diff --git a/2003/0xxx/CVE-2003-0142.json b/2003/0xxx/CVE-2003-0142.json index 1048cb38249..1241bc35ef7 100644 --- a/2003/0xxx/CVE-2003-0142.json +++ b/2003/0xxx/CVE-2003-0142.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader (acroread) 6, under certain circumstances when running with the \"Certified plug-ins only\" option disabled, loads plug-ins with signatures used for older versions of Acrobat, which can allow attackers to cause Acrobat to enter Certified mode and run untrusted plugins by modifying the CTIsCertifiedMode function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030708 Adobe Acrobat and PDF security: no improvements for 2 years", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/328224" - }, - { - "name" : "VU#689835", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/689835" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader (acroread) 6, under certain circumstances when running with the \"Certified plug-ins only\" option disabled, loads plug-ins with signatures used for older versions of Acrobat, which can allow attackers to cause Acrobat to enter Certified mode and run untrusted plugins by modifying the CTIsCertifiedMode function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030708 Adobe Acrobat and PDF security: no improvements for 2 years", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/328224" + }, + { + "name": "VU#689835", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/689835" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0236.json b/2003/0xxx/CVE-2003-0236.json index 0e3cdcfe22f..2c5a3ec681b 100644 --- a/2003/0xxx/CVE-2003-0236.json +++ b/2003/0xxx/CVE-2003-0236.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html" - }, - { - "name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105216842131995&w=2" - }, - { - "name" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10" - }, - { - "name" : "7462", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7462" - }, - { - "name" : "7463", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7463" - }, - { - "name" : "icq-pop3-email-bo(11939)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "icq-pop3-email-bo(11939)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11939" + }, + { + "name": "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html" + }, + { + "name": "7462", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7462" + }, + { + "name": "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10", + "refsource": "MISC", + "url": "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10" + }, + { + "name": "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105216842131995&w=2" + }, + { + "name": "7463", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7463" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0490.json b/2003/0xxx/CVE-2003-0490.json index a97d77fd840..44e75f84db1 100644 --- a/2003/0xxx/CVE-2003-0490.json +++ b/2003/0xxx/CVE-2003-0490.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0490", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, and possibly other versions, creates critical directories and files with world-writable permissions, which allows local users to gain privileges as other users by replacing programs with malicious code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030616 Dantz Retrospect Client 5.0.540 for Mac OS X - permission issues", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105579526026992&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, and possibly other versions, creates critical directories and files with world-writable permissions, which allows local users to gain privileges as other users by replacing programs with malicious code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030616 Dantz Retrospect Client 5.0.540 for Mac OS X - permission issues", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105579526026992&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0548.json b/2003/0xxx/CVE-2003-0548.json index e10d0bc83e5..32e211b0d7d 100644 --- a/2003/0xxx/CVE-2003-0548.json +++ b/2003/0xxx/CVE-2003-0548.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html", - "refsource" : "CONFIRM", - "url" : "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html" - }, - { - "name" : "RHSA-2003:258", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-258.html" - }, - { - "name" : "RHSA-2003:259", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-259.html" - }, - { - "name" : "CLA-2003:729", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729" - }, - { - "name" : "oval:org.mitre.oval:def:113", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A113" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CLA-2003:729", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729" + }, + { + "name": "RHSA-2003:258", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-258.html" + }, + { + "name": "oval:org.mitre.oval:def:113", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A113" + }, + { + "name": "RHSA-2003:259", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-259.html" + }, + { + "name": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html", + "refsource": "CONFIRM", + "url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1270.json b/2003/1xxx/CVE-2003-1270.json index 5b7f78d1a23..c1ce8ed33bc 100644 --- a/2003/1xxx/CVE-2003-1270.json +++ b/2003/1xxx/CVE-2003-1270.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AN HTTP 1.41e allows remote attackers to cause a denial of service (borken pipe) via an HTTP request to aux.cgi with a long argument, possibly triggering a buffer overflow or MS-DOS device vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030104 AN HTTPd v.1.41e: DoS, CSS, real patch attack", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/305234" - }, - { - "name" : "an-http-script-dos(10978)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10978.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AN HTTP 1.41e allows remote attackers to cause a denial of service (borken pipe) via an HTTP request to aux.cgi with a long argument, possibly triggering a buffer overflow or MS-DOS device vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030104 AN HTTPd v.1.41e: DoS, CSS, real patch attack", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/305234" + }, + { + "name": "an-http-script-dos(10978)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10978.php" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1390.json b/2003/1xxx/CVE-2003-1390.json index db199548331..63215c2bf57 100644 --- a/2003/1xxx/CVE-2003-1390.json +++ b/2003/1xxx/CVE-2003-1390.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byte passphrase in plaintext, which makes it easier for local users to guess the passphrase." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030210 RTS CryptoBuddy Multiple Encryption Implementation Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/311176" - }, - { - "name" : "cryptobuddy-plaintext-password-bytes(11297)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11297" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byte passphrase in plaintext, which makes it easier for local users to guess the passphrase." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cryptobuddy-plaintext-password-bytes(11297)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11297" + }, + { + "name": "20030210 RTS CryptoBuddy Multiple Encryption Implementation Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/311176" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1599.json b/2003/1xxx/CVE-2003-1599.json index c6a9532008a..ee464e570e4 100644 --- a/2003/1xxx/CVE-2003-1599.json +++ b/2003/1xxx/CVE-2003-1599.