply-bo(15474)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15474" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1432.json b/2003/1xxx/CVE-2003-1432.json index 7f905bde63f..affc4436bb0 100644 --- a/2003/1xxx/CVE-2003-1432.json +++ b/2003/1xxx/CVE-2003-1432.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030205 Unreal engine: results of my research", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0063.html" - }, - { - "name" : "20030211 Re: Epic Games threatens to sue security researchers", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0142.html" - }, - { - "name" : "20030513 UT2003 client passive DoS exploit", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-05/0142.html" - }, - { - "name" : "6770", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6770" - }, - { - "name" : "6772", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6772" - }, - { - "name" : "ut-packet-dos(11302)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11302" - }, - { - "name" : "ut-negative-memory-corruption(11305)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11305" - }, - { - "name" : "ut-negative-udp-dos(12012)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ut-packet-dos(11302)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11302" + }, + { + "name": "ut-negative-memory-corruption(11305)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11305" + }, + { + "name": "6770", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6770" + }, + { + "name": "6772", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6772" + }, + { + "name": "20030205 Unreal engine: results of my research", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0063.html" + }, + { + "name": "20030211 Re: Epic Games threatens to sue security researchers", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0142.html" + }, + { + "name": "ut-negative-udp-dos(12012)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12012" + }, + { + "name": "20030513 UT2003 client passive DoS exploit", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-05/0142.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0346.json b/2004/0xxx/CVE-2004-0346.json index 04f6615a4c0..a9f495f555c 100644 --- a/2004/0xxx/CVE-2004-0346.json +++ b/2004/0xxx/CVE-2004-0346.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040302 The Cult of a Cardinal Number", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107824679817240&w=2" - }, - { - "name" : "proftpd-offbyone-bo(15387)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15387" - }, - { - "name" : "9782", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9782" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040302 The Cult of a Cardinal Number", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107824679817240&w=2" + }, + { + "name": "9782", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9782" + }, + { + "name": "proftpd-offbyone-bo(15387)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15387" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0375.json b/2004/0xxx/CVE-2004-0375.json index ff3c0f2246f..86f3b7e80b2 100644 --- a/2004/0xxx/CVE-2004-0375.json +++ b/2004/0xxx/CVE-2004-0375.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040423 EEYE: Symantec Multiple Firewall TCP Options Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108275582432246&w=2" - }, - { - "name" : "http://www.eeye.com/html/Research/Upcoming/20040309.html", - "refsource" : "MISC", - "url" : "http://www.eeye.com/html/Research/Upcoming/20040309.html" - }, - { - "name" : "http://www.symantec.com/avcenter/security/Content/2004.04.20.html", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/avcenter/security/Content/2004.04.20.html" - }, - { - "name" : "9912", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9912" - }, - { - "name" : "1009379", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009379" - }, - { - "name" : "1009380", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009380" - }, - { - "name" : "norton-firewalls-dos(15433)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15433" - }, - { - "name" : "symantec-firewall-tcp-dos(15936)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15936" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1009379", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009379" + }, + { + "name": "http://www.symantec.com/avcenter/security/Content/2004.04.20.html", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/avcenter/security/Content/2004.04.20.html" + }, + { + "name": "1009380", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009380" + }, + { + "name": "norton-firewalls-dos(15433)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15433" + }, + { + "name": "symantec-firewall-tcp-dos(15936)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15936" + }, + { + "name": "http://www.eeye.com/html/Research/Upcoming/20040309.html", + "refsource": "MISC", + "url": "http://www.eeye.com/html/Research/Upcoming/20040309.html" + }, + { + "name": "20040423 EEYE: Symantec Multiple Firewall TCP Options Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108275582432246&w=2" + }, + { + "name": "9912", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9912" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0808.json b/2004/0xxx/CVE-2004-0808.json index f890784a237..207f87084ef 100644 --- a/2004/0xxx/CVE-2004-0808.json +++ b/2004/0xxx/CVE-2004-0808.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0808", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0808", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040913 Samba nmbd Invalid Length Denial of Service Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=138&type=vulnerabilities" - }, - { - "name" : "20040913 Samba 3.0 DoS Vulberabilities (CAN-2004-0807 & CAN-2004-0808)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109509335230495&w=2" - }, - { - "name" : "CLA-2004:873", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873" - }, - { - "name" : "GLSA-200409-16", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200409-16.xml" - }, - { - "name" : "MDKSA-2004:092", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:092" - }, - { - "name" : "RHSA-2004:467", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-467.html" - }, - { - "name" : "2004-0046", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.net/errata/2004/0046/" - }, - { - "name" : "20040915 [OpenPKG-SA-2004.040] OpenPKG Security Advisory (samba)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109526231623307&w=2" - }, - { - "name" : "oval:org.mitre.oval:def:10344", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2004-0046", + "refsource": "TRUSTIX", + "url": "http://www.trustix.net/errata/2004/0046/" + }, + { + "name": "RHSA-2004:467", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-467.html" + }, + { + "name": "20040913 Samba nmbd Invalid Length Denial of Service Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=138&type=vulnerabilities" + }, + { + "name": "20040913 Samba 3.0 DoS Vulberabilities (CAN-2004-0807 & CAN-2004-0808)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109509335230495&w=2" + }, + { + "name": "20040915 [OpenPKG-SA-2004.040] OpenPKG Security Advisory (samba)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109526231623307&w=2" + }, + { + "name": "CLA-2004:873", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873" + }, + { + "name": "MDKSA-2004:092", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:092" + }, + { + "name": "oval:org.mitre.oval:def:10344", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10344" + }, + { + "name": "GLSA-200409-16", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-16.xml" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0862.json b/2004/0xxx/CVE-2004-0862.json index 30b69885c73..ff8dd25b91c 100644 --- a/2004/0xxx/CVE-2004-0862.json +++ b/2004/0xxx/CVE-2004-0862.