From 7f7ca8606e634d230d66f0f6edfb147d64da7bd5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:32:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/0xxx/CVE-2004-0178.json | 310 ++++++++-------- 2004/0xxx/CVE-2004-0598.json | 380 +++++++++---------- 2004/1xxx/CVE-2004-1788.json | 120 +++--- 2004/1xxx/CVE-2004-1901.json | 150 ++++---- 2004/2xxx/CVE-2004-2031.json | 160 ++++---- 2004/2xxx/CVE-2004-2663.json | 190 +++++----- 2008/2xxx/CVE-2008-2140.json | 130 +++---- 2008/2xxx/CVE-2008-2363.json | 220 +++++------ 2008/2xxx/CVE-2008-2806.json | 330 ++++++++--------- 2008/2xxx/CVE-2008-2807.json | 660 ++++++++++++++++----------------- 2008/2xxx/CVE-2008-2887.json | 150 ++++---- 2008/3xxx/CVE-2008-3304.json | 130 +++---- 2008/3xxx/CVE-2008-3869.json | 230 ++++++------ 2008/3xxx/CVE-2008-3976.json | 160 ++++---- 2008/6xxx/CVE-2008-6000.json | 160 ++++---- 2008/6xxx/CVE-2008-6367.json | 130 +++---- 2008/6xxx/CVE-2008-6802.json | 130 +++---- 2008/7xxx/CVE-2008-7074.json | 170 ++++----- 2008/7xxx/CVE-2008-7118.json | 140 +++---- 2012/5xxx/CVE-2012-5433.json | 34 +- 2012/5xxx/CVE-2012-5900.json | 180 ++++----- 2017/11xxx/CVE-2017-11059.json | 132 +++---- 2017/11xxx/CVE-2017-11078.json | 130 +++---- 2017/11xxx/CVE-2017-11149.json | 122 +++--- 2017/11xxx/CVE-2017-11175.json | 120 +++--- 2017/11xxx/CVE-2017-11531.json | 130 +++---- 2017/11xxx/CVE-2017-11603.json | 34 +- 2017/14xxx/CVE-2017-14409.json | 120 +++--- 2017/14xxx/CVE-2017-14527.json | 130 +++---- 2017/14xxx/CVE-2017-14754.json | 130 +++---- 2017/14xxx/CVE-2017-14821.json | 130 +++---- 2017/14xxx/CVE-2017-14958.json | 120 +++--- 2017/15xxx/CVE-2017-15363.json | 130 +++---- 2017/15xxx/CVE-2017-15526.json | 132 +++---- 2017/15xxx/CVE-2017-15537.json | 150 ++++---- 2017/15xxx/CVE-2017-15888.json | 122 +++--- 2017/15xxx/CVE-2017-15978.json | 120 +++--- 2017/8xxx/CVE-2017-8627.json | 142 +++---- 2017/8xxx/CVE-2017-8701.json | 34 +- 2017/8xxx/CVE-2017-8761.json | 34 +- 2017/8xxx/CVE-2017-8802.json | 150 ++++---- 2017/8xxx/CVE-2017-8899.json | 140 +++---- 2017/8xxx/CVE-2017-8904.json | 160 ++++---- 2018/12xxx/CVE-2018-12096.json | 120 +++--- 2018/12xxx/CVE-2018-12137.json | 34 +- 2018/12xxx/CVE-2018-12375.json | 162 ++++---- 2018/13xxx/CVE-2018-13340.json | 120 +++--- 2018/13xxx/CVE-2018-13549.json | 130 +++---- 2018/13xxx/CVE-2018-13741.json | 130 +++---- 2018/13xxx/CVE-2018-13786.json | 34 +- 2018/16xxx/CVE-2018-16204.json | 130 +++---- 2018/16xxx/CVE-2018-16792.json | 120 +++--- 2018/16xxx/CVE-2018-16812.json | 34 +- 2018/17xxx/CVE-2018-17513.json | 34 +- 2018/4xxx/CVE-2018-4360.json | 34 +- 2018/4xxx/CVE-2018-4466.json | 34 +- 2018/4xxx/CVE-2018-4577.json | 34 +- 2018/4xxx/CVE-2018-4898.json | 140 +++---- 2018/4xxx/CVE-2018-4964.json | 140 +++---- 59 files changed, 4153 insertions(+), 4153 deletions(-) diff --git a/2004/0xxx/CVE-2004-0178.json b/2004/0xxx/CVE-2004-0178.json index 69867b861d6..28ff48413ff 100644 --- a/2004/0xxx/CVE-2004-0178.json +++ b/2004/0xxx/CVE-2004-0178.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CLA-2004:846", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846" - }, - { - "name" : "DSA-479", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-479" - }, - { - "name" : "DSA-480", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-480" - }, - { - "name" : "DSA-481", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-481" - }, - { - "name" : "DSA-482", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-482" - }, - { - "name" : "DSA-489", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-489" - }, - { - "name" : "DSA-491", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-491" - }, - { - "name" : "DSA-495", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-495" - }, - { - "name" : "GLSA-200407-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200407-02.xml" - }, - { - "name" : "MDKSA-2004:029", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:029" - }, - { - "name" : "RHSA-2004:413", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-413.html" - }, - { - "name" : "RHSA-2004:437", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-437.html" - }, - { - "name" : "20040804-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc" - }, - { - "name" : "http://linux.bkbits.net:8080/linux-2.4/cset@404ce5967rY2Ryu6Z_uNbYh643wuFA", - "refsource" : "MISC", - "url" : "http://linux.bkbits.net:8080/linux-2.4/cset@404ce5967rY2Ryu6Z_uNbYh643wuFA" - }, - { - "name" : "O-121", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-121.shtml" - }, - { - "name" : "O-127", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-127.shtml" - }, - { - "name" : "O-193", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-193.shtml" - }, - { - "name" : "9985", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9985" - }, - { - "name" : "oval:org.mitre.oval:def:9427", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9427" - }, - { - "name" : "linux-sound-blaster-dos(15868)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15868" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2004:413", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-413.html" + }, + { + "name": "O-127", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-127.shtml" + }, + { + "name": "http://linux.bkbits.net:8080/linux-2.4/cset@404ce5967rY2Ryu6Z_uNbYh643wuFA", + "refsource": "MISC", + "url": "http://linux.bkbits.net:8080/linux-2.4/cset@404ce5967rY2Ryu6Z_uNbYh643wuFA" + }, + { + "name": "oval:org.mitre.oval:def:9427", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9427" + }, + { + "name": "DSA-482", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-482" + }, + { + "name": "RHSA-2004:437", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-437.html" + }, + { + "name": "DSA-495", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-495" + }, + { + "name": "DSA-479", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-479" + }, + { + "name": "DSA-480", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-480" + }, + { + "name": "CLA-2004:846", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846" + }, + { + "name": "DSA-489", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-489" + }, + { + "name": "DSA-481", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-481" + }, + { + "name": "9985", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9985" + }, + { + "name": "O-121", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-121.shtml" + }, + { + "name": "linux-sound-blaster-dos(15868)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15868" + }, + { + "name": "O-193", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-193.shtml" + }, + { + "name": "20040804-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040804-01-U.asc" + }, + { + "name": "MDKSA-2004:029", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:029" + }, + { + "name": "GLSA-200407-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200407-02.xml" + }, + { + "name": "DSA-491", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-491" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0598.json b/2004/0xxx/CVE-2004-0598.json index 5ff224e2708..42cde60b1ad 100644 --- a/2004/0xxx/CVE-2004-0598.json +++ b/2004/0xxx/CVE-2004-0598.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://scary.beasts.org/security/CESA-2004-001.txt", - "refsource" : "MISC", - "url" : "http://scary.beasts.org/security/CESA-2004-001.txt" - }, - { - "name" : "APPLE-SA-2004-09-09", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/mhonarc/security-announce/msg00056.html" - }, - { - "name" : "CLA-2004:856", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000856" - }, - { - "name" : "DSA-536", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-536" - }, - { - "name" : "FLSA:1943", - "refsource" : "FEDORA", - "url" : "https://bugzilla.fedora.us/show_bug.cgi?id=1943" - }, - { - "name" : "GLSA-200408-03", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200408-03.xml" - }, - { - "name" : "GLSA-200408-22", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml" - }, - { - "name" : "SSRT4778", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=109181639602978&w=2" - }, - { - "name" : "MDKSA-2004:079", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:079" - }, - { - "name" : "MDKSA-2006:212", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:212" - }, - { - "name" : "MDKSA-2006:213", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:213" - }, - { - "name" : "RHSA-2004:402", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-402.html" - }, - { - "name" : "RHSA-2004:429", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-429.html" - }, - { - "name" : "SCOSA-2004.16", - "refsource" : "SCO", - "url" : "http://marc.info/?l=bugtraq&m=109761239318458&w=2" - }, - { - "name" : "200663", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1" - }, - { - "name" : "SUSE-SA:2004:023", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_23_libpng.html" - }, - { - "name" : "2004-0040", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.net/errata/2004/0040/" - }, - { - "name" : "20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109163866717909&w=2" - }, - { - "name" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html" - }, - { - "name" : "TA04-217A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA04-217A.html" - }, - { - "name" : "VU#236656", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/236656" - }, - { - "name" : "10857", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10857" - }, - { - "name" : "oval:org.mitre.oval:def:2572", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2572" - }, - { - "name" : "oval:org.mitre.oval:def:10203", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10203" - }, - { - "name" : "22957", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22957" - }, - { - "name" : "22958", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22958" - }, - { - "name" : "libpng-pnghandleiccp-dos(16895)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote attackers to cause a denial of service (application crash) via a certain PNG image that triggers a null dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2004-0040", + "refsource": "TRUSTIX", + "url": "http://www.trustix.net/errata/2004/0040/" + }, + { + "name": "200663", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1" + }, + { + "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html" + }, + { + "name": "RHSA-2004:402", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-402.html" + }, + { + "name": "oval:org.mitre.oval:def:10203", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10203" + }, + { + "name": "GLSA-200408-22", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml" + }, + { + "name": "22958", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22958" + }, + { + "name": "FLSA:1943", + "refsource": "FEDORA", + "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1943" + }, + { + "name": "SCOSA-2004.16", + "refsource": "SCO", + "url": "http://marc.info/?l=bugtraq&m=109761239318458&w=2" + }, + { + "name": "http://scary.beasts.org/security/CESA-2004-001.txt", + "refsource": "MISC", + "url": "http://scary.beasts.org/security/CESA-2004-001.txt" + }, + { + "name": "RHSA-2004:429", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-429.html" + }, + { + "name": "DSA-536", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-536" + }, + { + "name": "APPLE-SA-2004-09-09", + "refsource": "APPLE", + "url": "http://lists.apple.com/mhonarc/security-announce/msg00056.html" + }, + { + "name": "20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109163866717909&w=2" + }, + { + "name": "SSRT4778", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=109181639602978&w=2" + }, + { + "name": "MDKSA-2006:213", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:213" + }, + { + "name": "TA04-217A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA04-217A.html" + }, + { + "name": "MDKSA-2006:212", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:212" + }, + { + "name": "libpng-pnghandleiccp-dos(16895)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16895" + }, + { + "name": "VU#236656", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/236656" + }, + { + "name": "CLA-2004:856", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000856" + }, + { + "name": "10857", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10857" + }, + { + "name": "oval:org.mitre.oval:def:2572", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2572" + }, + { + "name": "SUSE-SA:2004:023", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_23_libpng.html" + }, + { + "name": "GLSA-200408-03", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-03.xml" + }, + { + "name": "MDKSA-2004:079", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:079" + }, + { + "name": "22957", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22957" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1788.json b/2004/1xxx/CVE-2004-1788.json index b2543b56468..b09ea9f6412 100644 --- a/2004/1xxx/CVE-2004-1788.json +++ b/2004/1xxx/CVE-2004-1788.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ASP-Nuke 1.3 and earlier places user credentials under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to main.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ASP-Nuke 1.3 and earlier places user credentials under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to main.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9355" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1901.json b/2004/1xxx/CVE-2004-1901.json index 1e44728e870..811ba72f132 100644 --- a/2004/1xxx/CVE-2004-1901.json +++ b/2004/1xxx/CVE-2004-1901.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200404-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200404-01.xml" - }, - { - "name" : "10060", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10060" - }, - { - "name" : "11305", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11305" - }, - { - "name" : "portage-lockfile-hardlink(15754)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15754" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10060", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10060" + }, + { + "name": "GLSA-200404-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200404-01.xml" + }, + { + "name": "11305", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11305" + }, + { + "name": "portage-lockfile-hardlink(15754)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15754" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2031.json b/2004/2xxx/CVE-2004-2031.json index cfb20d2d192..056a0702b1e 100644 --- a/2004/2xxx/CVE-2004-2031.json +++ b/2004/2xxx/CVE-2004-2031.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040522 e107 web portal user.php XSS (Cross Site Scripting)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108541119526279&w=2" - }, - { - "name" : "10405", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10405" - }, - { - "name" : "6410", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6410" - }, - { - "name" : "11696", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11696" - }, - { - "name" : "e107-user-xss(16241)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10405", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10405" + }, + { + "name": "11696", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11696" + }, + { + "name": "6410", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6410" + }, + { + "name": "e107-user-xss(16241)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16241" + }, + { + "name": "20040522 e107 web portal user.php XSS (Cross Site Scripting)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108541119526279&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2663.json b/2004/2xxx/CVE-2004-2663.json index 4ee2dd394d7..b2fa023ffbe 100644 --- a/2004/2xxx/CVE-2004-2663.json +++ b/2004/2xxx/CVE-2004-2663.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2.0.0.16 allow remote attackers to create files with arbitrary content, as demonstrated by creating a .hta file in a Startup folder." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "AD20040615B", - "refsource" : "EEYE", - "url" : "http://research.eeye.com/html/advisories/published/AD20040615B.html" - }, - { - "name" : "20040616 \"IBM Access Support\" (eGatherer) Activex Dangerous Methods Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108746693619324&w=2" - }, - { - "name" : "20040616 \"IBM Access Support\" (eGatherer) Activex Dangerous Methods Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=108741557604568&w=2" - }, - { - "name" : "http://www.eeye.com/html/research/advisories/AD20040615B.html", - "refsource" : "MISC", - "url" : "http://www.eeye.com/html/research/advisories/AD20040615B.html" - }, - { - "name" : "10562", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10562" - }, - { - "name" : "7090", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7090" - }, - { - "name" : "11072", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11072" - }, - { - "name" : "ibm-egatherer-execute-code(16428)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2.0.0.16 allow remote attackers to create files with arbitrary content, as demonstrated by creating a .hta file in a Startup folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-egatherer-execute-code(16428)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16428" + }, + { + "name": "http://www.eeye.com/html/research/advisories/AD20040615B.html", + "refsource": "MISC", + "url": "http://www.eeye.com/html/research/advisories/AD20040615B.html" + }, + { + "name": "20040616 \"IBM Access Support\" (eGatherer) Activex Dangerous Methods Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108746693619324&w=2" + }, + { + "name": "11072", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11072" + }, + { + "name": "20040616 \"IBM Access Support\" (eGatherer) Activex Dangerous Methods Vulnerability", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=108741557604568&w=2" + }, + { + "name": "7090", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7090" + }, + { + "name": "AD20040615B", + "refsource": "EEYE", + "url": "http://research.eeye.com/html/advisories/published/AD20040615B.html" + }, + { + "name": "10562", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10562" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2140.json b/2008/2xxx/CVE-2008-2140.json index f61b0761d19..7e34b76c2d9 100644 --- a/2008/2xxx/CVE-2008-2140.json +++ b/2008/2xxx/CVE-2008-2140.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the rootpw plugin in rPath Appliance Platform Agent 2 and 3 allows remote attackers to reset the root password as the administrator via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0148", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0148" - }, - { - "name" : "rootpw-rpath-appliance-csrf(42393)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the rootpw plugin in rPath Appliance Platform Agent 2 and 3 allows remote attackers to reset the root password as the administrator via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0148", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0148" + }, + { + "name": "rootpw-rpath-appliance-csrf(42393)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42393" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2363.json b/2008/2xxx/CVE-2008-2363.json index a6575aeff65..3c40950f301 100644 --- a/2008/2xxx/CVE-2008-2363.json +++ b/2008/2xxx/CVE-2008-2363.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-2363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080529 CVE-2008-2363: pan - heap overflow", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=oss-security&m=121207185600564&w=2" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=224051", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=224051" - }, - { - "name" : "http://bugzilla.gnome.org/show_bug.cgi?id=535413", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.gnome.org/show_bug.cgi?id=535413" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=446902", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=446902" - }, - { - "name" : "GLSA-200807-15", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200807-15.xml" - }, - { - "name" : "MDVSA-2008:201", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:201" - }, - { - "name" : "SUSE-SR:2008:013", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2008_13_sr.html" - }, - { - "name" : "29421", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29421" - }, - { - "name" : "30717", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30717" - }, - { - "name" : "31315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31315" - }, - { - "name" : "pan-nzb-bo(42750)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42750" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29421", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29421" + }, + { + "name": "GLSA-200807-15", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200807-15.xml" + }, + { + "name": "MDVSA-2008:201", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:201" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=446902", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=446902" + }, + { + "name": "31315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31315" + }, + { + "name": "pan-nzb-bo(42750)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42750" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=224051", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=224051" + }, + { + "name": "http://bugzilla.gnome.org/show_bug.cgi?id=535413", + "refsource": "CONFIRM", + "url": "http://bugzilla.gnome.org/show_bug.cgi?id=535413" + }, + { + "name": "[oss-security] 20080529 CVE-2008-2363: pan - heap overflow", + "refsource": "MLIST", + "url": "http://marc.info/?l=oss-security&m=121207185600564&w=2" + }, + { + "name": "SUSE-SR:2008:013", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html" + }, + { + "name": "30717", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30717" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2806.json b/2008/2xxx/CVE-2008-2806.json index e7215926695..cd2938a223b 100644 --- a/2008/2xxx/CVE-2008-2806.json +++ b/2008/2xxx/CVE-2008-2806.