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2003-1599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120106 Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/01/06/3" - }, - { - "name" : "http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt", - "refsource" : "MISC", - "url" : "http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt" - }, - { - "name" : "7785", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7785" - }, - { - "name" : "4611", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4611" - }, - { - "name" : "wordpress-linksall-file-include(12205)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wordpress-linksall-file-include(12205)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12205" + }, + { + "name": "http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt", + "refsource": "MISC", + "url": "http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt" + }, + { + "name": "[oss-security] 20120106 Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/01/06/3" + }, + { + "name": "7785", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7785" + }, + { + "name": "4611", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4611" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0021.json b/2004/0xxx/CVE-2004-0021.json index 23c76b18762..e4595bb9ea8 100644 --- a/2004/0xxx/CVE-2004-0021.json +++ b/2004/0xxx/CVE-2004-0021.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0021", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0021", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0166.json b/2004/0xxx/CVE-2004-0166.json index a979697f84e..8b5d1d863be 100644 --- a/2004/0xxx/CVE-2004-0166.json +++ b/2004/0xxx/CVE-2004-0166.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to \"the display of URLs in the status bar.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2004-02-23", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html" - }, - { - "name" : "VU#194238", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/194238" - }, - { - "name" : "10959", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10959" - }, - { - "name" : "macosx-safari-unknown(14993)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14993" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to \"the display of URLs in the status bar.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10959", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10959" + }, + { + "name": "VU#194238", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/194238" + }, + { + "name": "macosx-safari-unknown(14993)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14993" + }, + { + "name": "APPLE-SA-2004-02-23", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0350.json b/2004/0xxx/CVE-2004-0350.json index 0cdb16026c1..490000eadc4 100644 --- a/2004/0xxx/CVE-2004-0350.json +++ b/2004/0xxx/CVE-2004-0350.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SpiderSales shopping cart does not enforce a minimum length for the private key, which can make it easier for local users to obtain the private key by factoring." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040303 Spider Sales shopping cart software multiple security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107833097705486&w=2" - }, - { - "name" : "20040303 Spider Sales shopping cart software multiple security vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018177.html" - }, - { - "name" : "http://www.s-quadra.com/advisories/Adv-20040303.txt", - "refsource" : "MISC", - "url" : "http://www.s-quadra.com/advisories/Adv-20040303.txt" - }, - { - "name" : "spidersales-weak-encryption(15370)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15370" - }, - { - "name" : "9799", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9799" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SpiderSales shopping cart does not enforce a minimum length for the private key, which can make it easier for local users to obtain the private key by factoring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040303 Spider Sales shopping cart software multiple security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107833097705486&w=2" + }, + { + "name": "20040303 Spider Sales shopping cart software multiple security vulnerabilities", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018177.html" + }, + { + "name": "spidersales-weak-encryption(15370)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15370" + }, + { + "name": "9799", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9799" + }, + { + "name": "http://www.s-quadra.com/advisories/Adv-20040303.txt", + "refsource": "MISC", + "url": "http://www.s-quadra.com/advisories/Adv-20040303.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2235.json b/2004/2xxx/CVE-2004-2235.json index 1b87b28bc5a..a55ce6a19c2 100644 --- a/2004/2xxx/CVE-2004-2235.json +++ b/2004/2xxx/CVE-2004-2235.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Moodle before 1.2 has unknown impact and attack vectors, related to improper filtering of text." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://moodle.org/doc/?file=releaseold.html", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/doc/?file=releaseold.html" - }, - { - "name" : "7711", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Moodle before 1.2 has unknown impact and attack vectors, related to improper filtering of text." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://moodle.org/doc/?file=releaseold.html", + "refsource": "CONFIRM", + "url": "http://moodle.org/doc/?file=releaseold.html" + }, + { + "name": "7711", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7711" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2500.json b/2004/2xxx/CVE-2004-2500.json index 1dc149a81cd..403c5cceec8 100644 --- a/2004/2xxx/CVE-2004-2500.json +++ b/2004/2xxx/CVE-2004-2500.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=54027&release_id=288409", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=54027&release_id=288409" - }, - { - "name" : "11872", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11872" - }, - { - "name" : "12292", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/12292" - }, - { - "name" : "13413", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13413" - }, - { - "name" : "Ilohamail(18426)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11872", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11872" + }, + { + "name": "13413", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13413" + }, + { + "name": "12292", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/12292" + }, + { + "name": "Ilohamail(18426)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18426" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=54027&release_id=288409", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=54027&release_id=288409" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2651.json b/2004/2xxx/CVE-2004-2651.json index 07bca947f1c..25aa9182b07 100644 --- a/2004/2xxx/CVE-2004-2651.json +++ b/2004/2xxx/CVE-2004-2651.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in YaCy before 0.32 allow remote attackers to inject arbitrary web script or HTML via the (1) urlmaskfilter parameter to index.html or the (2) page parameter to Wiki.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041224 XSS in yacy 0.31", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-12/0413.html" - }, - { - "name" : "http://www.yacy.net/yacy/News.html", - "refsource" : "CONFIRM", - "url" : "http://www.yacy.net/yacy/News.html" - }, - { - "name" : "12104", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12104" - }, - { - "name" : "12629", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/12629" - }, - { - "name" : "12630", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/12630" - }, - { - "name" : "1012686", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012686" - }, - { - "name" : "yacy-index-xss(18688)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18688" - }, - { - "name" : "yacy-wiki-xss(18690)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18690" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in YaCy before 0.32 allow remote attackers to inject arbitrary web script or HTML via the (1) urlmaskfilter parameter to index.html or the (2) page parameter to Wiki.