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0862", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0862", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0929.json b/2004/0xxx/CVE-2004-0929.json index 6862a9030f2..586b07d4731 100644 --- a/2004/0xxx/CVE-2004-0929.json +++ b/2004/0xxx/CVE-2004-0929.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0929", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041022 Novell SuSe Linux LibTIFF Heap Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=154&type=vulnerabilities" - }, - { - "name" : "VU#129910", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/129910" - }, - { - "name" : "SUSE-SA:2004:038", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_38_libtiff.html" - }, - { - "name" : "libtiff-ojpegvsetfield-bo(17843)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17843" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041022 Novell SuSe Linux LibTIFF Heap Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=154&type=vulnerabilities" + }, + { + "name": "SUSE-SA:2004:038", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_38_libtiff.html" + }, + { + "name": "libtiff-ojpegvsetfield-bo(17843)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17843" + }, + { + "name": "VU#129910", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/129910" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1902.json b/2004/1xxx/CVE-2004-1902.json index c123dac1c71..968f81a6130 100644 --- a/2004/1xxx/CVE-2004-1902.json +++ b/2004/1xxx/CVE-2004-1902.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040406 Foundstone Labs Advisory: Citrix MetaFrame Password Manager 2.0", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108127948610311&w=2" - }, - { - "name" : "http://support.citrix.com/kb/entry.jspa?entryID=4062&categoryID=256", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/kb/entry.jspa?entryID=4062&categoryID=256" - }, - { - "name" : "10049", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10049" - }, - { - "name" : "4942", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4942" - }, - { - "name" : "1009659", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009659" - }, - { - "name" : "11293", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11293" - }, - { - "name" : "metaframe-wizard-info-disclosure(15737)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15737" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.citrix.com/kb/entry.jspa?entryID=4062&categoryID=256", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/kb/entry.jspa?entryID=4062&categoryID=256" + }, + { + "name": "4942", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4942" + }, + { + "name": "1009659", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009659" + }, + { + "name": "10049", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10049" + }, + { + "name": "metaframe-wizard-info-disclosure(15737)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15737" + }, + { + "name": "11293", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11293" + }, + { + "name": "20040406 Foundstone Labs Advisory: Citrix MetaFrame Password Manager 2.0", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108127948610311&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2074.json b/2004/2xxx/CVE-2004-2074.json index 453db8bb550..dd9ade80d9c 100644 --- a/2004/2xxx/CVE-2004-2074.json +++ b/2004/2xxx/CVE-2004-2074.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service (crash) via format string specifiers in the (1) PASS or (2) RETR commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9800", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9800" - }, - { - "name" : "1009295", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009295" - }, - { - "name" : "dreamftp-command-format-string(15380)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service (crash) via format string specifiers in the (1) PASS or (2) RETR commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dreamftp-command-format-string(15380)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15380" + }, + { + "name": "1009295", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009295" + }, + { + "name": "9800", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9800" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2338.json b/2004/2xxx/CVE-2004-2338.json index a04ef39543d..d4779b4a082 100644 --- a/2004/2xxx/CVE-2004-2338.json +++ b/2004/2xxx/CVE-2004-2338.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2338", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openbsd.org/errata33.html", - "refsource" : "CONFIRM", - "url" : "http://www.openbsd.org/errata33.html" - }, - { - "name" : "http://www.openbsd.org/errata34.html", - "refsource" : "CONFIRM", - "url" : "http://www.openbsd.org/errata34.html" - }, - { - "name" : "9867", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.openbsd.org/errata34.html", + "refsource": "CONFIRM", + "url": "http://www.openbsd.org/errata34.html" + }, + { + "name": "9867", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9867" + }, + { + "name": "http://www.openbsd.org/errata33.html", + "refsource": "CONFIRM", + "url": "http://www.openbsd.org/errata33.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2531.json b/2004/2xxx/CVE-2004-2531.json index 5fa054355f5..d996ce2f3e1 100644 --- a/2004/2xxx/CVE-2004-2531.json +++ b/2004/2xxx/CVE-2004-2531.