From 81bedd82e42984041fadab88bd94a2a43ad665d2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:53:58 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2003/1xxx/CVE-2003-1309.json | 200 +++++++-------- 2003/1xxx/CVE-2003-1349.json | 160 ++++++------ 2004/0xxx/CVE-2004-0078.json | 250 +++++++++---------- 2004/0xxx/CVE-2004-0176.json | 370 +++++++++++++-------------- 2004/0xxx/CVE-2004-0546.json | 34 +-- 2004/0xxx/CVE-2004-0872.json | 150 +++++------ 2004/0xxx/CVE-2004-0945.json | 140 +++++------ 2004/1xxx/CVE-2004-1108.json | 160 ++++++------ 2004/1xxx/CVE-2004-1257.json | 130 +++++----- 2004/2xxx/CVE-2004-2216.json | 170 ++++++------- 2004/2xxx/CVE-2004-2346.json | 130 +++++----- 2004/2xxx/CVE-2004-2615.json | 150 +++++------ 2008/2xxx/CVE-2008-2284.json | 140 +++++------ 2008/2xxx/CVE-2008-2518.json | 170 ++++++------- 2008/2xxx/CVE-2008-2936.json | 440 ++++++++++++++++----------------- 2008/2xxx/CVE-2008-2972.json | 150 +++++------ 2008/6xxx/CVE-2008-6072.json | 180 +++++++------- 2008/6xxx/CVE-2008-6097.json | 170 ++++++------- 2008/6xxx/CVE-2008-6152.json | 150 +++++------ 2008/6xxx/CVE-2008-6895.json | 130 +++++----- 2012/1xxx/CVE-2012-1196.json | 160 ++++++------ 2012/5xxx/CVE-2012-5050.json | 170 ++++++------- 2012/5xxx/CVE-2012-5306.json | 170 ++++++------- 2012/5xxx/CVE-2012-5604.json | 130 +++++----- 2012/5xxx/CVE-2012-5655.json | 170 ++++++------- 2012/5xxx/CVE-2012-5915.json | 130 +++++----- 2017/11xxx/CVE-2017-11123.json | 34 +-- 2017/11xxx/CVE-2017-11132.json | 120 ++++----- 2017/11xxx/CVE-2017-11513.json | 34 +-- 2017/11xxx/CVE-2017-11782.json | 142 +++++------ 2017/15xxx/CVE-2017-15002.json | 34 +-- 2017/15xxx/CVE-2017-15387.json | 170 ++++++------- 2017/15xxx/CVE-2017-15842.json | 122 ++++----- 2017/15xxx/CVE-2017-15859.json | 132 +++++----- 2017/3xxx/CVE-2017-3109.json | 140 +++++------ 2017/3xxx/CVE-2017-3329.json | 168 ++++++------- 2017/3xxx/CVE-2017-3403.json | 166 ++++++------- 2017/3xxx/CVE-2017-3408.json | 166 ++++++------- 2017/8xxx/CVE-2017-8009.json | 34 +-- 2017/8xxx/CVE-2017-8084.json | 34 +-- 2017/8xxx/CVE-2017-8329.json | 34 +-- 2017/8xxx/CVE-2017-8467.json | 142 +++++------ 2018/10xxx/CVE-2018-10035.json | 34 +-- 2018/12xxx/CVE-2018-12329.json | 120 ++++----- 2018/12xxx/CVE-2018-12912.json | 130 +++++----- 2018/13xxx/CVE-2018-13306.json | 120 ++++----- 2018/13xxx/CVE-2018-13433.json | 120 ++++----- 2018/13xxx/CVE-2018-13964.json | 34 +-- 2018/16xxx/CVE-2018-16743.json | 120 ++++----- 2018/16xxx/CVE-2018-16994.json | 34 +-- 2018/17xxx/CVE-2018-17042.json | 130 +++++----- 2018/17xxx/CVE-2018-17180.json | 34 +-- 2018/17xxx/CVE-2018-17639.json | 130 +++++----- 2018/17xxx/CVE-2018-17675.json | 130 +++++----- 2018/17xxx/CVE-2018-17720.json | 34 +-- 2018/17xxx/CVE-2018-17915.json | 122 ++++----- 56 files changed, 3734 insertions(+), 3734 deletions(-) diff --git a/2003/1xxx/CVE-2003-1309.json b/2003/1xxx/CVE-2003-1309.json index aca179cda2f..c380a9003a6 100644 --- a/2003/1xxx/CVE-2003-1309.json +++ b/2003/1xxx/CVE-2003-1309.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certain signals (aka \"Device Driver Attack\")." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030805 Local ZoneAlarm Firewall (probably all versions - tested on v3.1)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0070.html" - }, - { - "name" : "http://sec-labs.hack.pl/advisories/seclabs-adv-zone-alarm-04-08-2003.txt", - "refsource" : "MISC", - "url" : "http://sec-labs.hack.pl/advisories/seclabs-adv-zone-alarm-04-08-2003.txt" - }, - { - "name" : "http://sec-labs.hack.pl/papers/win32ddc.php", - "refsource" : "MISC", - "url" : "http://sec-labs.hack.pl/papers/win32ddc.php" - }, - { - "name" : "http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html", - "refsource" : "CONFIRM", - "url" : "http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html" - }, - { - "name" : "8342", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8342" - }, - { - "name" : "2375", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2375" - }, - { - "name" : "4362", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4362" - }, - { - "name" : "9459", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9459" - }, - { - "name" : "device-driver-gain-privileges(12824)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certain signals (aka \"Device Driver Attack\")." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4362", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4362" + }, + { + "name": "8342", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8342" + }, + { + "name": "device-driver-gain-privileges(12824)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12824" + }, + { + "name": "http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html", + "refsource": "CONFIRM", + "url": "http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html" + }, + { + "name": "http://sec-labs.hack.pl/papers/win32ddc.php", + "refsource": "MISC", + "url": "http://sec-labs.hack.pl/papers/win32ddc.php" + }, + { + "name": "http://sec-labs.hack.pl/advisories/seclabs-adv-zone-alarm-04-08-2003.txt", + "refsource": "MISC", + "url": "http://sec-labs.hack.pl/advisories/seclabs-adv-zone-alarm-04-08-2003.txt" + }, + { + "name": "2375", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2375" + }, + { + "name": "9459", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9459" + }, + { + "name": "20030805 Local ZoneAlarm Firewall (probably all versions - tested on v3.1)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0070.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1349.json b/2003/1xxx/CVE-2003-1349.json index 1510e8cb637..6717c92972b 100644 --- a/2003/1xxx/CVE-2003-1349.json +++ b/2003/1xxx/CVE-2003-1349.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 allows remote attackers to list arbitrary directories via a \"\\..\" (backslash dot dot) in the CD (CWD) command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030115 Directory traversal vulnerabilities found in NITE ftp-server version 1.83", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0022.html" - }, - { - "name" : "6648", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6648" - }, - { - "name" : "1005923", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1005923" - }, - { - "name" : "7879", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/7879" - }, - { - "name" : "niteserver-dotdot-directory-traversal(11062)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11062" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 allows remote attackers to list arbitrary directories via a \"\\..\" (backslash dot dot) in the CD (CWD) command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7879", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/7879" + }, + { + "name": "20030115 Directory traversal vulnerabilities found in NITE ftp-server version 1.83", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0022.html" + }, + { + "name": "1005923", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1005923" + }, + { + "name": "niteserver-dotdot-directory-traversal(11062)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11062" + }, + { + "name": "6648", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6648" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0078.json b/2004/0xxx/CVE-2004-0078.json index c05969b89df..8a5568c89ff 100644 --- a/2004/0xxx/CVE-2004-0078.json +++ b/2004/0xxx/CVE-2004-0078.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0078", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0078", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040211 Mutt-1.4.2 fixes buffer overflow.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107651677817933&w=2" - }, - { - "name" : "CSSA-2004-013.