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1012686", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012686" + }, + { + "name": "12630", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/12630" + }, + { + "name": "12629", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/12629" + }, + { + "name": "20041224 XSS in yacy 0.31", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-12/0413.html" + }, + { + "name": "yacy-index-xss(18688)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18688" + }, + { + "name": "http://www.yacy.net/yacy/News.html", + "refsource": "CONFIRM", + "url": "http://www.yacy.net/yacy/News.html" + }, + { + "name": "yacy-wiki-xss(18690)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18690" + }, + { + "name": "12104", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12104" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2753.json b/2004/2xxx/CVE-2004-2753.json index d14a8da002c..5065016a11c 100644 --- a/2004/2xxx/CVE-2004-2753.json +++ b/2004/2xxx/CVE-2004-2753.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and B.11.22 allows local users to access unspecified files or cause a denial of service via unknown vectors related to handling of \"files in a potentially insecure manner.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX0401-307", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0401-307" - }, - { - "name" : "SSRT3476", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0401-307" - }, - { - "name" : "O-058", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-058.shtml" - }, - { - "name" : "9420", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9420" - }, - { - "name" : "1008712", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1008712" - }, - { - "name" : "10657", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10657" - }, - { - "name" : "hp-sharedx-insecure-files(14838)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and B.11.22 allows local users to access unspecified files or cause a denial of service via unknown vectors related to handling of \"files in a potentially insecure manner.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT3476", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0401-307" + }, + { + "name": "1008712", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1008712" + }, + { + "name": "O-058", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-058.shtml" + }, + { + "name": "9420", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9420" + }, + { + "name": "HPSBUX0401-307", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0401-307" + }, + { + "name": "10657", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10657" + }, + { + "name": "hp-sharedx-insecure-files(14838)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14838" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2032.json b/2008/2xxx/CVE-2008-2032.json index 55aedf7b747..eee8eeffcf8 100644 --- a/2008/2xxx/CVE-2008-2032.json +++ b/2008/2xxx/CVE-2008-2032.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2032", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FTP service in Acritum Femitter Server 1.03 allows remote attackers to cause a denial of service (crash) by sending multiple crafted RETR commands. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2032", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "28973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28973" - }, - { - "name" : "29967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29967" - }, - { - "name" : "femitterserver-ftp-dos(42075)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42075" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FTP service in Acritum Femitter Server 1.03 allows remote attackers to cause a denial of service (crash) by sending multiple crafted RETR commands. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "femitterserver-ftp-dos(42075)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42075" + }, + { + "name": "28973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28973" + }, + { + "name": "29967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29967" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2081.json b/2008/2xxx/CVE-2008-2081.json index 9bbb8cc7fb6..df4ef85e3c9 100644 --- a/2008/2xxx/CVE-2008-2081.json +++ b/2008/2xxx/CVE-2008-2081.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in Siteman 2.0.x2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5499", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5499" - }, - { - "name" : "http://ircrash.com/english/index.php?topic=29.0", - "refsource" : "MISC", - "url" : "http://ircrash.com/english/index.php?topic=29.0" - }, - { - "name" : "28943", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28943" - }, - { - "name" : "siteman-index-directory-travesal(42021)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42021" - }, - { - "name" : "siteman-admin-code-execution(42022)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in Siteman 2.0.x2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28943", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28943" + }, + { + "name": "siteman-admin-code-execution(42022)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42022" + }, + { + "name": "5499", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5499" + }, + { + "name": "http://ircrash.com/english/index.php?topic=29.0", + "refsource": "MISC", + "url": "http://ircrash.com/english/index.php?topic=29.0" + }, + { + "name": "siteman-index-directory-travesal(42021)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42021" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2267.json b/2008/2xxx/CVE-2008-2267.json index 194a5fc473a..b617970420d 100644 --- a/2008/2xxx/CVE-2008-2267.json +++ b/2008/2xxx/CVE-2008-2267.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incomplete blacklist vulnerability in javaUpload.php in Postlet in the FileManager module in CMS Made Simple 1.2.4 and earlier allows remote attackers to execute arbitrary code by uploading a file with a name ending in (1) .jsp, (2) .php3, (3) .cgi, (4) .dhtml, (5) .phtml, (6) .php5, or (7) .jar, then accessing it via a direct request to the file in modules/FileManager/postlet/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5600", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5600" - }, - { - "name" : "http://blog.cmsmadesimple.org/2008/05/12/announcing-cms-made-simple-125/", - "refsource" : "CONFIRM", - "url" : "http://blog.cmsmadesimple.org/2008/05/12/announcing-cms-made-simple-125/" - }, - { - "name" : "20080514 PHP File Upload Vulnerability with extra Extension", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2008-May/001978.html" - }, - { - "name" : "29170", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29170" - }, - { - "name" : "30208", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30208" - }, - { - "name" : "cmsmadesimple-javaupload-file-upload(42371)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42371" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incomplete blacklist vulnerability in javaUpload.php in Postlet in the FileManager module in CMS Made Simple 1.2.4 and earlier allows remote attackers to execute arbitrary code by uploading a file with a name ending in (1) .jsp, (2) .php3, (3) .cgi, (4) .dhtml, (5) .phtml, (6) .php5, or (7) .jar, then accessing it via a direct request to the file in modules/FileManager/postlet/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cmsmadesimple-javaupload-file-upload(42371)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42371" + }, + { + "name": "29170", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29170" + }, + { + "name": "30208", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30208" + }, + { + "name": "5600", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5600" + }, + { + "name": "20080514 PHP File Upload Vulnerability with extra Extension", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2008-May/001978.html" + }, + { + "name": "http://blog.cmsmadesimple.org/2008/05/12/announcing-cms-made-simple-125/", + "refsource": "CONFIRM", + "url": "http://blog.cmsmadesimple.org/2008/05/12/announcing-cms-made-simple-125/" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2354.json b/2008/2xxx/CVE-2008-2354.json index f6239b490ed..5d2f76f0c48 100644 --- a/2008/2xxx/CVE-2008-2354.json +++ b/2008/2xxx/CVE-2008-2354.