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2806", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-2806", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080708 rPSA-2008-0216-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494080/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15" - }, - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-28.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-28.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=408329", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=408329" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2646", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2646" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0216", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0216" - }, - { - "name" : "FEDORA-2008-6193", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html" - }, - { - "name" : "FEDORA-2008-6196", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html" - }, - { - "name" : "SSA:2008-191-03", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152" - }, - { - "name" : "SSA:2008-191", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911" - }, - { - "name" : "SUSE-SA:2008:034", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html" - }, - { - "name" : "USN-619-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-619-1" - }, - { - "name" : "30038", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30038" - }, - { - "name" : "31076", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31076" - }, - { - "name" : "ADV-2008-1993", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1993/references" - }, - { - "name" : "1020419", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020419" - }, - { - "name" : "30911", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30911" - }, - { - "name" : "30898", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30898" - }, - { - "name" : "31005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31005" - }, - { - "name" : "31008", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31008" - }, - { - "name" : "31023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31023" - }, - { - "name" : "31021", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31021" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2008:034", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html" + }, + { + "name": "31021", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31021" + }, + { + "name": "30898", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30898" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0216", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2646", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2646" + }, + { + "name": "SSA:2008-191-03", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=408329", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=408329" + }, + { + "name": "31008", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31008" + }, + { + "name": "ADV-2008-1993", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1993/references" + }, + { + "name": "31023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31023" + }, + { + "name": "30038", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30038" + }, + { + "name": "31005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31005" + }, + { + "name": "1020419", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020419" + }, + { + "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15" + }, + { + "name": "FEDORA-2008-6193", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-28.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-28.html" + }, + { + "name": "SSA:2008-191", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911" + }, + { + "name": "31076", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31076" + }, + { + "name": "USN-619-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-619-1" + }, + { + "name": "30911", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30911" + }, + { + "name": "20080708 rPSA-2008-0216-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded" + }, + { + "name": "FEDORA-2008-6196", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2807.json b/2008/2xxx/CVE-2008-2807.json index abcf5236f74..1914a2c410a 100644 --- a/2008/2xxx/CVE-2008-2807.json +++ b/2008/2xxx/CVE-2008-2807.json @@ -1,332 +1,332 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-2807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080708 rPSA-2008-0216-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494080/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15" - }, - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-29.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-29.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=397093", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=397093" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2646", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2646" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0216", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0216" - }, - { - "name" : "DSA-1607", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1607" - }, - { - "name" : "DSA-1615", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1615" - }, - { - "name" : "DSA-1621", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1621" - }, - { - "name" : "DSA-1697", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1697" - }, - { - "name" : "FEDORA-2008-6127", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html" - }, - { - "name" : "FEDORA-2008-6193", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html" - }, - { - "name" : "FEDORA-2008-6196", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html" - }, - { - "name" : "FEDORA-2008-6706", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html" - }, - { - "name" : "FEDORA-2008-6737", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html" - }, - { - "name" : "GLSA-200808-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200808-03.xml" - }, - { - "name" : "MDVSA-2008:136", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136" - }, - { - "name" : "MDVSA-2008:155", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155" - }, - { - "name" : "RHSA-2008:0547", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0547.html" - }, - { - "name" : "RHSA-2008:0549", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0549.html" - }, - { - "name" : "RHSA-2008:0569", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0569.html" - }, - { - "name" : "RHSA-2008:0616", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-0616.html" - }, - { - "name" : "SSA:2008-191-03", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152" - }, - { - "name" : "SSA:2008-210-05", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484" - }, - { - "name" : "SSA:2008-191", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911" - }, - { - "name" : "256408", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" - }, - { - "name" : "SUSE-SA:2008:034", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html" - }, - { - "name" : "USN-619-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-619-1" - }, - { - "name" : "USN-629-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-629-1" - }, - { - "name" : "30038", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30038" - }, - { - "name" : "oval:org.mitre.oval:def:9432", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9432" - }, - { - "name" : "34501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34501" - }, - { - "name" : "31076", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31076" - }, - { - "name" : "ADV-2008-1993", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1993/references" - }, - { - "name" : "1020419", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020419" - }, - { - "name" : "30911", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30911" - }, - { - "name" : "30878", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30878" - }, - { - "name" : "30898", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30898" - }, - { - "name" : "30903", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30903" - }, - { - "name" : "30949", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30949" - }, - { - "name" : "31005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31005" - }, - { - "name" : "31008", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31008" - }, - { - "name" : "31069", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31069" - }, - { - "name" : "31023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31023" - }, - { - "name" : "31183", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31183" - }, - { - "name" : "31195", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31195" - }, - { - "name" : "31220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31220" - }, - { - "name" : "31253", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31253" - }, - { - "name" : "31377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31377" - }, - { - "name" : "31286", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31286" - }, - { - "name" : "31403", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31403" - }, - { - "name" : "31021", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31021" - }, - { - "name" : "33433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33433" - }, - { - "name" : "ADV-2009-0977", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0977" - }, - { - "name" : "firefox-propertiesfile-info-disclosure(50656)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50656" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2008:034", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html" + }, + { + "name": "RHSA-2008:0549", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html" + }, + { + "name": "DSA-1697", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1697" + }, + { + "name": "31021", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31021" + }, + { + "name": "firefox-propertiesfile-info-disclosure(50656)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50656" + }, + { + "name": "30898", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30898" + }, + { + "name": "31403", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31403" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0216", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216" + }, + { + "name": "oval:org.mitre.oval:def:9432", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9432" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2646", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2646" + }, + { + "name": "30949", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30949" + }, + { + "name": "SSA:2008-191-03", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152" + }, + { + "name": "ADV-2009-0977", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0977" + }, + { + "name": "31069", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31069" + }, + { + "name": "31008", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31008" + }, + { + "name": "31377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31377" + }, + { + "name": "RHSA-2008:0616", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html" + }, + { + "name": "ADV-2008-1993", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1993/references" + }, + { + "name": "31023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31023" + }, + { + "name": "MDVSA-2008:155", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155" + }, + { + "name": "30038", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30038" + }, + { + "name": "DSA-1607", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1607" + }, + { + "name": "GLSA-200808-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200808-03.xml" + }, + { + "name": "31005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31005" + }, + { + "name": "33433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33433" + }, + { + "name": "FEDORA-2008-6127", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html" + }, + { + "name": "1020419", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020419" + }, + { + "name": "31253", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31253" + }, + { + "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15" + }, + { + "name": "FEDORA-2008-6737", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html" + }, + { + "name": "31183", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31183" + }, + { + "name": "30903", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30903" + }, + { + "name": "RHSA-2008:0547", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html" + }, + { + "name": "FEDORA-2008-6193", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=397093", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=397093" + }, + { + "name": "USN-629-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-629-1" + }, + { + "name": "256408", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" + }, + { + "name": "SSA:2008-191", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911" + }, + { + "name": "SSA:2008-210-05", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484" + }, + { + "name": "DSA-1615", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1615" + }, + { + "name": "FEDORA-2008-6706", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html" + }, + { + "name": "31220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31220" + }, + { + "name": "31195", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31195" + }, + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-29.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-29.html" + }, + { + "name": "31076", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31076" + }, + { + "name": "USN-619-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-619-1" + }, + { + "name": "30911", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30911" + }, + { + "name": "RHSA-2008:0569", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html" + }, + { + "name": "30878", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30878" + }, + { + "name": "DSA-1621", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1621" + }, + { + "name": "20080708 rPSA-2008-0216-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded" + }, + { + "name": "31286", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31286" + }, + { + "name": "FEDORA-2008-6196", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html" + }, + { + "name": "34501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34501" + }, + { + "name": "MDVSA-2008:136", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2887.json b/2008/2xxx/CVE-2008-2887.json index f3422468bde..a1331371a5d 100644 --- a/2008/2xxx/CVE-2008-2887.json +++ b/2008/2xxx/CVE-2008-2887.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in chaozz@work FubarForum 1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5872", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5872" - }, - { - "name" : "29847", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29847" - }, - { - "name" : "30811", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30811" - }, - { - "name" : "fubarforum-index-file-include(43228)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in chaozz@work FubarForum 1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "fubarforum-index-file-include(43228)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43228" + }, + { + "name": "30811", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30811" + }, + { + "name": "29847", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29847" + }, + { + "name": "5872", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5872" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3304.json b/2008/3xxx/CVE-2008-3304.json index 85f634ac032..0b1cca729ab 100644 --- a/2008/3xxx/CVE-2008-3304.json +++ b/2008/3xxx/CVE-2008-3304.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3304", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6073", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6073" - }, - { - "name" : "bilboblog-footer-pagination-info-disclosure(43766)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43766" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BilboBlog 0.2.1 allows remote attackers to obtain sensitive information via (1) an enable_cache=false query string to footer.php or (2) a direct request to pagination.php, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bilboblog-footer-pagination-info-disclosure(43766)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43766" + }, + { + "name": "6073", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6073" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3869.json b/2008/3xxx/CVE-2008-3869.json index e54be4ace0f..22e72c232e6 100644 --- a/2008/3xxx/CVE-2008-3869.json +++ b/2008/3xxx/CVE-2008-3869.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3869", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2008-3869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090523 Secunia Research: Sun Solaris \"sadmind\" Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503771/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2008-45/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2008-45/" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116455-02-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116455-02-1" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-195.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-195.htm" - }, - { - "name" : "259468", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259468-1" - }, - { - "name" : "35083", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35083" - }, - { - "name" : "54663", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/54663" - }, - { - "name" : "oval:org.mitre.oval:def:5347", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5347" - }, - { - "name" : "1022275", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022275" - }, - { - "name" : "32473", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32473" - }, - { - "name" : "35191", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35191" - }, - { - "name" : "ADV-2009-1409", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1409" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32473", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32473" + }, + { + "name": "oval:org.mitre.oval:def:5347", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5347" + }, + { + "name": "ADV-2009-1409", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1409" + }, + { + "name": "1022275", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022275" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-195.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-195.htm" + }, + { + "name": "54663", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/54663" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116455-02-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116455-02-1" + }, + { + "name": "20090523 Secunia Research: Sun Solaris \"sadmind\" Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503771/100/0/threaded" + }, + { + "name": "35191", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35191" + }, + { + "name": "http://secunia.com/secunia_research/2008-45/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2008-45/" + }, + { + "name": "259468", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259468-1" + }, + { + "name": "35083", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35083" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3976.json b/2008/3xxx/CVE-2008-3976.json index 95bd8320719..3234c843853 100644 --- a/2008/3xxx/CVE-2008-3976.json +++ b/2008/3xxx/CVE-2008-3976.