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-013.0.txt" - }, - { - "name" : "RHSA-2004:050", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-050.html" - }, - { - "name" : "RHSA-2004:051", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-051.html" - }, - { - "name" : "MDKSA-2004:010", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:010" - }, - { - "name" : "SSA:2004-043", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053" - }, - { - "name" : "http://bugs.debian.org/126336", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/126336" - }, - { - "name" : "20040215 LNSA-#2004-0001: mutt remote crash", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107696262905039&w=2" - }, - { - "name" : "20040309 [OpenPKG-SA-2004.005] OpenPKG Security Advisory (mutt)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107884956930903&w=2" - }, - { - "name" : "mutt-index-menu-bo(15134)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15134" - }, - { - "name" : "9641", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9641" - }, - { - "name" : "3918", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3918" - }, - { - "name" : "oval:org.mitre.oval:def:811", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A811" - }, - { - "name" : "oval:org.mitre.oval:def:838", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSA:2004-043", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053" + }, + { + "name": "http://bugs.debian.org/126336", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/126336" + }, + { + "name": "20040215 LNSA-#2004-0001: mutt remote crash", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107696262905039&w=2" + }, + { + "name": "RHSA-2004:051", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-051.html" + }, + { + "name": "oval:org.mitre.oval:def:811", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A811" + }, + { + "name": "mutt-index-menu-bo(15134)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15134" + }, + { + "name": "oval:org.mitre.oval:def:838", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A838" + }, + { + "name": "9641", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9641" + }, + { + "name": "20040211 Mutt-1.4.2 fixes buffer overflow.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107651677817933&w=2" + }, + { + "name": "RHSA-2004:050", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-050.html" + }, + { + "name": "20040309 [OpenPKG-SA-2004.005] OpenPKG Security Advisory (mutt)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107884956930903&w=2" + }, + { + "name": "3918", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3918" + }, + { + "name": "MDKSA-2004:010", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:010" + }, + { + "name": "CSSA-2004-013.0", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-013.0.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0176.json b/2004/0xxx/CVE-2004-0176.json index 2f40fcaec7c..66f6f723bab 100644 --- a/2004/0xxx/CVE-2004-0176.json +++ b/2004/0xxx/CVE-2004-0176.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040323 Advisory 03/2004: Multiple (13) Ethereal remote overflows", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108007072215742&w=2" - }, - { - "name" : "http://security.e-matters.de/advisories/032004.html", - "refsource" : "MISC", - "url" : "http://security.e-matters.de/advisories/032004.html" - }, - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00013.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00013.html" - }, - { - "name" : "DSA-511", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-511" - }, - { - "name" : "20040329 LNSA-#2004-0007: Multiple security problems in Ethereal", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108058005324316&w=2" - }, - { - "name" : "GLSA-200403-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200403-07.xml" - }, - { - "name" : "RHSA-2004:136", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-136.html" - }, - { - "name" : "RHSA-2004:137", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-137.html" - }, - { - "name" : "CLA-2004:835", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835" - }, - { - "name" : "MDKSA-2004:024", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:024" - }, - { - "name" : "20040416 [OpenPKG-SA-2004.015] OpenPKG Security Advisory (ethereal)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108213710306260&w=2" - }, - { - "name" : "VU#119876", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/119876" - }, - { - "name" : "VU#125156", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/125156" - }, - { - "name" : "VU#433596", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/433596" - }, - { - "name" : "VU#591820", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/591820" - }, - { - "name" : "VU#644886", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/644886" - }, - { - "name" : "VU#659140", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/659140" - }, - { - "name" : "VU#740188", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/740188" - }, - { - "name" : "VU#864884", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/864884" - }, - { - "name" : "VU#931588", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/931588" - }, - { - "name" : "6893", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6893" - }, - { - "name" : "oval:org.mitre.oval:def:878", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A878" - }, - { - "name" : "oval:org.mitre.oval:def:887", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A887" - }, - { - "name" : "oval:org.mitre.oval:def:10187", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10187" - }, - { - "name" : "11185", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11185" - }, - { - "name" : "ethereal-multiple-dissectors-bo(15569)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15569" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#659140", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/659140" + }, + { + "name": "GLSA-200403-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200403-07.xml" + }, + { + "name": "RHSA-2004:137", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-137.html" + }, + { + "name": "DSA-511", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-511" + }, + { + "name": "RHSA-2004:136", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-136.html" + }, + { + "name": "oval:org.mitre.oval:def:10187", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10187" + }, + { + "name": "11185", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11185" + }, + { + "name": "20040329 LNSA-#2004-0007: Multiple security problems in Ethereal", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108058005324316&w=2" + }, + { + "name": "http://security.e-matters.de/advisories/032004.html", + "refsource": "MISC", + "url": "http://security.e-matters.de/advisories/032004.html" + }, + { + "name": "6893", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6893" + }, + { + "name": "CLA-2004:835", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000835" + }, + { + "name": "20040323 Advisory 03/2004: Multiple (13) Ethereal remote overflows", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108007072215742&w=2" + }, + { + "name": "VU#864884", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/864884" + }, + { + "name": "oval:org.mitre.oval:def:887", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A887" + }, + { + "name": "VU#119876", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/119876" + }, + { + "name": "VU#433596", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/433596" + }, + { + "name": "VU#591820", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/591820" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00013.