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2354", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the data export function in testMaker before 3.0p10 allows test authors to obtain access to export data via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=194778&release_id=599729", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=194778&release_id=599729" - }, - { - "name" : "29273", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29273" - }, - { - "name" : "30251", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30251" - }, - { - "name" : "testmaker-dataexport-information-disclosure(42499)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the data export function in testMaker before 3.0p10 allows test authors to obtain access to export data via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "testmaker-dataexport-information-disclosure(42499)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42499" + }, + { + "name": "29273", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29273" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=194778&release_id=599729", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=194778&release_id=599729" + }, + { + "name": "30251", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30251" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2543.json b/2008/2xxx/CVE-2008-2543.json index fa4a38ddbb1..493de6f2180 100644 --- a/2008/2xxx/CVE-2008-2543.json +++ b/2008/2xxx/CVE-2008-2543.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080604 AST-2008-009: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493122/100/0/threaded" - }, - { - "name" : "20080604 AST-2008-009: (Corrected subject) Remote crash vulnerability in ooh323 channel driver", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493144/100/0/threaded" - }, - { - "name" : "http://downloads.digium.com/pub/security/AST-2008-009.html", - "refsource" : "CONFIRM", - "url" : "http://downloads.digium.com/pub/security/AST-2008-009.html" - }, - { - "name" : "29567", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29567" - }, - { - "name" : "ADV-2008-1747", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1747/references" - }, - { - "name" : "1020202", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020202" - }, - { - "name" : "30555", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30555" - }, - { - "name" : "asterisk-addons-ooh323-dos(42869)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and Asterisk-Addons 1.4.x before 1.4.7 creates a remotely accessible TCP port that is intended solely for localhost communication, and interprets some TCP application-data fields as addresses of memory to free, which allows remote attackers to cause a denial of service (daemon crash) via crafted TCP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://downloads.digium.com/pub/security/AST-2008-009.html", + "refsource": "CONFIRM", + "url": "http://downloads.digium.com/pub/security/AST-2008-009.html" + }, + { + "name": "29567", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29567" + }, + { + "name": "1020202", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020202" + }, + { + "name": "ADV-2008-1747", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1747/references" + }, + { + "name": "asterisk-addons-ooh323-dos(42869)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42869" + }, + { + "name": "30555", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30555" + }, + { + "name": "20080604 AST-2008-009: (Corrected subject) Remote crash vulnerability in ooh323 channel driver", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493144/100/0/threaded" + }, + { + "name": "20080604 AST-2008-009: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493122/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2850.json b/2008/2xxx/CVE-2008-2850.json index fcebcdd80a3..9fa0f37111c 100644 --- a/2008/2xxx/CVE-2008-2850.json +++ b/2008/2xxx/CVE-2008-2850.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified cookies, related to improper use of the Drupal database API." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/272191", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/272191" - }, - { - "name" : "29807", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29807" - }, - { - "name" : "30764", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30764" - }, - { - "name" : "trailscout-cookies-sql-injection(43169)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified cookies, related to improper use of the Drupal database API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29807", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29807" + }, + { + "name": "trailscout-cookies-sql-injection(43169)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43169" + }, + { + "name": "http://drupal.org/node/272191", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/272191" + }, + { + "name": "30764", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30764" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0436.json b/2012/0xxx/CVE-2012-0436.json index d30ae7edab7..4b377585c07 100644 --- a/2012/0xxx/CVE-2012-0436.json +++ b/2012/0xxx/CVE-2012-0436.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0436", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0436", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1069.json b/2012/1xxx/CVE-2012-1069.json index f03d2945342..1b211eebc52 100644 --- a/2012/1xxx/CVE-2012-1069.json +++ b/2012/1xxx/CVE-2012-1069.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1069", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in module/kb/search_word in the search module in lknSupport allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1069", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dl.packetstormsecurity.net/1202-exploits/iknsupport-xss.txt", - "refsource" : "MISC", - "url" : "http://dl.packetstormsecurity.net/1202-exploits/iknsupport-xss.txt" - }, - { - "name" : "51803", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51803" - }, - { - "name" : "lknsupport-search-xss(72926)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in module/kb/search_word in the search module in lknSupport allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lknsupport-search-xss(72926)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72926" + }, + { + "name": "51803", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51803" + }, + { + "name": "http://dl.packetstormsecurity.net/1202-exploits/iknsupport-xss.txt", + "refsource": "MISC", + "url": "http://dl.packetstormsecurity.net/1202-exploits/iknsupport-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1426.json b/2012/1xxx/CVE-2012-1426.json index bef33d2957c..ce847e6bcbd 100644 --- a/2012/1xxx/CVE-2012-1426.json +++ b/2012/1xxx/CVE-2012-1426.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, K7 AntiVirus 9.77.3565, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \\42\\5A\\68 character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/522005" - }, - { - "name" : "http://www.ieee-security.org/TC/SP2012/program.html", - "refsource" : "MISC", - "url" : "http://www.ieee-security.org/TC/SP2012/program.html" - }, - { - "name" : "52585", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52585" - }, - { - "name" : "80406", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80406" - }, - { - "name" : "80407", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80407" - }, - { - "name" : "80409", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80409" - }, - { - "name" : "multiple-av-tar-evasion-cve20121426(74241)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, K7 AntiVirus 9.77.3565, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \\42\\5A\\68 character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "80406", + "refsource": "OSVDB", + "url": "http://osvdb.org/80406" + }, + { + "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/522005" + }, + { + "name": "80409", + "refsource": "OSVDB", + "url": "http://osvdb.org/80409" + }, + { + "name": "52585", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52585" + }, + { + "name": "http://www.ieee-security.org/TC/SP2012/program.html", + "refsource": "MISC", + "url": "http://www.ieee-security.org/TC/SP2012/program.html" + }, + { + "name": "80407", + "refsource": "OSVDB", + "url": "http://osvdb.org/80407" + }, + { + "name": "multiple-av-tar-evasion-cve20121426(74241)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74241" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1459.json b/2012/1xxx/CVE-2012-1459.json index 2b453c38411..814e5ae9a1e 100644 --- a/2012/1xxx/CVE-2012-1459.json +++ b/2012/1xxx/CVE-2012-1459.