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hornik.sk/SA/SA-20040802.txt", - "refsource" : "MISC", - "url" : "http://www.hornik.sk/SA/SA-20040802.txt" - }, - { - "name" : "[gnutls-dev] 20040802 gnutls 1.0.17", - "refsource" : "MLIST", - "url" : "http://lists.gnupg.org/pipermail/gnutls-dev/2004-August/000703.html" - }, - { - "name" : "10839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10839" - }, - { - "name" : "8278", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8278" - }, - { - "name" : "1010838", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010838" - }, - { - "name" : "12156", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12156" - }, - { - "name" : "gnutls-rsa-key-size-dos(16858)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16858" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1010838", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010838" + }, + { + "name": "8278", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8278" + }, + { + "name": "http://www.hornik.sk/SA/SA-20040802.txt", + "refsource": "MISC", + "url": "http://www.hornik.sk/SA/SA-20040802.txt" + }, + { + "name": "gnutls-rsa-key-size-dos(16858)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16858" + }, + { + "name": "10839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10839" + }, + { + "name": "[gnutls-dev] 20040802 gnutls 1.0.17", + "refsource": "MLIST", + "url": "http://lists.gnupg.org/pipermail/gnutls-dev/2004-August/000703.html" + }, + { + "name": "12156", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12156" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2098.json b/2008/2xxx/CVE-2008-2098.json index 1da4253fdf8..14988db5467 100644 --- a/2008/2xxx/CVE-2008-2098.json +++ b/2008/2xxx/CVE-2008-2098.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080530 VMSA-2008-0008 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492831/100/0/threaded" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0008.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0008.html" - }, - { - "name" : "GLSA-201209-25", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-25.xml" - }, - { - "name" : "1020148", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020148" - }, - { - "name" : "30476", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30476" - }, - { - "name" : "ADV-2008-1707", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1707/references" - }, - { - "name" : "vmware-hgfs-bo(42753)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42753" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201209-25", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0008.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0008.html" + }, + { + "name": "vmware-hgfs-bo(42753)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42753" + }, + { + "name": "1020148", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020148" + }, + { + "name": "20080530 VMSA-2008-0008 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion resolve critical security issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492831/100/0/threaded" + }, + { + "name": "ADV-2008-1707", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1707/references" + }, + { + "name": "30476", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30476" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2280.json b/2008/2xxx/CVE-2008-2280.json index c46c089b4b5..8f38b727eb8 100644 --- a/2008/2xxx/CVE-2008-2280.json +++ b/2008/2xxx/CVE-2008-2280.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin/index.php in Script PHP PicEngine 1.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/bid/29214/exploit", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/bid/29214/exploit" - }, - { - "name" : "29214", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29214" - }, - { - "name" : "picsengine-index-xss(42421)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin/index.php in Script PHP PicEngine 1.0 allows remote attackers to inject arbitrary web script or HTML via the l parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "picsengine-index-xss(42421)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42421" + }, + { + "name": "29214", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29214" + }, + { + "name": "http://www.securityfocus.com/bid/29214/exploit", + "refsource": "MISC", + "url": "http://www.securityfocus.com/bid/29214/exploit" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2720.json b/2008/2xxx/CVE-2008-2720.json index 644e914b1ce..e1b24a86508 100644 --- a/2008/2xxx/CVE-2008-2720.json +++ b/2008/2xxx/CVE-2008-2720.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Menalto Gallery before 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) host and (2) path components of a URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gallery.menalto.com/gallery_2.2.5_released", - "refsource" : "CONFIRM", - "url" : "http://gallery.menalto.com/gallery_2.2.5_released" - }, - { - "name" : "FEDORA-2008-5479", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00766.html" - }, - { - "name" : "FEDORA-2008-5576", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00836.html" - }, - { - "name" : "29681", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29681" - }, - { - "name" : "30650", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30650" - }, - { - "name" : "30826", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30826" - }, - { - "name" : "gallery-unspecified-scripts-xss(43024)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Menalto Gallery before 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) host and (2) path components of a URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gallery-unspecified-scripts-xss(43024)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43024" + }, + { + "name": "30650", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30650" + }, + { + "name": "30826", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30826" + }, + { + "name": "http://gallery.menalto.com/gallery_2.2.5_released", + "refsource": "CONFIRM", + "url": "http://gallery.menalto.com/gallery_2.2.5_released" + }, + { + "name": "FEDORA-2008-5479", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00766.html" + }, + { + "name": "FEDORA-2008-5576", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00836.html" + }, + { + "name": "29681", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29681" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2884.json b/2008/2xxx/CVE-2008-2884.json index ed58fcbb3d7..71c6f78509c 100644 --- a/2008/2xxx/CVE-2008-2884.json +++ b/2008/2xxx/CVE-2008-2884.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080625 RSS-aggregator (display) Remote File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493650/100/0/threaded" - }, - { - "name" : "5900", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5900" - }, - { - "name" : "29873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29873" - }, - { - "name" : "30768", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30768" - }, - { - "name" : "rssaggregator-display-file-include(43283)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43283" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30768", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30768" + }, + { + "name": "5900", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5900" + }, + { + "name": "20080625 RSS-aggregator (display) Remote File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493650/100/0/threaded" + }, + { + "name": "29873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29873" + }, + { + "name": "rssaggregator-display-file-include(43283)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43283" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6028.json b/2008/6xxx/CVE-2008-6028.json index 784619400fe..bcdf75a0e62 100644 --- a/2008/6xxx/CVE-2008-6028.json +++ b/2008/6xxx/CVE-2008-6028.