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-3413 and CVE-2009-3414." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2008-3976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html" - }, - { - "name" : "ADV-2008-2825", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2825" - }, - { - "name" : "1021050", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021050" - }, - { - "name" : "32291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32291" - }, - { - "name" : "oracle-database-spatial-priv-escalation(45882)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45882" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-3413 and CVE-2009-3414." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html" + }, + { + "name": "32291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32291" + }, + { + "name": "oracle-database-spatial-priv-escalation(45882)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45882" + }, + { + "name": "1021050", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021050" + }, + { + "name": "ADV-2008-2825", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2825" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6000.json b/2008/6xxx/CVE-2008-6000.json index c8f7db6b3c6..0286e2ab499 100644 --- a/2008/6xxx/CVE-2008-6000.json +++ b/2008/6xxx/CVE-2008-6000.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GDTdiIcpt.sys driver in G DATA AntiVirus 2008, InternetSecurity 2008, and TotalCare 2008 populates kernel registers with IOCTL 0x8317001c input values, which allows local users to cause a denial of service (system crash) or gain privileges via a crafted IOCTL request, as demonstrated by execution of the KeSetEvent function with modified register contents." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://trapkit.de/advisories/TKADV2008-008.txt", - "refsource" : "MISC", - "url" : "http://trapkit.de/advisories/TKADV2008-008.txt" - }, - { - "name" : "31246", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31246" - }, - { - "name" : "ADV-2008-2636", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2636" - }, - { - "name" : "31941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31941" - }, - { - "name" : "gdata-gdtdiicpt-privilege-escalation(45249)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GDTdiIcpt.sys driver in G DATA AntiVirus 2008, InternetSecurity 2008, and TotalCare 2008 populates kernel registers with IOCTL 0x8317001c input values, which allows local users to cause a denial of service (system crash) or gain privileges via a crafted IOCTL request, as demonstrated by execution of the KeSetEvent function with modified register contents." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gdata-gdtdiicpt-privilege-escalation(45249)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45249" + }, + { + "name": "31941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31941" + }, + { + "name": "http://trapkit.de/advisories/TKADV2008-008.txt", + "refsource": "MISC", + "url": "http://trapkit.de/advisories/TKADV2008-008.txt" + }, + { + "name": "31246", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31246" + }, + { + "name": "ADV-2008-2636", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2636" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6367.json b/2008/6xxx/CVE-2008-6367.json index 784af6fd9bb..09864d6ff16 100644 --- a/2008/6xxx/CVE-2008-6367.json +++ b/2008/6xxx/CVE-2008-6367.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in Photos/create_album.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in Member_images/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7435", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7435" - }, - { - "name" : "33125", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in Photos/create_album.php in Social Groupie allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in Member_images/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7435", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7435" + }, + { + "name": "33125", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33125" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6802.json b/2008/6xxx/CVE-2008-6802.json index eb2b5a77006..127f0b748fd 100644 --- a/2008/6xxx/CVE-2008-6802.json +++ b/2008/6xxx/CVE-2008-6802.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in index.php in phPhotoGallery 0.92 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/bid/31850/exploit", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/bid/31850/exploit" - }, - { - "name" : "31850", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31850" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in index.php in phPhotoGallery 0.92 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securityfocus.com/bid/31850/exploit", + "refsource": "MISC", + "url": "http://www.securityfocus.com/bid/31850/exploit" + }, + { + "name": "31850", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31850" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7074.json b/2008/7xxx/CVE-2008-7074.json index 5d62d7cf6c5..168fa5363e3 100644 --- a/2008/7xxx/CVE-2008-7074.json +++ b/2008/7xxx/CVE-2008-7074.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled \"when displaying the signon message.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7249", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7249" - }, - { - "name" : "http://memecode.com/site/ver.php?id=264", - "refsource" : "CONFIRM", - "url" : "http://memecode.com/site/ver.php?id=264" - }, - { - "name" : "32497", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32497" - }, - { - "name" : "50232", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50232" - }, - { - "name" : "32906", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32906" - }, - { - "name" : "iscribe-smtp-format-string(46970)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46970" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled \"when displaying the signon message.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://memecode.com/site/ver.php?id=264", + "refsource": "CONFIRM", + "url": "http://memecode.com/site/ver.php?id=264" + }, + { + "name": "iscribe-smtp-format-string(46970)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46970" + }, + { + "name": "32906", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32906" + }, + { + "name": "7249", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7249" + }, + { + "name": "50232", + "refsource": "OSVDB", + "url": "http://osvdb.org/50232" + }, + { + "name": "32497", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32497" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7118.json b/2008/7xxx/CVE-2008-7118.json index 46430c5a64a..8b24652f92f 100644 --- a/2008/7xxx/CVE-2008-7118.json +++ b/2008/7xxx/CVE-2008-7118.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6339", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6339" - }, - { - "name" : "30945", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30945" - }, - { - "name" : "webid-cron-info-disclosure(44820)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44820" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webid-cron-info-disclosure(44820)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44820" + }, + { + "name": "6339", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6339" + }, + { + "name": "30945", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30945" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5433.json b/2012/5xxx/CVE-2012-5433.json index 793f6f9cefc..074baf424d0 100644 --- a/2012/5xxx/CVE-2012-5433.json +++ b/2012/5xxx/CVE-2012-5433.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5433", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5433", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5900.json b/2012/5xxx/CVE-2012-5900.json index 7edf5d07606..4fc24e24a07 100644 --- a/2012/5xxx/CVE-2012-5900.json +++ b/2012/5xxx/CVE-2012-5900.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18687", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18687" - }, - { - "name" : "http://packetstormsecurity.org/files/111415/Landshop-0.9.2-Cross-Site-Scripting-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/111415/Landshop-0.9.2-Cross-Site-Scripting-SQL-Injection.html" - }, - { - "name" : "http://vulnerability-lab.com/get_content.php?id=485", - "refsource" : "MISC", - "url" : "http://vulnerability-lab.com/get_content.php?id=485" - }, - { - "name" : "80796", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80796" - }, - { - "name" : "80797", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80797" - }, - { - "name" : "80798", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80798" - }, - { - "name" : "48661", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "80798", + "refsource": "OSVDB", + "url": "http://osvdb.org/80798" + }, + { + "name": "48661", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48661" + }, + { + "name": "http://vulnerability-lab.com/get_content.php?id=485", + "refsource": "MISC", + "url": "http://vulnerability-lab.com/get_content.php?id=485" + }, + { + "name": "80796", + "refsource": "OSVDB", + "url": "http://osvdb.org/80796" + }, + { + "name": "80797", + "refsource": "OSVDB", + "url": "http://osvdb.org/80797" + }, + { + "name": "18687", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18687" + }, + { + "name": "http://packetstormsecurity.org/files/111415/Landshop-0.9.2-Cross-Site-Scripting-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/111415/Landshop-0.9.2-Cross-Site-Scripting-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11059.json b/2017/11xxx/CVE-2017-11059.json index 7a0d7594a71..dbea72ee8ae 100644 --- a/2017/11xxx/CVE-2017-11059.json +++ b/2017/11xxx/CVE-2017-11059.