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/522005" - }, - { - "name" : "http://www.ieee-security.org/TC/SP2012/program.html", - "refsource" : "MISC", - "url" : "http://www.ieee-security.org/TC/SP2012/program.html" - }, - { - "name" : "MDVSA-2012:094", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094" - }, - { - "name" : "openSUSE-SU-2012:0833", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html" - }, - { - "name" : "52623", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52623" - }, - { - "name" : "80389", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80389" - }, - { - "name" : "80390", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80390" - }, - { - "name" : "80391", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80391" - }, - { - "name" : "80392", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80392" - }, - { - "name" : "80393", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80393" - }, - { - "name" : "80395", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80395" - }, - { - "name" : "80396", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80396" - }, - { - "name" : "80403", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80403" - }, - { - "name" : "80406", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80406" - }, - { - "name" : "80407", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80407" - }, - { - "name" : "80409", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80409" - }, - { - "name" : "multiple-av-tar-header-evasion(74302)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2012:0833", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html" + }, + { + "name": "80406", + "refsource": "OSVDB", + "url": "http://osvdb.org/80406" + }, + { + "name": "80393", + "refsource": "OSVDB", + "url": "http://osvdb.org/80393" + }, + { + "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/522005" + }, + { + "name": "80403", + "refsource": "OSVDB", + "url": "http://osvdb.org/80403" + }, + { + "name": "80389", + "refsource": "OSVDB", + "url": "http://osvdb.org/80389" + }, + { + "name": "80391", + "refsource": "OSVDB", + "url": "http://osvdb.org/80391" + }, + { + "name": "80409", + "refsource": "OSVDB", + "url": "http://osvdb.org/80409" + }, + { + "name": "80396", + "refsource": "OSVDB", + "url": "http://osvdb.org/80396" + }, + { + "name": "multiple-av-tar-header-evasion(74302)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302" + }, + { + "name": "80392", + "refsource": "OSVDB", + "url": "http://osvdb.org/80392" + }, + { + "name": "http://www.ieee-security.org/TC/SP2012/program.html", + "refsource": "MISC", + "url": "http://www.ieee-security.org/TC/SP2012/program.html" + }, + { + "name": "80390", + "refsource": "OSVDB", + "url": "http://osvdb.org/80390" + }, + { + "name": "MDVSA-2012:094", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:094" + }, + { + "name": "80407", + "refsource": "OSVDB", + "url": "http://osvdb.org/80407" + }, + { + "name": "80395", + "refsource": "OSVDB", + "url": "http://osvdb.org/80395" + }, + { + "name": "52623", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52623" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1857.json b/2012/1xxx/CVE-2012-1857.json index be48e8611ac..32cc216befe 100644 --- a/2012/1xxx/CVE-2012-1857.json +++ b/2012/1xxx/CVE-2012-1857.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1857", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka \"Dynamics AX Enterprise Portal XSS Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-1857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-040", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-040" - }, - { - "name" : "TA12-164A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-164A.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka \"Dynamics AX Enterprise Portal XSS Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-164A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html" + }, + { + "name": "MS12-040", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-040" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5095.json b/2012/5xxx/CVE-2012-5095.json index db69f0e837d..688a14b4c96 100644 --- a/2012/5xxx/CVE-2012-5095.json +++ b/2012/5xxx/CVE-2012-5095.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to inetd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-5095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to inetd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5267.json b/2012/5xxx/CVE-2012-5267.json index 47601b808e5..57b63bf9be1 100644 --- a/2012/5xxx/CVE-2012-5267.json +++ b/2012/5xxx/CVE-2012-5267.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-5267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-22.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-22.html" - }, - { - "name" : "openSUSE-SU-2013:0370", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00034.html" - }, - { - "name" : "86044", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86044" - }, - { - "name" : "adobe-cve20125267-code-exec(79088)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0370", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00034.html" + }, + { + "name": "86044", + "refsource": "OSVDB", + "url": "http://osvdb.org/86044" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-22.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-22.html" + }, + { + "name": "adobe-cve20125267-code-exec(79088)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79088" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5289.json b/2012/5xxx/CVE-2012-5289.json index a8fff84ede6..2d71e5f0d11 100644 --- a/2012/5xxx/CVE-2012-5289.json +++ b/2012/5xxx/CVE-2012-5289.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) index.php or (2) gallery.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/view/108295/ploggerphotogallery-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/108295/ploggerphotogallery-sql.txt" - }, - { - "name" : "51228", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51228" - }, - { - "name" : "1027608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027608" - }, - { - "name" : "plogger-index-gallery-sql-injection(72079)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72079" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) index.php or (2) gallery.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51228", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51228" + }, + { + "name": "plogger-index-gallery-sql-injection(72079)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72079" + }, + { + "name": "http://packetstormsecurity.org/files/view/108295/ploggerphotogallery-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/108295/ploggerphotogallery-sql.txt" + }, + { + "name": "1027608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027608" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5608.json b/2012/5xxx/CVE-2012-5608.json index 9055d9ef44d..9b54313ad41 100644 --- a/2012/5xxx/CVE-2012-5608.json +++ b/2012/5xxx/CVE-2012-5608.