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6028", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in list.php in University of Queensland Library Fez 1.3 and 2.0 RC1 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter in a subject action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6028", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6535", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6535" - }, - { - "name" : "31324", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31324" - }, - { - "name" : "ADV-2008-2652", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2652" - }, - { - "name" : "fez-list-sql-injection(45332)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45332" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in list.php in University of Queensland Library Fez 1.3 and 2.0 RC1 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter in a subject action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-2652", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2652" + }, + { + "name": "fez-list-sql-injection(45332)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45332" + }, + { + "name": "6535", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6535" + }, + { + "name": "31324", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31324" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6183.json b/2008/6xxx/CVE-2008-6183.json index 0b0a6aeaa8e..c5c0b3802eb 100644 --- a/2008/6xxx/CVE-2008-6183.json +++ b/2008/6xxx/CVE-2008-6183.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in index.php in My PHP Indexer 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) d and (2) f parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6740", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6740" - }, - { - "name" : "31726", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31726" - }, - { - "name" : "ADV-2008-2796", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2796" - }, - { - "name" : "32215", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32215" - }, - { - "name" : "myphpindexer-index-directory-traversal(45830)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45830" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in index.php in My PHP Indexer 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) d and (2) f parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6740", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6740" + }, + { + "name": "myphpindexer-index-directory-traversal(45830)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45830" + }, + { + "name": "32215", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32215" + }, + { + "name": "31726", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31726" + }, + { + "name": "ADV-2008-2796", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2796" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6901.json b/2008/6xxx/CVE-2008-6901.json index 9e03adfad4e..92b3906065d 100644 --- a/2008/6xxx/CVE-2008-6901.json +++ b/2008/6xxx/CVE-2008-6901.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in 2532designs 2532|Gigs 1.2.2 Stable, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) settings.php, (2) deleteuser.php, (3) mini_calendar.php, (4) manage_venues.php, and (5) manage_gigs.php, a different vector than CVE-2007-4585." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7510", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7510" - }, - { - "name" : "32911", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32911" - }, - { - "name" : "26585", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26585" - }, - { - "name" : "2532gigs-language-file-include(47465)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in 2532designs 2532|Gigs 1.2.2 Stable, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) settings.php, (2) deleteuser.php, (3) mini_calendar.php, (4) manage_venues.php, and (5) manage_gigs.php, a different vector than CVE-2007-4585." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7510", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7510" + }, + { + "name": "32911", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32911" + }, + { + "name": "2532gigs-language-file-include(47465)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47465" + }, + { + "name": "26585", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26585" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1298.json b/2012/1xxx/CVE-2012-1298.json index 82fcecee46e..239911b3f97 100644 --- a/2012/1xxx/CVE-2012-1298.json +++ b/2012/1xxx/CVE-2012-1298.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1298", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1298", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1684.json b/2012/1xxx/CVE-2012-1684.json index 325180f8a17..5fbd20d9f34 100644 --- a/2012/1xxx/CVE-2012-1684.json +++ b/2012/1xxx/CVE-2012-1684.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Password Policy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "1026940", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026940" - }, - { - "name" : "48809", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Password Policy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "1026940", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026940" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "48809", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48809" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5250.json b/2012/5xxx/CVE-2012-5250.json index 1f4c12771ac..4aa0a87908c 100644 --- a/2012/5xxx/CVE-2012-5250.json +++ b/2012/5xxx/CVE-2012-5250.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-5250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-22.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-22.html" - }, - { - "name" : "openSUSE-SU-2013:0370", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00034.html" - }, - { - "name" : "86027", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86027" - }, - { - "name" : "adobe-cve20125250-bo(79071)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79071" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0370", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00034.html" + }, + { + "name": "adobe-cve20125250-bo(79071)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79071" + }, + { + "name": "86027", + "refsource": "OSVDB", + "url": "http://osvdb.org/86027" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-22.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-22.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5473.json b/2012/5xxx/CVE-2012-5473.json index 14164e2475c..808743b0dbb 100644 --- a/2012/5xxx/CVE-2012-5473.json +++ b/2012/5xxx/CVE-2012-5473.