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00013.html" + }, + { + "name": "VU#644886", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/644886" + }, + { + "name": "ethereal-multiple-dissectors-bo(15569)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15569" + }, + { + "name": "VU#740188", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/740188" + }, + { + "name": "VU#125156", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/125156" + }, + { + "name": "20040416 [OpenPKG-SA-2004.015] OpenPKG Security Advisory (ethereal)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108213710306260&w=2" + }, + { + "name": "VU#931588", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/931588" + }, + { + "name": "oval:org.mitre.oval:def:878", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A878" + }, + { + "name": "MDKSA-2004:024", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:024" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0546.json b/2004/0xxx/CVE-2004-0546.json index 64dacda61d9..a8c0834ba83 100644 --- a/2004/0xxx/CVE-2004-0546.json +++ b/2004/0xxx/CVE-2004-0546.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0546", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0546", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0872.json b/2004/0xxx/CVE-2004-0872.json index 7aebbcb407c..f11a3ae49ce 100644 --- a/2004/0xxx/CVE-2004-0872.json +++ b/2004/0xxx/CVE-2004-0872.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka \"Cross Security Boundary Cookie Injection.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://securityfocus.com/archive/1/375407" - }, - { - "name" : "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt", - "refsource" : "MISC", - "url" : "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt" - }, - { - "name" : "1011329", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011329" - }, - { - "name" : "web-browser-cookie-session-hijack(17417)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka \"Cross Security Boundary Cookie Injection.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1011329", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011329" + }, + { + "name": "20040916 wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://securityfocus.com/archive/1/375407" + }, + { + "name": "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt", + "refsource": "MISC", + "url": "http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt" + }, + { + "name": "web-browser-cookie-session-hijack(17417)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17417" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0945.json b/2004/0xxx/CVE-2004-0945.json index b7689b39918..24d9b7b49af 100644 --- a/2004/0xxx/CVE-2004-0945.json +++ b/2004/0xxx/CVE-2004-0945.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 allows remote authenticated users to cause a denial of service (resource exhaustion) via a large number of active sessions, which exceeds ICP's maximum." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.corsaire.com/advisories/c040817-003.txt", - "refsource" : "MISC", - "url" : "http://www.corsaire.com/advisories/c040817-003.txt" - }, - { - "name" : "http://www.mitel.com/DocController?documentId=14223", - "refsource" : "CONFIRM", - "url" : "http://www.mitel.com/DocController?documentId=14223" - }, - { - "name" : "http://www.niscc.gov.uk/niscc/docs/re-20050228-00178.pdf?lang=en", - "refsource" : "MISC", - "url" : "http://www.niscc.gov.uk/niscc/docs/re-20050228-00178.pdf?lang=en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 allows remote authenticated users to cause a denial of service (resource exhaustion) via a large number of active sessions, which exceeds ICP's maximum." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.niscc.gov.uk/niscc/docs/re-20050228-00178.pdf?lang=en", + "refsource": "MISC", + "url": "http://www.niscc.gov.uk/niscc/docs/re-20050228-00178.pdf?lang=en" + }, + { + "name": "http://www.corsaire.com/advisories/c040817-003.txt", + "refsource": "MISC", + "url": "http://www.corsaire.com/advisories/c040817-003.txt" + }, + { + "name": "http://www.mitel.com/DocController?documentId=14223", + "refsource": "CONFIRM", + "url": "http://www.mitel.com/DocController?documentId=14223" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1108.json b/2004/1xxx/CVE-2004-1108.json index 2f37bc27d41..f660e381749 100644 --- a/2004/1xxx/CVE-2004-1108.json +++ b/2004/1xxx/CVE-2004-1108.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200411-13", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200411-13.xml" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=68846", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=68846" - }, - { - "name" : "13108", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13108/" - }, - { - "name" : "11617", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11617" - }, - { - "name" : "gentoolkit-symlink(17968)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13108", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13108/" + }, + { + "name": "gentoolkit-symlink(17968)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17968" + }, + { + "name": "11617", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11617" + }, + { + "name": "GLSA-200411-13", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-13.xml" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=68846", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=68846" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1257.json b/2004/1xxx/CVE-2004-1257.json index cd18b4fced2..d813d2a8241 100644 --- a/2004/1xxx/CVE-2004-1257.json +++ b/2004/1xxx/CVE-2004-1257.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the process_abc function in abc.c for abc2mtex 1.6.1 allows remote attackers to execute arbitrary code via crafted ABC files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tigger.uic.edu/~jlongs2/holes/abc2mtex.txt", - "refsource" : "MISC", - "url" : "http://tigger.uic.edu/~jlongs2/holes/abc2mtex.txt" - }, - { - "name" : "abc2mtex-processabc-bo(18578)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18578" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the process_abc function in abc.c for abc2mtex 1.6.1 allows remote attackers to execute arbitrary code via crafted ABC files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "abc2mtex-processabc-bo(18578)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18578" + }, + { + "name": "http://tigger.uic.edu/~jlongs2/holes/abc2mtex.txt", + "refsource": "MISC", + "url": "http://tigger.uic.edu/~jlongs2/holes/abc2mtex.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2216.json b/2004/2xxx/CVE-2004-2216.json index 114e5e0ff1d..a03d5b4971f 100644 --- a/2004/2xxx/CVE-2004-2216.json +++ b/2004/2xxx/CVE-2004-2216.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "57669", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57669-1" - }, - { - "name" : "101589", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101589-1" - }, - { - "name" : "11593", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11593" - }, - { - "name" : "11383", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11383" - }, - { - "name" : "13072", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13072" - }, - { - "name" : "sun-java-web-application-dos(17941)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11383", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11383" + }, + { + "name": "57669", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57669-1" + }, + { + "name": "11593", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11593" + }, + { + "name": "101589", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101589-1" + }, + { + "name": "sun-java-web-application-dos(17941)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17941" + }, + { + "name": "13072", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13072" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2346.json b/2004/2xxx/CVE-2004-2346.json index f2787f6974f..4fca57d25ee 100644 --- a/2004/2xxx/CVE-2004-2346.json +++ b/2004/2xxx/CVE-2004-2346.