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121130 Re: CVE Request: owncloud", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/30/3" - }, - { - "name" : "http://owncloud.org/changelog/", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/changelog/" - }, - { - "name" : "http://owncloud.org/security/advisories/oc-sa-2012-003/", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/security/advisories/oc-sa-2012-003/" - }, - { - "name" : "https://github.com/owncloud/core/commit/054c168", - "refsource" : "CONFIRM", - "url" : "https://github.com/owncloud/core/commit/054c168" - }, - { - "name" : "51357", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51357", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51357" + }, + { + "name": "[oss-security] 20121130 Re: CVE Request: owncloud", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/30/3" + }, + { + "name": "http://owncloud.org/changelog/", + "refsource": "CONFIRM", + "url": "http://owncloud.org/changelog/" + }, + { + "name": "http://owncloud.org/security/advisories/oc-sa-2012-003/", + "refsource": "CONFIRM", + "url": "http://owncloud.org/security/advisories/oc-sa-2012-003/" + }, + { + "name": "https://github.com/owncloud/core/commit/054c168", + "refsource": "CONFIRM", + "url": "https://github.com/owncloud/core/commit/054c168" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5984.json b/2012/5xxx/CVE-2012-5984.json index b43ef6b1e86..9b37d031ded 100644 --- a/2012/5xxx/CVE-2012-5984.json +++ b/2012/5xxx/CVE-2012-5984.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5984", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5984", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11187.json b/2017/11xxx/CVE-2017-11187.json index 582166bde13..a53c611ec38 100644 --- a/2017/11xxx/CVE-2017-11187.json +++ b/2017/11xxx/CVE-2017-11187.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11187", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11187", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phpmyfaq.de/security/advisory-2017-07-12", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyfaq.de/security/advisory-2017-07-12" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks that try many passwords in attempted logins quickly." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.phpmyfaq.de/security/advisory-2017-07-12", + "refsource": "CONFIRM", + "url": "http://www.phpmyfaq.de/security/advisory-2017-07-12" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11335.json b/2017/11xxx/CVE-2017-11335.json index 5806ac37c56..db0910551cf 100644 --- a/2017/11xxx/CVE-2017-11335.json +++ b/2017/11xxx/CVE-2017-11335.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2715", - "refsource" : "MISC", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2715" - }, - { - "name" : "DSA-4100", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4100" - }, - { - "name" : "USN-3602-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3602-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4.0.8 via a PlanarConfig=Contig image, which causes a more than one hundred bytes out-of-bounds write (related to the ZIPDecode function in tif_zip.c). A crafted input may lead to a remote denial of service attack or an arbitrary code execution attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3602-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3602-1/" + }, + { + "name": "DSA-4100", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4100" + }, + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2715", + "refsource": "MISC", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2715" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11366.json b/2017/11xxx/CVE-2017-11366.json index 2c3a7bd64d9..661c2d7b121 100644 --- a/2017/11xxx/CVE-2017-11366.json +++ b/2017/11xxx/CVE-2017-11366.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11366", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11366", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.jianshu.com/p/41ac7ac2a7af", - "refsource" : "MISC", - "url" : "http://www.jianshu.com/p/41ac7ac2a7af" - }, - { - "name" : "https://github.com/Codiad/Codiad/issues/1011", - "refsource" : "MISC", - "url" : "https://github.com/Codiad/Codiad/issues/1011" - }, - { - "name" : "https://github.com/Codiad/Codiad/pull/1013", - "refsource" : "MISC", - "url" : "https://github.com/Codiad/Codiad/pull/1013" - }, - { - "name" : "https://github.com/Codiad/Codiad/pull/1013/commits/b3645b4c6718cef6de7003f41aafe7bfcc0395d1", - "refsource" : "MISC", - "url" : "https://github.com/Codiad/Codiad/pull/1013/commits/b3645b4c6718cef6de7003f41aafe7bfcc0395d1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Codiad/Codiad/pull/1013/commits/b3645b4c6718cef6de7003f41aafe7bfcc0395d1", + "refsource": "MISC", + "url": "https://github.com/Codiad/Codiad/pull/1013/commits/b3645b4c6718cef6de7003f41aafe7bfcc0395d1" + }, + { + "name": "http://www.jianshu.com/p/41ac7ac2a7af", + "refsource": "MISC", + "url": "http://www.jianshu.com/p/41ac7ac2a7af" + }, + { + "name": "https://github.com/Codiad/Codiad/issues/1011", + "refsource": "MISC", + "url": "https://github.com/Codiad/Codiad/issues/1011" + }, + { + "name": "https://github.com/Codiad/Codiad/pull/1013", + "refsource": "MISC", + "url": "https://github.com/Codiad/Codiad/pull/1013" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11683.json b/2017/11xxx/CVE-2017-11683.json index a0735bc87e2..27f419e16a8 100644 --- a/2017/11xxx/CVE-2017-11683.json +++ b/2017/11xxx/CVE-2017-11683.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1475124", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1475124" - }, - { - "name" : "USN-3852-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3852-1/" - }, - { - "name" : "100030", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100030", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100030" + }, + { + "name": "USN-3852-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3852-1/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1475124", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1475124" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3106.json b/2017/3xxx/CVE-2017-3106.json index a4225e10b48..7566e4a292d 100644 --- a/2017/3xxx/CVE-2017-3106.json +++ b/2017/3xxx/CVE-2017-3106.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-3106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Flash Player", - "version" : { - "version_data" : [ - { - "version_value" : "26.0.0.137 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "Adobe Systems Incorporated" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Type Confusion" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-3106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Flash Player", + "version": { + "version_data": [ + { + "version_value": "26.0.0.137 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "Adobe Systems Incorporated" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42480", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42480/" - }, - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html" - }, - { - "name" : "GLSA-201709-16", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-16" - }, - { - "name" : "RHSA-2017:2457", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2457" - }, - { - "name" : "100190", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100190" - }, - { - "name" : "1039088", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42480", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42480/" + }, + { + "name": "1039088", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039088" + }, + { + "name": "100190", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100190" + }, + { + "name": "GLSA-201709-16", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-16" + }, + { + "name": "RHSA-2017:2457", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2457" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-23.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3149.json b/2017/3xxx/CVE-2017-3149.json index c744f382701..122aac644e0 100644 --- a/2017/3xxx/CVE-2017-3149.json +++ b/2017/3xxx/CVE-2017-3149.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3149", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3149", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3390.json b/2017/3xxx/CVE-2017-3390.json index 16e0d5f56ad..fa750809516 100644 --- a/2017/3xxx/CVE-2017-3390.json +++ b/2017/3xxx/CVE-2017-3390.