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to read activity entries of a different group's users via an advanced search." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121119 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/11/19/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34448", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34448" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=216157", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=216157" - }, - { - "name" : "56505", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to read activity entries of a different group's users via an advanced search." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=216157", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=216157" + }, + { + "name": "56505", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56505" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34448", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34448" + }, + { + "name": "[oss-security] 20121119 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/11/19/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5631.json b/2012/5xxx/CVE-2012-5631.json index de0ed929274..40e65756af7 100644 --- a/2012/5xxx/CVE-2012-5631.json +++ b/2012/5xxx/CVE-2012-5631.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5631", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5631", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5681.json b/2012/5xxx/CVE-2012-5681.json index 9647c6d6976..062b07de864 100644 --- a/2012/5xxx/CVE-2012-5681.json +++ b/2012/5xxx/CVE-2012-5681.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5681", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-5681", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5877.json b/2012/5xxx/CVE-2012-5877.json index 7c3dc27e344..e5b584bc242 100644 --- a/2012/5xxx/CVE-2012-5877.json +++ b/2012/5xxx/CVE-2012-5877.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an HTTP header without a name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130109 Nero MediaHome Multiple Remote DoS Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-01/0037.html" - }, - { - "name" : "24022", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/24022" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23130", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23130" - }, - { - "name" : "57253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57253" - }, - { - "name" : "89151", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/89151" - }, - { - "name" : "mediahome-httphost-dos(81107)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an HTTP header without a name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mediahome-httphost-dos(81107)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81107" + }, + { + "name": "57253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57253" + }, + { + "name": "20130109 Nero MediaHome Multiple Remote DoS Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0037.html" + }, + { + "name": "89151", + "refsource": "OSVDB", + "url": "http://osvdb.org/89151" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23130", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23130" + }, + { + "name": "24022", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/24022" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11188.json b/2017/11xxx/CVE-2017-11188.json index 56c7e924ceb..9527404329f 100644 --- a/2017/11xxx/CVE-2017-11188.json +++ b/2017/11xxx/CVE-2017-11188.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ReadDPXImage function in coders\\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/509", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/509" - }, - { - "name" : "99566", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99566" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ReadDPXImage function in coders\\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99566", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99566" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/509", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/509" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11211.json b/2017/11xxx/CVE-2017-11211.json index 80a2fadab62..4460df9da33 100644 --- a/2017/11xxx/CVE-2017-11211.json +++ b/2017/11xxx/CVE-2017-11211.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-11211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Acrobat Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2017.009.20058 and earlier" - }, - { - "version_value" : "2017.008.30051 and earlier" - }, - { - "version_value" : "2015.006.30306 and earlier" - }, - { - "version_value" : "11.0.20 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe Systems Incorporated" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the JPEG parser. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-11211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_value": "2017.009.20058 and earlier" + }, + { + "version_value": "2017.008.30051 and earlier" + }, + { + "version_value": "2015.006.30306 and earlier" + }, + { + "version_value": "11.0.20 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Adobe Systems Incorporated" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" - }, - { - "name" : "100180", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100180" - }, - { - "name" : "1039098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the JPEG parser. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100180", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100180" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" + }, + { + "name": "1039098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039098" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11713.json b/2017/11xxx/CVE-2017-11713.json index 93b92bdce20..53ce6593240 100644 --- a/2017/11xxx/CVE-2017-11713.json +++ b/2017/11xxx/CVE-2017-11713.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11713", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11713", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11783.json b/2017/11xxx/CVE-2017-11783.json index d1e627d4667..7823e1e2b3b 100644 --- a/2017/11xxx/CVE-2017-11783.json +++ b/2017/11xxx/CVE-2017-11783.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-11783", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles calls to Advanced Local Procedure Call (ALPC), aka \"Windows Elevation of Privilege Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-11783", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11783", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11783" - }, - { - "name" : "101144", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101144" - }, - { - "name" : "1039526", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles calls to Advanced Local Procedure Call (ALPC), aka \"Windows Elevation of Privilege Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039526", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039526" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11783", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11783" + }, + { + "name": "101144", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101144" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3049.json b/2017/3xxx/CVE-2017-3049.json index 1f10cda605d..7359e1dd3f3 100644 --- a/2017/3xxx/CVE-2017-3049.json +++ b/2017/3xxx/CVE-2017-3049.