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Forum Web Server 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Subject field in post1.htm and (2) the File Description field in postfile2.htm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1008896", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2004/Feb/1008896.html" - }, - { - "name" : "forumwebserver-multiple-xss(15018)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Forum Web Server 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Subject field in post1.htm and (2) the File Description field in postfile2.htm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1008896", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2004/Feb/1008896.html" + }, + { + "name": "forumwebserver-multiple-xss(15018)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15018" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2615.json b/2004/2xxx/CVE-2004-2615.json index 9a21a61181a..781498308c8 100644 --- a/2004/2xxx/CVE-2004-2615.json +++ b/2004/2xxx/CVE-2004-2615.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2615", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040829 CuteNews News.txt writable to world", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-08/0396.html" - }, - { - "name" : "9385", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/9385" - }, - { - "name" : "1011099", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011099" - }, - { - "name" : "cutenews-newstxt-world-writable(17161)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17161" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1011099", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011099" + }, + { + "name": "9385", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/9385" + }, + { + "name": "20040829 CuteNews News.txt writable to world", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-08/0396.html" + }, + { + "name": "cutenews-newstxt-world-writable(17161)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17161" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2284.json b/2008/2xxx/CVE-2008-2284.json index 09ed8cc711b..2413bbe8c0f 100644 --- a/2008/2xxx/CVE-2008-2284.json +++ b/2008/2xxx/CVE-2008-2284.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in fusebox5.php in Fusebox 5.5.1 allows remote attackers to execute arbitrary PHP code via a URL in the FUSEBOX_APPLICATION_PATH parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "29163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29163" - }, - { - "name" : "30178", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30178" - }, - { - "name" : "fusebox-fusebox5-file-include(42389)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42389" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in fusebox5.php in Fusebox 5.5.1 allows remote attackers to execute arbitrary PHP code via a URL in the FUSEBOX_APPLICATION_PATH parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30178", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30178" + }, + { + "name": "29163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29163" + }, + { + "name": "fusebox-fusebox5-file-include(42389)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42389" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2518.json b/2008/2xxx/CVE-2008-2518.json index fa16b71699f..23aa254b9dd 100644 --- a/2008/2xxx/CVE-2008-2518.json +++ b/2008/2xxx/CVE-2008-2518.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2518", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the advanced search mechanism (webapps/search/advanced.jsp) in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the next parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "236481", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236481-1" - }, - { - "name" : "29355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29355" - }, - { - "name" : "ADV-2008-1649", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1649/references" - }, - { - "name" : "1020110", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020110" - }, - { - "name" : "30381", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30381" - }, - { - "name" : "javasystem-advancedsearch-xss(42624)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the advanced search mechanism (webapps/search/advanced.jsp) in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the next parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1649", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1649/references" + }, + { + "name": "30381", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30381" + }, + { + "name": "javasystem-advancedsearch-xss(42624)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42624" + }, + { + "name": "29355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29355" + }, + { + "name": "236481", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236481-1" + }, + { + "name": "1020110", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020110" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2936.json b/2008/2xxx/CVE-2008-2936.json index 9cda2362a15..3a527e57815 100644 --- a/2008/2xxx/CVE-2008-2936.json +++ b/2008/2xxx/CVE-2008-2936.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-2936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080814 Postfix local privilege escalation via hardlinked symlinks", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495474/100/0/threaded" - }, - { - "name" : "20080831 PoCfix (PoC for Postfix local root vuln - CVE-2008-2936)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495882/100/0/threaded" - }, - { - "name" : "20080821 rPSA-2008-0259-1 postfix", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495632/100/0/threaded" - }, - { - "name" : "6337", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6337" - }, - { - "name" : "[postfix-announce] 20080814 Postfix local privilege escalation via hardlinked symlinks", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.mail.postfix.announce/110" - }, - { - "name" : "ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY" - }, - { - "name" : "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.3.15.HISTORY", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.3.15.HISTORY" - }, - { - "name" : "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.4.8.HISTORY", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.4.8.HISTORY" - }, - { - "name" : "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0259", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0259" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2689", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2689" - }, - { - "name" : "DSA-1629", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1629" - }, - { - "name" : "FEDORA-2008-8593", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html" - }, - { - "name" : "FEDORA-2008-8595", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html" - }, - { - "name" : "GLSA-200808-12", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200808-12.xml" - }, - { - "name" : "MDVSA-2008:171", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:171" - }, - { - "name" : "RHSA-2008:0839", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0839.html" - }, - { - "name" : "SUSE-SA:2008:040", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html" - }, - { - "name" : "USN-636-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