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3390", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advanced Outbound Telephony", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advanced Outbound Telephony", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95531" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3474.json b/2017/3xxx/CVE-2017-3474.json index 5494f1f7688..b654c95067b 100644 --- a/2017/3xxx/CVE-2017-3474.json +++ b/2017/3xxx/CVE-2017-3474.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Solaris Operating System", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zone). The supported version that is affected is 11.3. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97834", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97834" - }, - { - "name" : "1038292", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zone). The supported version that is affected is 11.3. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Solaris accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "1038292", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038292" + }, + { + "name": "97834", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97834" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3986.json b/2017/3xxx/CVE-2017-3986.json index a88059d4d62..b5550c94f35 100644 --- a/2017/3xxx/CVE-2017-3986.json +++ b/2017/3xxx/CVE-2017-3986.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3986", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-3986", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7946.json b/2017/7xxx/CVE-2017-7946.json index de06074d531..733424d1d10 100644 --- a/2017/7xxx/CVE-2017-7946.json +++ b/2017/7xxx/CVE-2017-7946.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/radare/radare2/commit/d1e8ac62c6d978d4662f69116e30230d43033c92", - "refsource" : "CONFIRM", - "url" : "https://github.com/radare/radare2/commit/d1e8ac62c6d978d4662f69116e30230d43033c92" - }, - { - "name" : "https://github.com/radare/radare2/issues/7301", - "refsource" : "CONFIRM", - "url" : "https://github.com/radare/radare2/issues/7301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/radare/radare2/issues/7301", + "refsource": "CONFIRM", + "url": "https://github.com/radare/radare2/issues/7301" + }, + { + "name": "https://github.com/radare/radare2/commit/d1e8ac62c6d978d4662f69116e30230d43033c92", + "refsource": "CONFIRM", + "url": "https://github.com/radare/radare2/commit/d1e8ac62c6d978d4662f69116e30230d43033c92" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8122.json b/2017/8xxx/CVE-2017-8122.json index e96d884c75b..e3fc6a04c60 100644 --- a/2017/8xxx/CVE-2017-8122.json +++ b/2017/8xxx/CVE-2017-8122.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "UMA", - "version" : { - "version_data" : [ - { - "version_value" : "V200R001" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "privilege elevation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "UMA", + "version": { + "version_data": [ + { + "version_value": "V200R001" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en" - }, - { - "name" : "101961", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101961" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privilege elevation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en" + }, + { + "name": "101961", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101961" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8474.json b/2017/8xxx/CVE-2017-8474.json index 71066977832..f54c9f82eef 100644 --- a/2017/8xxx/CVE-2017-8474.json +++ b/2017/8xxx/CVE-2017-8474.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka \"Windows Kernel Information Disclosure Vulnerability,\" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Windows", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8474", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8474" - }, - { - "name" : "98902", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98902" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka \"Windows Kernel Information Disclosure Vulnerability,\" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8474", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8474" + }, + { + "name": "98902", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98902" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8671.json b/2017/8xxx/CVE-2017-8671.json index e30e147cc11..d3b08142535 100644 --- a/2017/8xxx/CVE-2017-8671.json +++ b/2017/8xxx/CVE-2017-8671.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8672, and CVE-2017-8674." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42475", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42475/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8671", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8671" - }, - { - "name" : "100071", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100071" - }, - { - "name" : "1039095", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039095" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8672, and CVE-2017-8674." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42475", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42475/" + }, + { + "name": "100071", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100071" + }, + { + "name": "1039095", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039095" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8671", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8671" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8741.json b/2017/8xxx/CVE-2017-8741.json index a24c787f1d9..ad65f93ac3d 100644 --- a/2017/8xxx/CVE-2017-8741.json +++ b/2017/8xxx/CVE-2017-8741.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-09-12T00:00:00", - "ID" : "CVE-2017-8741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Internet Explorer, Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-09-12T00:00:00", + "ID": "CVE-2017-8741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer, Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8741", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8741" - }, - { - "name" : "100764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100764" - }, - { - "name" : "1039342", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039342" - }, - { - "name" : "1039343", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039343" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100764" + }, + { + "name": "1039342", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039342" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8741", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8741" + }, + { + "name": "1039343", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039343" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10122.json b/2018/10xxx/CVE-2018-10122.json index 3cbc6549b9d..3551fa121db 100644 --- a/2018/10xxx/CVE-2018-10122.json +++ b/2018/10xxx/CVE-2018-10122.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhieps) pro1.6 allows remote attackers to read arbitrary files via directory traversal sequences in the pathname parameter to www/file.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/goodrain-apps/chanzhieps/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/goodrain-apps/chanzhieps/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka chanzhieps) pro1.6 allows remote attackers to read arbitrary files via directory traversal sequences in the pathname parameter to www/file.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/goodrain-apps/chanzhieps/issues/1", + "refsource": "MISC", + "url": "https://github.com/goodrain-apps/chanzhieps/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10686.json b/2018/10xxx/CVE-2018-10686.json index 49a0719870a..ca9f6a6bab1 100644 --- a/2018/10xxx/CVE-2018-10686.json +++ b/2018/10xxx/CVE-2018-10686.