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3049", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to internal tile manipulation in TIFF files. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" - }, - { - "name" : "97549", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97549" - }, - { - "name" : "1038228", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to internal tile manipulation in TIFF files. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038228", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038228" + }, + { + "name": "97549", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97549" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3097.json b/2017/3xxx/CVE-2017-3097.json index 2d8c4ae7822..62ff3ea70b3 100644 --- a/2017/3xxx/CVE-2017-3097.json +++ b/2017/3xxx/CVE-2017-3097.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Digital Editions 4.5.4 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Digital Editions 4.5.4 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading functions in the installer plugin. A successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insecure Library Loading (DLL hijacking)" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Digital Editions 4.5.4 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Digital Editions 4.5.4 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html" - }, - { - "name" : "99024", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99024" - }, - { - "name" : "1038658", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The vulnerability is due to unsafe library loading functions in the installer plugin. A successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Library Loading (DLL hijacking)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99024", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99024" + }, + { + "name": "1038658", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038658" + }, + { + "name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3705.json b/2017/3xxx/CVE-2017-3705.json index f8636e8546e..49f3eb8994d 100644 --- a/2017/3xxx/CVE-2017-3705.json +++ b/2017/3xxx/CVE-2017-3705.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3705", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3705", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7569.json b/2017/7xxx/CVE-2017-7569.json index de9fdf131fa..e8e9689fad0 100644 --- a/2017/7xxx/CVE-2017-7569.json +++ b/2017/7xxx/CVE-2017-7569.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4367744-vbulletin-5-3-0-connect-is-now-available", - "refsource" : "CONFIRM", - "url" : "https://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4367744-vbulletin-5-3-0-connect-is-now-available" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4367744-vbulletin-5-3-0-connect-is-now-available", + "refsource": "CONFIRM", + "url": "https://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4367744-vbulletin-5-3-0-connect-is-now-available" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8388.json b/2017/8xxx/CVE-2017-8388.json index df1c7142c2d..99eb8ace390 100644 --- a/2017/8xxx/CVE-2017-8388.json +++ b/2017/8xxx/CVE-2017-8388.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSG_USER_EMAIL_EXIST protection mechanism via a register.php?act=edit&id=1 request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/semplon/GeniXCMS/issues/72", - "refsource" : "MISC", - "url" : "https://github.com/semplon/GeniXCMS/issues/72" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSG_USER_EMAIL_EXIST protection mechanism via a register.php?act=edit&id=1 request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/semplon/GeniXCMS/issues/72", + "refsource": "MISC", + "url": "https://github.com/semplon/GeniXCMS/issues/72" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8452.json b/2017/8xxx/CVE-2017-8452.json index 8f60d4b6ee2..33d8250d030 100644 --- a/2017/8xxx/CVE-2017-8452.json +++ b/2017/8xxx/CVE-2017-8452.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@elastic.co", - "ID" : "CVE-2017-8452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kibana", - "version" : { - "version_data" : [ - { - "version_value" : "before 5.2.1" - } - ] - } - } - ] - }, - "vendor_name" : "Elastic" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-775: Missing Release of File Descriptor or Handle after Effective Lifetime" - } + "CVE_data_meta": { + "ASSIGNER": "security@elastic.co", + "ID": "CVE-2017-8452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kibana", + "version": { + "version_data": [ + { + "version_value": "before 5.2.1" + } + ] + } + } + ] + }, + "vendor_name": "Elastic" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.elastic.co/community/security", - "refsource" : "CONFIRM", - "url" : "https://www.elastic.co/community/security" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-775: Missing Release of File Descriptor or Handle after Effective Lifetime" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.elastic.co/community/security", + "refsource": "CONFIRM", + "url": "https://www.elastic.co/community/security" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8615.json b/2017/8xxx/CVE-2017-8615.json index 28fa3d81d2f..876b1a00e6a 100644 --- a/2017/8xxx/CVE-2017-8615.json +++ b/2017/8xxx/CVE-2017-8615.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8615", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8615", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8786.json b/2017/8xxx/CVE-2017-8786.json index 4033ce31aae..d7dadc15779 100644 --- a/2017/8xxx/CVE-2017-8786.json +++ b/2017/8xxx/CVE-2017-8786.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8786", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/" - }, - { - "name" : "https://bugs.exim.org/show_bug.cgi?id=2079", - "refsource" : "MISC", - "url" : "https://bugs.exim.org/show_bug.cgi?id=2079" - }, - { - "name" : "https://vcs.pcre.org/pcre2?view=revision&revision=696", - "refsource" : "MISC", - "url" : "https://vcs.pcre.org/pcre2?view=revision&revision=696" - }, - { - "name" : "https://vcs.pcre.org/pcre2?view=revision&revision=697", - "refsource" : "MISC", - "url" : "https://vcs.pcre.org/pcre2?view=revision&revision=697" - }, - { - "name" : "GLSA-201710-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-09" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201710-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-09" + }, + { + "name": "https://vcs.pcre.org/pcre2?view=revision&revision=697", + "refsource": "MISC", + "url": "https://vcs.pcre.org/pcre2?view=revision&revision=697" + }, + { + "name": "https://vcs.pcre.org/pcre2?view=revision&revision=696", + "refsource": "MISC", + "url": "https://vcs.pcre.org/pcre2?view=revision&revision=696" + }, + { + "name": "https://bugs.exim.org/show_bug.cgi?id=2079", + "refsource": "MISC", + "url": "https://bugs.exim.org/show_bug.cgi?id=2079" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8858.json b/2017/8xxx/CVE-2017-8858.json index 5a0041e8f41..c839a800fd3 100644 --- a/2017/8xxx/CVE-2017-8858.json +++ b/2017/8xxx/CVE-2017-8858.