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-10-02T00:00:00", - "ID" : "CVE-2017-11059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, setting the HMAC key by different threads during SHA operations may potentially lead to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-10-02T00:00:00", + "ID": "CVE-2017-11059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-10-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-10-01" - }, - { - "name" : "101160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, setting the HMAC key by different threads during SHA operations may potentially lead to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" + }, + { + "name": "101160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101160" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11078.json b/2017/11xxx/CVE-2017-11078.json index 6e0157b2a45..3f509718dc9 100644 --- a/2017/11xxx/CVE-2017-11078.json +++ b/2017/11xxx/CVE-2017-11078.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-11078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the boot image header, an out of bounds read can occur in boot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-11078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=c975b4c716511c9086f6eb885f9a3524c428a19b", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=c975b4c716511c9086f6eb885f9a3524c428a19b" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the boot image header, an out of bounds read can occur in boot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=c975b4c716511c9086f6eb885f9a3524c428a19b", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=c975b4c716511c9086f6eb885f9a3524c428a19b" + }, + { + "name": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11149.json b/2017/11xxx/CVE-2017-11149.json index 35406cb61ac..af3a9392e1c 100644 --- a/2017/11xxx/CVE-2017-11149.json +++ b/2017/11xxx/CVE-2017-11149.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "DATE_PUBLIC" : "2017-08-11T00:00:00", - "ID" : "CVE-2017-11149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Synology Download Station", - "version" : { - "version_data" : [ - { - "version_value" : "3.8.x before 3.8.5-3475 and 3.x before 3.5-2984" - } - ] - } - } - ] - }, - "vendor_name" : "Synology" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Server-Side Request Forgery (CWE-918)" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "DATE_PUBLIC": "2017-08-11T00:00:00", + "ID": "CVE-2017-11149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Synology Download Station", + "version": { + "version_data": [ + { + "version_value": "3.8.x before 3.8.5-3475 and 3.x before 3.5-2984" + } + ] + } + } + ] + }, + "vendor_name": "Synology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-Side Request Forgery (CWE-918)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station", + "refsource": "CONFIRM", + "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11175.json b/2017/11xxx/CVE-2017-11175.json index 5341527c660..a4363f04813 100644 --- a/2017/11xxx/CVE-2017-11175.json +++ b/2017/11xxx/CVE-2017-11175.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /login." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/miruser/Roche-CVEs/blob/master/CVE-2017-11175.md", - "refsource" : "MISC", - "url" : "https://github.com/miruser/Roche-CVEs/blob/master/CVE-2017-11175.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/miruser/Roche-CVEs/blob/master/CVE-2017-11175.md", + "refsource": "MISC", + "url": "https://github.com/miruser/Roche-CVEs/blob/master/CVE-2017-11175.md" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11531.json b/2017/11xxx/CVE-2017-11531.json index 57e7a16fcd4..9646800c02a 100644 --- a/2017/11xxx/CVE-2017-11531.json +++ b/2017/11xxx/CVE-2017-11531.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/566", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/566" - }, - { - "name" : "99998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99998" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/566", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/566" + }, + { + "name": "99998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99998" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11603.json b/2017/11xxx/CVE-2017-11603.json index f9632f28092..f536b2749ef 100644 --- a/2017/11xxx/CVE-2017-11603.json +++ b/2017/11xxx/CVE-2017-11603.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11603", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11603", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14409.json b/2017/14xxx/CVE-2017-14409.json index fcd7cac43aa..4332f16b3a1 100644 --- a/2017/14xxx/CVE-2017-14409.json +++ b/2017/14xxx/CVE-2017-14409.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14409", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A buffer overflow was discovered in III_dequantize_sample in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_dequantize_sample-mpglibdbllayer3-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_dequantize_sample-mpglibdbllayer3-c/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A buffer overflow was discovered in III_dequantize_sample in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_dequantize_sample-mpglibdbllayer3-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_dequantize_sample-mpglibdbllayer3-c/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14527.json b/2017/14xxx/CVE-2017-14527.json index 10bd39995fc..39314b8cc81 100644 --- a/2017/14xxx/CVE-2017-14527.json +++ b/2017/14xxx/CVE-2017-14527.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170925 OpenText Documentum Administrator and Webtop - XML External Entity Injection", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Sep/58" - }, - { - "name" : "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774", - "refsource" : "CONFIRM", - "url" : "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20170925 OpenText Documentum Administrator and Webtop - XML External Entity Injection", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Sep/58" + }, + { + "name": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774", + "refsource": "CONFIRM", + "url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14754.json b/2017/14xxx/CVE-2017-14754.json index ac086846972..9f7a5096d19 100644 --- a/2017/14xxx/CVE-2017-14754.json +++ b/2017/14xxx/CVE-2017-14754.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource_group_xsd.jsp, parameter: xsd_datasource_schema_file filename. In order for this vulnerability to be exploited, an attacker must authenticate to the application first." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Sep/92", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Sep/92" - }, - { - "name" : "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774", - "refsource" : "MISC", - "url" : "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource_group_xsd.jsp, parameter: xsd_datasource_schema_file filename. In order for this vulnerability to be exploited, an attacker must authenticate to the application first." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Sep/92", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Sep/92" + }, + { + "name": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774", + "refsource": "MISC", + "url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14821.json b/2017/14xxx/CVE-2017-14821.json index 01ef712375a..38c7ca94cad 100644 --- a/2017/14xxx/CVE-2017-14821.json +++ b/2017/14xxx/CVE-2017-14821.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-14821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "8.3.1.21155" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the xTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5013." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125-Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-14821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "8.3.1.21155" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-865", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-865" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the xTsiz member of SIZ markers. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5013." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-865", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-865" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14958.json b/2017/14xxx/CVE-2017-14958.json index b63b54fa7bc..b870f4040dd 100644 --- a/2017/14xxx/CVE-2017-14958.json +++ b/2017/14xxx/CVE-2017-14958.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14958", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceforge.net/p/pivot-weblog/code/4490/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/pivot-weblog/code/4490/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/pivot-weblog/code/4490/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/pivot-weblog/code/4490/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15363.json b/2017/15xxx/CVE-2017-15363.json index 9d3f99ab3a2..04850079659 100644 --- a/2017/15xxx/CVE-2017-15363.json +++ b/2017/15xxx/CVE-2017-15363.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://extensions.typo3.org/extension/download/restler/1.7.1/zip/", - "refsource" : "MISC", - "url" : "https://extensions.typo3.org/extension/download/restler/1.7.1/zip/" - }, - { - "name" : "https://extensions.typo3.org/extension/restler/", - "refsource" : "MISC", - "url" : "https://extensions.typo3.org/extension/restler/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://extensions.typo3.org/extension/restler/", + "refsource": "MISC", + "url": "https://extensions.typo3.org/extension/restler/" + }, + { + "name": "https://extensions.typo3.org/extension/download/restler/1.7.1/zip/", + "refsource": "MISC", + "url": "https://extensions.typo3.org/extension/download/restler/1.7.1/zip/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15526.json b/2017/15xxx/CVE-2017-15526.json index 161667f8a4d..b4d84360ea7 100644 --- a/2017/15xxx/CVE-2017-15526.json +++ b/2017/15xxx/CVE-2017-15526.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@symantec.com", - "DATE_PUBLIC" : "2017-11-13T00:00:00", - "ID" : "CVE-2017-15526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Symantec Endpoint Encryption", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to SEE v11.1.3MP1" - } - ] - } - } - ] - }, - "vendor_name" : "Symantec Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Null Pointer De-reference" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "DATE_PUBLIC": "2017-11-13T00:00:00", + "ID": "CVE-2017-15526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Symantec Endpoint Encryption", + "version": { + "version_data": [ + { + "version_value": "Prior to SEE v11.1.3MP1" + } + ] + } + } + ] + }, + "vendor_name": "Symantec Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171113_00", - "refsource" : "CONFIRM", - "url" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171113_00" - }, - { - "name" : "101698", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Null Pointer De-reference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171113_00", + "refsource": "CONFIRM", + "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171113_00" + }, + { + "name": "101698", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101698" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15537.json b/2017/15xxx/CVE-2017-15537.json index f9143d4148e..dd38c6d848d 100644 --- a/2017/15xxx/CVE-2017-15537.json +++ b/2017/15xxx/CVE-2017-15537.