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/serghey-rodin/vesta/issues/1558", - "refsource" : "MISC", - "url" : "https://github.com/serghey-rodin/vesta/issues/1558" - }, - { - "name" : "https://medium.com/@ndrbasi/cve-2018-10686-vestacp-rce-d96d95c2bde2", - "refsource" : "MISC", - "url" : "https://medium.com/@ndrbasi/cve-2018-10686-vestacp-rce-d96d95c2bde2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@ndrbasi/cve-2018-10686-vestacp-rce-d96d95c2bde2", + "refsource": "MISC", + "url": "https://medium.com/@ndrbasi/cve-2018-10686-vestacp-rce-d96d95c2bde2" + }, + { + "name": "https://github.com/serghey-rodin/vesta/issues/1558", + "refsource": "MISC", + "url": "https://github.com/serghey-rodin/vesta/issues/1558" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10740.json b/2018/10xxx/CVE-2018-10740.json index 5672706b667..aaf13ad098d 100644 --- a/2018/10xxx/CVE-2018-10740.json +++ b/2018/10xxx/CVE-2018-10740.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code (contained in the webkeywords parameter) into the cmsconfig.php file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/axublog/axublog/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/axublog/axublog/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code (contained in the webkeywords parameter) into the cmsconfig.php file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/axublog/axublog/issues/1", + "refsource": "MISC", + "url": "https://github.com/axublog/axublog/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10814.json b/2018/10xxx/CVE-2018-10814.json index 8e9d1307295..142ee2724a8 100644 --- a/2018/10xxx/CVE-2018-10814.json +++ b/2018/10xxx/CVE-2018-10814.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10814", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10814", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45387", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45387/" - }, - { - "name" : "http://packetstormsecurity.com/files/149326/SynaMan-40-Build-1488-SMTP-Credential-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149326/SynaMan-40-Build-1488-SMTP-Credential-Disclosure.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Synametrics SynaMan 4.0 build 1488 uses cleartext password storage for SMTP credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/149326/SynaMan-40-Build-1488-SMTP-Credential-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149326/SynaMan-40-Build-1488-SMTP-Credential-Disclosure.html" + }, + { + "name": "45387", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45387/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10953.json b/2018/10xxx/CVE-2018-10953.json index 166887427b1..38f6885759f 100644 --- a/2018/10xxx/CVE-2018-10953.json +++ b/2018/10xxx/CVE-2018-10953.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x0022204C." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345BdPcSafe.sys-x64-0x0022204C", - "refsource" : "MISC", - "url" : "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345BdPcSafe.sys-x64-0x0022204C" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x0022204C." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345BdPcSafe.sys-x64-0x0022204C", + "refsource": "MISC", + "url": "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345BdPcSafe.sys-x64-0x0022204C" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12742.json b/2018/12xxx/CVE-2018-12742.json index 8cc82900eea..5b4c71e54d4 100644 --- a/2018/12xxx/CVE-2018-12742.json +++ b/2018/12xxx/CVE-2018-12742.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12742", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12742", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13456.json b/2018/13xxx/CVE-2018-13456.json index 92329d06eea..fed4ccb08e1 100644 --- a/2018/13xxx/CVE-2018-13456.json +++ b/2018/13xxx/CVE-2018-13456.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13456", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13456", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13508.json b/2018/13xxx/CVE-2018-13508.json index 15090d72c62..7df25c130f0 100644 --- a/2018/13xxx/CVE-2018-13508.json +++ b/2018/13xxx/CVE-2018-13508.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for VITToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/VITToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/VITToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for VITToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/VITToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/VITToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13939.json b/2018/13xxx/CVE-2018-13939.json index 1d8c541ed21..a49ec674548 100644 --- a/2018/13xxx/CVE-2018-13939.json +++ b/2018/13xxx/CVE-2018-13939.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13939", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13939", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17234.json b/2018/17xxx/CVE-2018-17234.json index c4281e72ea8..cf54075779f 100644 --- a/2018/17xxx/CVE-2018-17234.json +++ b/2018/17xxx/CVE-2018-17234.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln3#memory-leak---h5o__chunk_deserialize_memory_leak", - "refsource" : "MISC", - "url" : "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln3#memory-leak---h5o__chunk_deserialize_memory_leak" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln3#memory-leak---h5o__chunk_deserialize_memory_leak", + "refsource": "MISC", + "url": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln3#memory-leak---h5o__chunk_deserialize_memory_leak" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17385.json b/2018/17xxx/CVE-2018-17385.json index 8b512ccd550..e308f62c188 100644 --- a/2018/17xxx/CVE-2018-17385.json +++ b/2018/17xxx/CVE-2018-17385.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45470", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45470/" - }, - { - "name" : "http://packetstormsecurity.com/files/149525/Joomla-Social-Factory-3.8.3-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149525/Joomla-Social-Factory-3.8.3-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/149525/Joomla-Social-Factory-3.8.3-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149525/Joomla-Social-Factory-3.8.3-SQL-Injection.html" + }, + { + "name": "45470", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45470/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17499.json b/2018/17xxx/CVE-2018-17499.json index 92a64232508..08a97066d3e 100644 --- a/2018/17xxx/CVE-2018-17499.json +++ b/2018/17xxx/CVE-2018-17499.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17499", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17499", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17502.json b/2018/17xxx/CVE-2018-17502.json index 998b10f89d8..fb229626693 100644 --- a/2018/17xxx/CVE-2018-17502.json +++ b/2018/17xxx/CVE-2018-17502.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17502", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17502", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9104.json b/2018/9xxx/CVE-2018-9104.json index 8bf7d03500d..0218f85e4ca 100644 --- a/2018/9xxx/CVE-2018-9104.json +++ b/2018/9xxx/CVE-2018-9104.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the api.php page. A successful exploit could allow an attacker to execute arbitrary scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mitel.com/mitel-product-security-advisory-18-0003", - "refsource" : "CONFIRM", - "url" : "https://www.mitel.com/mitel-product-security-advisory-18-0003" - }, - { - "name" : "https://www.mitel.com/sites/default/files/2018-Security-Bulletin-18-0003-001.pdf", - "refsource" : "CONFIRM", - "url" : "https://www.mitel.com/sites/default/files/2018-Security-Bulletin-18-0003-001.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the api.php page. A successful exploit could allow an attacker to execute arbitrary scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mitel.com/mitel-product-security-advisory-18-0003", + "refsource": "CONFIRM", + "url": "https://www.mitel.com/mitel-product-security-advisory-18-0003" + }, + { + "name": "https://www.mitel.com/sites/default/files/2018-Security-Bulletin-18-0003-001.pdf", + "refsource": "CONFIRM", + "url": "https://www.mitel.com/sites/default/files/2018-Security-Bulletin-18-0003-001.pdf" + } + ] + } +} \ No newline at end of file