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3", - "refsource" : "CONFIRM", - "url" : "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3" - }, - { - "name" : "98381", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98381" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier, there is unauthenticated privileged remote file write using the 'bprd' process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3", + "refsource": "CONFIRM", + "url": "https://www.veritas.com/content/support/en_US/security/VTS17-004.html#Issue3" + }, + { + "name": "98381", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98381" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10513.json b/2018/10xxx/CVE-2018-10513.json index 6172d4853c6..6d3630e49d9 100644 --- a/2018/10xxx/CVE-2018-10513.json +++ b/2018/10xxx/CVE-2018-10513.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2018-10513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Security (Consumer)", - "version" : { - "version_data" : [ - { - "version_value" : "12.0 (2018)" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2018-10513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Security (Consumer)", + "version": { + "version_data": [ + { + "version_value": "12.0 (2018)" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-961/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-961/" - }, - { - "name" : "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx", - "refsource" : "CONFIRM", - "url" : "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Deserialization of Untrusted Data Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx", + "refsource": "CONFIRM", + "url": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-961/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-961/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10862.json b/2018/10xxx/CVE-2018-10862.json index 25887abe246..18326c11d5b 100644 --- a/2018/10xxx/CVE-2018-10862.json +++ b/2018/10xxx/CVE-2018-10862.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2018-10862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://snyk.io/research/zip-slip-vulnerability", - "refsource" : "MISC", - "url" : "https://snyk.io/research/zip-slip-vulnerability" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862" - }, - { - "name" : "RHSA-2018:2276", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2276" - }, - { - "name" : "RHSA-2018:2277", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2277" - }, - { - "name" : "RHSA-2018:2279", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2279" - }, - { - "name" : "RHSA-2018:2423", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2423" - }, - { - "name" : "RHSA-2018:2424", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2424" - }, - { - "name" : "RHSA-2018:2425", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2425" - }, - { - "name" : "RHSA-2018:2428", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2428" - }, - { - "name" : "RHSA-2018:2643", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://snyk.io/research/zip-slip-vulnerability", + "refsource": "MISC", + "url": "https://snyk.io/research/zip-slip-vulnerability" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10862" + }, + { + "name": "RHSA-2018:2428", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2428" + }, + { + "name": "RHSA-2018:2643", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2643" + }, + { + "name": "RHSA-2018:2279", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2279" + }, + { + "name": "RHSA-2018:2424", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2424" + }, + { + "name": "RHSA-2018:2276", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2276" + }, + { + "name": "RHSA-2018:2423", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2423" + }, + { + "name": "RHSA-2018:2425", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2425" + }, + { + "name": "RHSA-2018:2277", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2277" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10896.json b/2018/10xxx/CVE-2018-10896.json index 08f00d6e50b..cdd55772319 100644 --- a/2018/10xxx/CVE-2018-10896.json +++ b/2018/10xxx/CVE-2018-10896.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psampaio@redhat.com", - "ID" : "CVE-2018-10896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "cloud-init", - "version" : { - "version_data" : [ - { - "version_value" : "0.6.2" - } - ] - } - } - ] - }, - "vendor_name" : "Canonical" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default cloud-init configuration, in cloud-init 0.6.2 and newer, included \"ssh_deletekeys: 0\", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "4.6/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-321" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "cloud-init", + "version": { + "version_data": [ + { + "version_value": "0.6.2" + } + ] + } + } + ] + }, + "vendor_name": "Canonical" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/cloud-init/+bug/1781094", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/cloud-init/+bug/1781094" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1574338", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1574338" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10896", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10896" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default cloud-init configuration, in cloud-init 0.6.2 and newer, included \"ssh_deletekeys: 0\", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.6/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-321" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10896", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10896" + }, + { + "name": "https://bugs.launchpad.net/cloud-init/+bug/1781094", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/cloud-init/+bug/1781094" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1574338", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574338" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10960.json b/2018/10xxx/CVE-2018-10960.json index 0b8fb7a5319..05f0b98569b 100644 --- a/2018/10xxx/CVE-2018-10960.json +++ b/2018/10xxx/CVE-2018-10960.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10960", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10960", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12527.json b/2018/12xxx/CVE-2018-12527.json index 3e00cee5e68..7b324a4283b 100644 --- a/2018/12xxx/CVE-2018-12527.json +++ b/2018/12xxx/CVE-2018-12527.