/636-1/" - }, - { - "name" : "VU#938323", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/938323" - }, - { - "name" : "30691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30691" - }, - { - "name" : "oval:org.mitre.oval:def:10033", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10033" - }, - { - "name" : "ADV-2008-2385", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2385" - }, - { - "name" : "1020700", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020700" - }, - { - "name" : "31485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31485" - }, - { - "name" : "31500", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31500" - }, - { - "name" : "31469", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31469" - }, - { - "name" : "31477", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31477" - }, - { - "name" : "31530", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31530" - }, - { - "name" : "31474", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31474" - }, - { - "name" : "32231", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32231" - }, - { - "name" : "4160", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4160" - }, - { - "name" : "postfix-symlink-code-execution(44460)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44460" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2008-8595", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html" + }, + { + "name": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.3.15.HISTORY", + "refsource": "CONFIRM", + "url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.3.15.HISTORY" + }, + { + "name": "32231", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32231" + }, + { + "name": "31469", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31469" + }, + { + "name": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY", + "refsource": "CONFIRM", + "url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.5.4.HISTORY" + }, + { + "name": "DSA-1629", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1629" + }, + { + "name": "31530", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31530" + }, + { + "name": "FEDORA-2008-8593", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2689", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2689" + }, + { + "name": "1020700", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020700" + }, + { + "name": "20080821 rPSA-2008-0259-1 postfix", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495632/100/0/threaded" + }, + { + "name": "VU#938323", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/938323" + }, + { + "name": "[postfix-announce] 20080814 Postfix local privilege escalation via hardlinked symlinks", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.mail.postfix.announce/110" + }, + { + "name": "4160", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4160" + }, + { + "name": "30691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30691" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0259", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0259" + }, + { + "name": "SUSE-SA:2008:040", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00002.html" + }, + { + "name": "31474", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31474" + }, + { + "name": "20080831 PoCfix (PoC for Postfix local root vuln - CVE-2008-2936)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495882/100/0/threaded" + }, + { + "name": "postfix-symlink-code-execution(44460)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44460" + }, + { + "name": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.4.8.HISTORY", + "refsource": "CONFIRM", + "url": "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-2.4.8.HISTORY" + }, + { + "name": "6337", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6337" + }, + { + "name": "RHSA-2008:0839", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0839.html" + }, + { + "name": "ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY", + "refsource": "CONFIRM", + "url": "ftp://ftp.porcupine.org/mirrors/postfix-release/experimental/postfix-2.6-20080814.HISTORY" + }, + { + "name": "31500", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31500" + }, + { + "name": "oval:org.mitre.oval:def:10033", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10033" + }, + { + "name": "31477", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31477" + }, + { + "name": "31485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31485" + }, + { + "name": "USN-636-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/636-1/" + }, + { + "name": "MDVSA-2008:171", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:171" + }, + { + "name": "20080814 Postfix local privilege escalation via hardlinked symlinks", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495474/100/0/threaded" + }, + { + "name": "ADV-2008-2385", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2385" + }, + { + "name": "GLSA-200808-12", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200808-12.xml" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2972.json b/2008/2xxx/CVE-2008-2972.json index 3fe3150ded3..a8f79557eac 100644 --- a/2008/2xxx/CVE-2008-2972.json +++ b/2008/2xxx/CVE-2008-2972.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in KbLance allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a comment action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5883", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5883" - }, - { - "name" : "29859", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29859" - }, - { - "name" : "31123", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31123" - }, - { - "name" : "kblance-index-sql-injection(43272)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in KbLance allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a comment action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5883", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5883" + }, + { + "name": "31123", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31123" + }, + { + "name": "kblance-index-sql-injection(43272)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43272" + }, + { + "name": "29859", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29859" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6072.json b/2008/6xxx/CVE-2008-6072.json index 6b5545422df..d7cd10ec2b9 100644 --- a/2008/6xxx/CVE-2008-6072.json +++ b/2008/6xxx/CVE-2008-6072.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allow remote attackers to cause a denial of service (crash) via unspecified vectors in (1) XCF and (2) CINEON images." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/cineon.c", - "refsource" : "CONFIRM", - "url" : "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/cineon.c" - }, - { - "name" : "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/xcf.c", - "refsource" : "CONFIRM", - "url" : "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/xcf.c" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=604785", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=604785" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=604837", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=604837" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485" - }, - { - "name" : "29583", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29583" - }, - { - "name" : "30549", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allow remote attackers to cause a denial of service (crash) via unspecified vectors in (1) XCF and (2) CINEON images." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=604837", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=604837" + }, + { + "name": "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/xcf.c", + "refsource": "CONFIRM", + "url": "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/xcf.c" + }, + { + "name": "30549", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30549" + }, + { + "name": "29583", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29583" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=604837&group_id=73485" + }, + { + "name": "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/cineon.c", + "refsource": "CONFIRM", + "url": "http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/cineon.c" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=604785", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=604785" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6097.json b/2008/6xxx/CVE-2008-6097.json index 2095332a882..a9456b51961 100644 --- a/2008/6xxx/CVE-2008-6097.json +++ b/2008/6xxx/CVE-2008-6097.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before 1.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to index.php/Special/Main/keywordSearch, (2) revNum parameter to index.php/Edit/Main/Home, (3) to parameter to index.php/Special/Main/WhatLinksHere, (4) user parameter to index.php/Special/Main/UserEdits, and (5) the PATH_INFO to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=148518&release_id=647444", - "refsource" : "MISC", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=148518&release_id=647444" - }, - { - "name" : "http://www.digitrustgroup.com/advisories/web-application-security-wikyblog.html", - "refsource" : "MISC", - "url" : "http://www.digitrustgroup.com/advisories/web-application-security-wikyblog.html" - }, - { - "name" : "31525", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31525" - }, - { - "name" : "48790", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/48790" - }, - { - "name" : "32087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32087" - }, - { - "name" : "wikyblog-index-xss(45603)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before 1.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to index.php/Special/Main/keywordSearch, (2) revNum parameter to index.php/Edit/Main/Home, (3) to parameter to index.php/Special/Main/WhatLinksHere, (4) user parameter to index.php/Special/Main/UserEdits, and (5) the PATH_INFO to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32087" + }, + { + "name": "wikyblog-index-xss(45603)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45603" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=148518&release_id=647444", + "refsource": "MISC", + "url": "http://sourceforge.net/project/shownotes.php?group_id=148518&release_id=647444" + }, + { + "name": "48790", + "refsource": "OSVDB", + "url": "http://osvdb.org/48790" + }, + { + "name": "http://www.digitrustgroup.com/advisories/web-application-security-wikyblog.html", + "refsource": "MISC", + "url": "http://www.digitrustgroup.com/advisories/web-application-security-wikyblog.html" + }, + { + "name": "31525", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31525" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6152.json b/2008/6xxx/CVE-2008-6152.json index bf486af94d9..2ce19e811f3 100644 --- a/2008/6xxx/CVE-2008-6152.json +++ b/2008/6xxx/CVE-2008-6152.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in deptdisplay.asp in SepCity Faculty Portal allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: this was originally reported for Lawyer Portal, which does not have a deptdisplay.asp file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7610", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7610" - }, - { - "name" : "33040", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33040" - }, - { - "name" : "33357", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33357" - }, - { - "name" : "lawyerportal-deptdisplay-sql-injection(47621)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in deptdisplay.asp in SepCity Faculty Portal allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: this was originally reported for Lawyer Portal, which does not have a deptdisplay.asp file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33357", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33357" + }, + { + "name": "7610", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7610" + }, + { + "name": "33040", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33040" + }, + { + "name": "lawyerportal-deptdisplay-sql-injection(47621)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47621" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6895.json b/2008/6xxx/CVE-2008-6895.json index b46a0abfb7c..326f51ac49e 100644 --- a/2008/6xxx/CVE-2008-6895.json +++ b/2008/6xxx/CVE-2008-6895.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "3CX Phone System 6.0.806.0 allows remote attackers to cause a denial of service (unstable service or crash) via unspecified vectors, as demonstrated by vulnerability scans from Nessus or SAINT." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081207 Multiple vulnerabilities in 3CX 6.0.806.0", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=122868146707468&w=2" - }, - { - "name" : "3cxphonesystem-unspecified-dos(52450)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52450" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "3CX Phone System 6.0.806.0 allows remote attackers to cause a denial of service (unstable service or crash) via unspecified vectors, as demonstrated by vulnerability scans from Nessus or SAINT." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3cxphonesystem-unspecified-dos(52450)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52450" + }, + { + "name": "20081207 Multiple vulnerabilities in 3CX 6.0.806.0", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=122868146707468&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1196.json b/2012/1xxx/CVE-2012-1196.json index e327a3d395e..6e6f732ab59 100644 --- a/2012/1xxx/CVE-2012-1196.json +++ b/2012/1xxx/CVE-2012-1196.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFile SOAP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "52023", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52023" - }, - { - "name" : "79277", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79277" - }, - { - "name" : "1026693", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026693" - }, - { - "name" : "47666", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47666" - }, - { - "name" : "thinkmanagement-vulcore-dir-traversal(73208)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFile SOAP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026693", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026693" + }, + { + "name": "52023", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52023" + }, + { + "name": "thinkmanagement-vulcore-dir-traversal(73208)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73208" + }, + { + "name": "79277", + "refsource": "OSVDB", + "url": "http://osvdb.org/79277" + }, + { + "name": "47666", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47666" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5050.json b/2012/5xxx/CVE-2012-5050.json index a4925482b3b..eb3b7c960a9 100644 --- a/2012/5xxx/CVE-2012-5050.json +++ b/2012/5xxx/CVE-2012-5050.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) before 5.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121010 VMSA-2012-0014 VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-10/0069.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2012-0014.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2012-0014.html" - }, - { - "name" : "85959", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85959" - }, - { - "name" : "1027612", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027612" - }, - { - "name" : "50795", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50795" - }, - { - "name" : "vmware-vcenter-xss(79044)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the server in VMware vCenter Operations (aka vCOps) before 5.