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=814fb7bb7db5433757d76f4c4502c96fc53b0b5e", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=814fb7bb7db5433757d76f4c4502c96fc53b0b5e" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5" - }, - { - "name" : "https://github.com/torvalds/linux/commit/814fb7bb7db5433757d76f4c4502c96fc53b0b5e", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/814fb7bb7db5433757d76f4c4502c96fc53b0b5e" - }, - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/814fb7bb7db5433757d76f4c4502c96fc53b0b5e", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/814fb7bb7db5433757d76f4c4502c96fc53b0b5e" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=814fb7bb7db5433757d76f4c4502c96fc53b0b5e", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=814fb7bb7db5433757d76f4c4502c96fc53b0b5e" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15888.json b/2017/15xxx/CVE-2017-15888.json index 822fe6e2444..a3ca80c4d0b 100644 --- a/2017/15xxx/CVE-2017-15888.json +++ b/2017/15xxx/CVE-2017-15888.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "DATE_PUBLIC" : "2017-10-30T00:00:00", - "ID" : "CVE-2017-15888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Synology Audio Station", - "version" : { - "version_data" : [ - { - "version_value" : "before 6.3.0-3260" - } - ] - } - } - ] - }, - "vendor_name" : "Synology" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Neutralization of Input During Web Page Generation (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "DATE_PUBLIC": "2017-10-30T00:00:00", + "ID": "CVE-2017-15888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Synology Audio Station", + "version": { + "version_data": [ + { + "version_value": "before 6.3.0-3260" + } + ] + } + } + ] + }, + "vendor_name": "Synology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.synology.com/en-global/support/security/Synology_SA_17_61_Audio_Station", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/en-global/support/security/Synology_SA_17_61_Audio_Station" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.synology.com/en-global/support/security/Synology_SA_17_61_Audio_Station", + "refsource": "CONFIRM", + "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_61_Audio_Station" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15978.json b/2017/15xxx/CVE-2017-15978.json index 6d6acc9056a..0e82ff214d0 100644 --- a/2017/15xxx/CVE-2017-15978.json +++ b/2017/15xxx/CVE-2017-15978.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43081", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43081/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43081", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43081/" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8627.json b/2017/8xxx/CVE-2017-8627.json index 4204d3dbf22..f3b89d64aec 100644 --- a/2017/8xxx/CVE-2017-8627.json +++ b/2017/8xxx/CVE-2017-8627.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-8627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Subsystem for Linux", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 1703" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows Subsystem for Linux in Windows 10 1703, allows a denial of service vulnerability due to the way it handles objects in memory, aka \"Windows Subsystem for Linux Denial of Service Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-8627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Subsystem for Linux", + "version": { + "version_data": [ + { + "version_value": "Windows 10 1703" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8627", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8627" - }, - { - "name" : "100065", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100065" - }, - { - "name" : "1039103", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows Subsystem for Linux in Windows 10 1703, allows a denial of service vulnerability due to the way it handles objects in memory, aka \"Windows Subsystem for Linux Denial of Service Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8627", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8627" + }, + { + "name": "100065", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100065" + }, + { + "name": "1039103", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039103" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8701.json b/2017/8xxx/CVE-2017-8701.json index c63b58e797e..b055db501d7 100644 --- a/2017/8xxx/CVE-2017-8701.json +++ b/2017/8xxx/CVE-2017-8701.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8701", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8701", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8761.json b/2017/8xxx/CVE-2017-8761.json index 8db0a2e8d1b..956937a8ec5 100644 --- a/2017/8xxx/CVE-2017-8761.json +++ b/2017/8xxx/CVE-2017-8761.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8761", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8761", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8802.json b/2017/8xxx/CVE-2017-8802.json index 51c8d14a6e5..f36bd568deb 100644 --- a/2017/8xxx/CVE-2017-8802.json +++ b/2017/8xxx/CVE-2017-8802.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.8.0 Beta2 might allow remote attackers to inject arbitrary web script or HTML via vectors related to the \"Show Snippet\" functionality." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180111 CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/541661/100/0/threaded" - }, - { - "name" : "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-001_zimbra_stored_xss.txt", - "refsource" : "MISC", - "url" : "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-001_zimbra_stored_xss.txt" - }, - { - "name" : "https://bugzilla.zimbra.com/show_bug.cgi?id=107925", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.zimbra.com/show_bug.cgi?id=107925" - }, - { - "name" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", - "refsource" : "CONFIRM", - "url" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.8.0 Beta2 might allow remote attackers to inject arbitrary web script or HTML via vectors related to the \"Show Snippet\" functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=107925", + "refsource": "CONFIRM", + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=107925" + }, + { + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "CONFIRM", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "name": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-001_zimbra_stored_xss.txt", + "refsource": "MISC", + "url": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-001_zimbra_stored_xss.txt" + }, + { + "name": "20180111 CVE-2017-8802 Zimbra Collaboration Suite - Stored Cross-Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/541661/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8899.json b/2017/8xxx/CVE-2017-8899.json index d66aaeb82c7..2676fe7c3ff 100644 --- a/2017/8xxx/CVE-2017-8899.json +++ b/2017/8xxx/CVE-2017-8899.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The primary cause is the ability to upload an SVG document with a crafted attribute such an onload; however, full path disclosure is required for exploitation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zeroday.insecurity.zone/exploits/ipb_owned.txt", - "refsource" : "MISC", - "url" : "http://zeroday.insecurity.zone/exploits/ipb_owned.txt" - }, - { - "name" : "https://twitter.com/insecurity/status/862154908895780864", - "refsource" : "MISC", - "url" : "https://twitter.com/insecurity/status/862154908895780864" - }, - { - "name" : "https://twitter.com/sxcurity/status/862284967715381248", - "refsource" : "MISC", - "url" : "https://twitter.com/sxcurity/status/862284967715381248" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The primary cause is the ability to upload an SVG document with a crafted attribute such an onload; however, full path disclosure is required for exploitation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://zeroday.insecurity.zone/exploits/ipb_owned.txt", + "refsource": "MISC", + "url": "http://zeroday.insecurity.zone/exploits/ipb_owned.txt" + }, + { + "name": "https://twitter.com/insecurity/status/862154908895780864", + "refsource": "MISC", + "url": "https://twitter.com/insecurity/status/862154908895780864" + }, + { + "name": "https://twitter.com/sxcurity/status/862284967715381248", + "refsource": "MISC", + "url": "https://twitter.com/sxcurity/status/862284967715381248" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8904.json b/2017/8xxx/CVE-2017-8904.json index f63e2e83181..1736b4db39e 100644 --- a/2017/8xxx/CVE-2017-8904.json +++ b/2017/8xxx/CVE-2017-8904.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Xen through 4.8.x mishandles the \"contains segment descriptors\" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.xenproject.org/2017/05/02/updates-on-xsa-213-xsa-214-and-xsa-215/", - "refsource" : "CONFIRM", - "url" : "https://blog.xenproject.org/2017/05/02/updates-on-xsa-213-xsa-214-and-xsa-215/" - }, - { - "name" : "https://xenbits.xen.org/xsa/advisory-214.html", - "refsource" : "CONFIRM", - "url" : "https://xenbits.xen.org/xsa/advisory-214.html" - }, - { - "name" : "GLSA-201705-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-11" - }, - { - "name" : "98428", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98428" - }, - { - "name" : "1038387", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038387" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Xen through 4.8.x mishandles the \"contains segment descriptors\" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201705-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-11" + }, + { + "name": "98428", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98428" + }, + { + "name": "https://xenbits.xen.org/xsa/advisory-214.html", + "refsource": "CONFIRM", + "url": "https://xenbits.xen.org/xsa/advisory-214.html" + }, + { + "name": "https://blog.xenproject.org/2017/05/02/updates-on-xsa-213-xsa-214-and-xsa-215/", + "refsource": "CONFIRM", + "url": "https://blog.xenproject.org/2017/05/02/updates-on-xsa-213-xsa-214-and-xsa-215/" + }, + { + "name": "1038387", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038387" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12096.json b/2018/12xxx/CVE-2018-12096.json index e4111e2ab68..a57870980b6 100644 --- a/2018/12xxx/CVE-2018-12096.json +++ b/2018/12xxx/CVE-2018-12096.