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12527", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12527", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12778.json b/2018/12xxx/CVE-2018-12778.json index d51c32dfd15..87fb7e24b4c 100644 --- a/2018/12xxx/CVE-2018-12778.json +++ b/2018/12xxx/CVE-2018-12778.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12778", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html" - }, - { - "name" : "105358", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105358" - }, - { - "name" : "1041702", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041702" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html" + }, + { + "name": "105358", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105358" + }, + { + "name": "1041702", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041702" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12936.json b/2018/12xxx/CVE-2018-12936.json index 8cda2918dd7..808c48104a8 100644 --- a/2018/12xxx/CVE-2018-12936.json +++ b/2018/12xxx/CVE-2018-12936.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12936", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12936", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12962.json b/2018/12xxx/CVE-2018-12962.json index be5dc2f73d0..722e9ad1bb6 100644 --- a/2018/12xxx/CVE-2018-12962.json +++ b/2018/12xxx/CVE-2018-12962.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12962", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12962", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13139.json b/2018/13xxx/CVE-2018-13139.json index 4816cb179e1..b0da710cdf5 100644 --- a/2018/13xxx/CVE-2018-13139.json +++ b/2018/13xxx/CVE-2018-13139.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" - }, - { - "name" : "https://github.com/erikd/libsndfile/issues/397", - "refsource" : "MISC", - "url" : "https://github.com/erikd/libsndfile/issues/397" - }, - { - "name" : "GLSA-201811-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-23" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" + }, + { + "name": "https://github.com/erikd/libsndfile/issues/397", + "refsource": "MISC", + "url": "https://github.com/erikd/libsndfile/issues/397" + }, + { + "name": "GLSA-201811-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-23" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13187.json b/2018/13xxx/CVE-2018-13187.json index a3a19f115d8..fdce70746ec 100644 --- a/2018/13xxx/CVE-2018-13187.json +++ b/2018/13xxx/CVE-2018-13187.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13187", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for CIBN Live Token (CIBN LIVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13187", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CIBNLiveInteractiveToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CIBNLiveInteractiveToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for CIBN Live Token (CIBN LIVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CIBNLiveInteractiveToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CIBNLiveInteractiveToken" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13507.json b/2018/13xxx/CVE-2018-13507.json index 232ed45d19f..924db817696 100644 --- a/2018/13xxx/CVE-2018-13507.json +++ b/2018/13xxx/CVE-2018-13507.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for SLCAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SLCAdvancedToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SLCAdvancedToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for SLCAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SLCAdvancedToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SLCAdvancedToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13558.json b/2018/13xxx/CVE-2018-13558.json index e7945515c29..61ed8fd3494 100644 --- a/2018/13xxx/CVE-2018-13558.json +++ b/2018/13xxx/CVE-2018-13558.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for rhovit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/rhovit", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/rhovit" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for rhovit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/rhovit", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/rhovit" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13657.json b/2018/13xxx/CVE-2018-13657.json index e4121e7177c..46d0114cb5f 100644 --- a/2018/13xxx/CVE-2018-13657.json +++ b/2018/13xxx/CVE-2018-13657.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for Rice, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Rice", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Rice" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for Rice, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Rice", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Rice" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16706.json b/2018/16xxx/CVE-2018-16706.json index f3fc9932663..e3e86189f95 100644 --- a/2018/16xxx/CVE-2018-16706.json +++ b/2018/16xxx/CVE-2018-16706.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html", - "refsource" : "MISC", - "url" : "http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LG SuperSign CMS allows TVs to be rebooted remotely without authentication via a direct HTTP request to /qsr_server/device/reboot on port 9080." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html", + "refsource": "MISC", + "url": "http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17891.json b/2018/17xxx/CVE-2018-17891.json index 5b1132f8053..351a975ee05 100644 --- a/2018/17xxx/CVE-2018-17891.json +++ b/2018/17xxx/CVE-2018-17891.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-10-04T00:00:00", - "ID" : "CVE-2018-17891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Vue RIS", - "version" : { - "version_data" : [ - { - "version_value" : "RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5" - } - ] - } - } - ] - }, - "vendor_name" : "Carestream" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "INFORMATION EXPOSURE THROUGH AN ERROR MESSAGE CWE-209" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-10-04T00:00:00", + "ID": "CVE-2018-17891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Vue RIS", + "version": { + "version_data": [ + { + "version_value": "RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5" + } + ] + } + } + ] + }, + "vendor_name": "Carestream" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "INFORMATION EXPOSURE THROUGH AN ERROR MESSAGE CWE-209" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-277-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17979.json b/2018/17xxx/CVE-2018-17979.json index 059c21ad3b9..5d4a900e38d 100644 --- a/2018/17xxx/CVE-2018-17979.json +++ b/2018/17xxx/CVE-2018-17979.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17979", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17979", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file