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/security/advisories/VMSA-2012-0014.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2012-0014.html" + }, + { + "name": "1027612", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027612" + }, + { + "name": "20121010 VMSA-2012-0014 VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0069.html" + }, + { + "name": "vmware-vcenter-xss(79044)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79044" + }, + { + "name": "85959", + "refsource": "OSVDB", + "url": "http://osvdb.org/85959" + }, + { + "name": "50795", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50795" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5306.json b/2012/5xxx/CVE-2012-5306.json index f77af39c021..0cce4081187 100644 --- a/2012/5xxx/CVE-2012-5306.json +++ b/2012/5xxx/CVE-2012-5306.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120328 D-Link SecuriCam DCS-5605 Network Surveillance ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0154.html" - }, - { - "name" : "18673", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18673" - }, - { - "name" : "52769", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52769" - }, - { - "name" : "80663", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80663" - }, - { - "name" : "48602", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48602" - }, - { - "name" : "csc-dcsclictrl-bo(74447)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74447" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "csc-dcsclictrl-bo(74447)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74447" + }, + { + "name": "80663", + "refsource": "OSVDB", + "url": "http://osvdb.org/80663" + }, + { + "name": "18673", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18673" + }, + { + "name": "20120328 D-Link SecuriCam DCS-5605 Network Surveillance ActiveX Control DcsCliCtrl.dll lstrcpyW Remote Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0154.html" + }, + { + "name": "52769", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52769" + }, + { + "name": "48602", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48602" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5604.json b/2012/5xxx/CVE-2012-5604.json index 35872bac122..f248195438a 100644 --- a/2012/5xxx/CVE-2012-5604.json +++ b/2012/5xxx/CVE-2012-5604.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=882136", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=882136" - }, - { - "name" : "RHSA-2013:0544", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0544.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=882136", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=882136" + }, + { + "name": "RHSA-2013:0544", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5655.json b/2012/5xxx/CVE-2012-5655.json index d3f107d0a1e..47a16d531d3 100644 --- a/2012/5xxx/CVE-2012-5655.json +++ b/2012/5xxx/CVE-2012-5655.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5655", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121219 Re: CVE request for Drupal core, and contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/12/20/1" - }, - { - "name" : "http://drupal.org/node/1870550", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1870550" - }, - { - "name" : "http://drupalcode.org/project/context.git/commitdiff/4452bf1", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/context.git/commitdiff/4452bf1" - }, - { - "name" : "http://drupalcode.org/project/context.git/commitdiff/d8bf8b6", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/context.git/commitdiff/d8bf8b6" - }, - { - "name" : "56993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56993" - }, - { - "name" : "51517", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1870550", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1870550" + }, + { + "name": "http://drupalcode.org/project/context.git/commitdiff/4452bf1", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/context.git/commitdiff/4452bf1" + }, + { + "name": "56993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56993" + }, + { + "name": "[oss-security] 20121219 Re: CVE request for Drupal core, and contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/12/20/1" + }, + { + "name": "http://drupalcode.org/project/context.git/commitdiff/d8bf8b6", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/context.git/commitdiff/d8bf8b6" + }, + { + "name": "51517", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51517" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5915.json b/2012/5xxx/CVE-2012-5915.json index 132bddc60d0..caf12aadf85 100644 --- a/2012/5xxx/CVE-2012-5915.json +++ b/2012/5xxx/CVE-2012-5915.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via direct request to (1) view.php, (2) plugins/contact/lang/contact.en.lang.php, (3) system/lang/en/main.lang.php, (4) system/lang/en/message.lang.php, or (5) system/core/view/view.inc.php, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/111320/Seditio-Build-161-Cross-Site-Scripting-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/111320/Seditio-Build-161-Cross-Site-Scripting-Information-Disclosure.html" - }, - { - "name" : "seditio-multiple-information-disclosure(74464)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74464" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Neocrome Seditio build 161 and earlier allows remote attackers to obtain sensitive information via direct request to (1) view.php, (2) plugins/contact/lang/contact.en.lang.php, (3) system/lang/en/main.lang.php, (4) system/lang/en/message.lang.php, or (5) system/core/view/view.inc.php, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/111320/Seditio-Build-161-Cross-Site-Scripting-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/111320/Seditio-Build-161-Cross-Site-Scripting-Information-Disclosure.html" + }, + { + "name": "seditio-multiple-information-disclosure(74464)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74464" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11123.json b/2017/11xxx/CVE-2017-11123.json index 59b15f01404..190e1f274ca 100644 --- a/2017/11xxx/CVE-2017-11123.json +++ b/2017/11xxx/CVE-2017-11123.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11123", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11123", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11132.json b/2017/11xxx/CVE-2017-11132.json index 135a4fbce4f..95e19ff9bae 100644 --- a/2017/11xxx/CVE-2017-11132.json +++ b/2017/11xxx/CVE-2017-11132.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android. No certificate pinning is implemented; therefore the attacker could issue a certificate for the backend and the application would not notice it." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jul/90", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jul/90" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android. No certificate pinning is implemented; therefore the attacker could issue a certificate for the backend and the application would not notice it." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Jul/90", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Jul/90" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11513.json b/2017/11xxx/CVE-2017-11513.json index 4e8033e06bb..d105647c7b1 100644 --- a/2017/11xxx/CVE-2017-11513.json +++ b/2017/11xxx/CVE-2017-11513.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11513", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11513", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11782.json b/2017/11xxx/CVE-2017-11782.json index eaa70af440d..c7f711cf778 100644 --- a/2017/11xxx/CVE-2017-11782.json +++ b/2017/11xxx/CVE-2017-11782.