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** The liblnk_data_string_get_utf8_string_size function in liblnk_data_string.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180614 liblnk 20180419 vulns", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jun/33" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** The liblnk_data_string_get_utf8_string_size function in liblnk_data_string.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180614 liblnk 20180419 vulns", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jun/33" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12137.json b/2018/12xxx/CVE-2018-12137.json index 3c67391c170..517aec32b9b 100644 --- a/2018/12xxx/CVE-2018-12137.json +++ b/2018/12xxx/CVE-2018-12137.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12137", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12137", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12375.json b/2018/12xxx/CVE-2018-12375.json index 8dcdc7b142e..84da6823d4a 100644 --- a/2018/12xxx/CVE-2018-12375.json +++ b/2018/12xxx/CVE-2018-12375.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-12375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "62" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory safety bugs fixed in Firefox 62" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-12375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "62" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1478849%2C1433502%2C1480965%2C894215%2C1462693%2C1475431%2C1461027", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1478849%2C1433502%2C1480965%2C894215%2C1462693%2C1475431%2C1461027" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-20/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-20/" - }, - { - "name" : "USN-3761-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3761-1/" - }, - { - "name" : "105276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105276" - }, - { - "name" : "1041610", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041610" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory safety bugs present in Firefox 61. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 62" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-20/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-20/" + }, + { + "name": "1041610", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041610" + }, + { + "name": "105276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105276" + }, + { + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1478849%2C1433502%2C1480965%2C894215%2C1462693%2C1475431%2C1461027", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1478849%2C1433502%2C1480965%2C894215%2C1462693%2C1475431%2C1461027" + }, + { + "name": "USN-3761-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3761-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13340.json b/2018/13xxx/CVE-2018-13340.json index 8897308ee9e..cba99615388 100644 --- a/2018/13xxx/CVE-2018-13340.json +++ b/2018/13xxx/CVE-2018-13340.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/gleez/cms/issues/795", - "refsource" : "MISC", - "url" : "https://github.com/gleez/cms/issues/795" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/gleez/cms/issues/795", + "refsource": "MISC", + "url": "https://github.com/gleez/cms/issues/795" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13549.json b/2018/13xxx/CVE-2018-13549.json index f6e8a6e4f3b..8952c532685 100644 --- a/2018/13xxx/CVE-2018-13549.json +++ b/2018/13xxx/CVE-2018-13549.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for NeuroToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NeuroToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NeuroToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for NeuroToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NeuroToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NeuroToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13741.json b/2018/13xxx/CVE-2018-13741.json index 429205aeda6..5b9a9e4ebd6 100644 --- a/2018/13xxx/CVE-2018-13741.json +++ b/2018/13xxx/CVE-2018-13741.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for ABLGenesisToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ABLGenesisToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ABLGenesisToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for ABLGenesisToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ABLGenesisToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ABLGenesisToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13786.json b/2018/13xxx/CVE-2018-13786.json index b7072038d9b..1283222d260 100644 --- a/2018/13xxx/CVE-2018-13786.json +++ b/2018/13xxx/CVE-2018-13786.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13786", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13786", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16204.json b/2018/16xxx/CVE-2018-16204.json index b5368251d9a..5b0b3786b60 100644 --- a/2018/16xxx/CVE-2018-16204.json +++ b/2018/16xxx/CVE-2018-16204.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-16204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google XML Sitemaps", - "version" : { - "version_data" : [ - { - "version_value" : "Version 4.0.9 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Arne Brachhold" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Google XML Sitemaps Version 4.0.9 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google XML Sitemaps", + "version": { + "version_data": [ + { + "version_value": "Version 4.0.9 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Arne Brachhold" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://wordpress.org/plugins/google-sitemap-generator/#developers", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/google-sitemap-generator/#developers" - }, - { - "name" : "JVN#27052429", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN27052429/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Google XML Sitemaps Version 4.0.9 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/google-sitemap-generator/#developers", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/google-sitemap-generator/#developers" + }, + { + "name": "JVN#27052429", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN27052429/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16792.json b/2018/16xxx/CVE-2018-16792.json index 4734609194d..f6d960dac8e 100644 --- a/2018/16xxx/CVE-2018-16792.json +++ b/2018/16xxx/CVE-2018-16792.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181201 SolarWinds SFTP Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "https://seclists.org/fulldisclosure/2018/Dec/0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181201 SolarWinds SFTP Vulnerabilities", + "refsource": "FULLDISC", + "url": "https://seclists.org/fulldisclosure/2018/Dec/0" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16812.json b/2018/16xxx/CVE-2018-16812.json index 96cc7858470..ea1c0edc107 100644 --- a/2018/16xxx/CVE-2018-16812.json +++ b/2018/16xxx/CVE-2018-16812.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16812", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16812", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17513.json b/2018/17xxx/CVE-2018-17513.json index 9146491d61d..347fb3dc2b5 100644 --- a/2018/17xxx/CVE-2018-17513.json +++ b/2018/17xxx/CVE-2018-17513.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17513", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17513", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4360.json b/2018/4xxx/CVE-2018-4360.json index 3e2d946b6a4..12289d7c3d9 100644 --- a/2018/4xxx/CVE-2018-4360.json +++ b/2018/4xxx/CVE-2018-4360.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4360", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4360", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4466.json b/2018/4xxx/CVE-2018-4466.json index 36d29501e41..9cf2b886e31 100644 --- a/2018/4xxx/CVE-2018-4466.json +++ b/2018/4xxx/CVE-2018-4466.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4466", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4466", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4577.json b/2018/4xxx/CVE-2018-4577.json index 6e4c55aac33..f96922f1b2b 100644 --- a/2018/4xxx/CVE-2018-4577.json +++ b/2018/4xxx/CVE-2018-4577.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4577", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4577", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4898.json b/2018/4xxx/CVE-2018-4898.json index d3d3bdcbb5c..7fa8eb2ad68 100644 --- a/2018/4xxx/CVE-2018-4898.json +++ b/2018/4xxx/CVE-2018-4898.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the XPS engine that adds vector graphics and images to a fixed page. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds write" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "name" : "102994", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102994" - }, - { - "name" : "1040364", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the XPS engine that adds vector graphics and images to a fixed page. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" + }, + { + "name": "1040364", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040364" + }, + { + "name": "102994", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102994" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4964.json b/2018/4xxx/CVE-2018-4964.json index 21fe9167695..27d9eeca74a 100644 --- a/2018/4xxx/CVE-2018-4964.json +++ b/2018/4xxx/CVE-2018-4964.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4964", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" - }, - { - "name" : "104175", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104175" - }, - { - "name" : "1040920", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" + }, + { + "name": "1040920", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040920" + }, + { + "name": "104175", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104175" + } + ] + } +} \ No newline at end of file