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-11782", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Server Block Message (SMB)", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 1607 and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Server Block Message (SMB) on Microsoft Windows 10 1607 and Windows Server 2016, allows an elevation of privilege vulnerability when an attacker sends specially crafted requests to the server, aka \"Windows SMB Elevation of Privilege Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-11782", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Server Block Message (SMB)", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 1607 and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11782", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11782" - }, - { - "name" : "101143", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101143" - }, - { - "name" : "1039528", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Server Block Message (SMB) on Microsoft Windows 10 1607 and Windows Server 2016, allows an elevation of privilege vulnerability when an attacker sends specially crafted requests to the server, aka \"Windows SMB Elevation of Privilege Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039528", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039528" + }, + { + "name": "101143", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101143" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11782", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11782" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15002.json b/2017/15xxx/CVE-2017-15002.json index 657f35245f4..a5606d93c66 100644 --- a/2017/15xxx/CVE-2017-15002.json +++ b/2017/15xxx/CVE-2017-15002.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15002", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15002", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15387.json b/2017/15xxx/CVE-2017-15387.json index 887f981ee4a..65848c8cc3e 100644 --- a/2017/15xxx/CVE-2017-15387.json +++ b/2017/15xxx/CVE-2017-15387.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-15387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 62.0.3202.62", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 62.0.3202.62" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient Policy Enforcement" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-15387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 62.0.3202.62", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 62.0.3202.62" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/756040", - "refsource" : "MISC", - "url" : "https://crbug.com/756040" - }, - { - "name" : "DSA-4020", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4020" - }, - { - "name" : "GLSA-201710-24", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-24" - }, - { - "name" : "RHSA-2017:2997", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2997" - }, - { - "name" : "101482", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Policy Enforcement" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101482", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101482" + }, + { + "name": "https://crbug.com/756040", + "refsource": "MISC", + "url": "https://crbug.com/756040" + }, + { + "name": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html" + }, + { + "name": "DSA-4020", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4020" + }, + { + "name": "RHSA-2017:2997", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2997" + }, + { + "name": "GLSA-201710-24", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-24" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15842.json b/2017/15xxx/CVE-2017-15842.json index a7d02d0b055..8b907303b33 100644 --- a/2017/15xxx/CVE-2017-15842.json +++ b/2017/15xxx/CVE-2017-15842.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-05-11T00:00:00", - "ID" : "CVE-2017-15842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer might get used after it gets freed due to unlocking the mutex before freeing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free in Audio." - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-05-11T00:00:00", + "ID": "CVE-2017-15842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", - "refsource" : "MISC", - "url" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer might get used after it gets freed due to unlocking the mutex before freeing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free in Audio." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", + "refsource": "MISC", + "url": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15859.json b/2017/15xxx/CVE-2017-15859.json index b82b45ef647..dca98afda65 100644 --- a/2017/15xxx/CVE-2017-15859.json +++ b/2017/15xxx/CVE-2017-15859.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-03-26T00:00:00", - "ID" : "CVE-2017-15859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "While processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_DB vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE_DECR_DB contains fewer than 1 byte, in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-11 a buffer overrun occurs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Input in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-03-26T00:00:00", + "ID": "CVE-2017-15859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=88dcc44ea8fbe158d1dee3ea197e47794bf4449d", - "refsource" : "MISC", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=88dcc44ea8fbe158d1dee3ea197e47794bf4449d" - }, - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "While processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_DB vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE_DECR_DB contains fewer than 1 byte, in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-11 a buffer overrun occurs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-02-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" + }, + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=88dcc44ea8fbe158d1dee3ea197e47794bf4449d", + "refsource": "MISC", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=88dcc44ea8fbe158d1dee3ea197e47794bf4449d" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3109.json b/2017/3xxx/CVE-2017-3109.json index 42e0c36d809..fe083c11083 100644 --- a/2017/3xxx/CVE-2017-3109.json +++ b/2017/3xxx/CVE-2017-3109.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Experience Manager 6.3, 6.2, 6.1, 6.0", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Experience Manager 6.3, 6.2, 6.1, 6.0" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Reflected cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Experience Manager 6.3, 6.2, 6.1, 6.0", + "version": { + "version_data": [ + { + "version_value": "Adobe Experience Manager 6.3, 6.2, 6.1, 6.0" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/experience-manager/apsb17-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/experience-manager/apsb17-41.html" - }, - { - "name" : "101834", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101834" - }, - { - "name" : "1039800", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039800" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101834", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101834" + }, + { + "name": "1039800", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039800" + }, + { + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb17-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb17-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3329.json b/2017/3xxx/CVE-2017-3329.json index 7501446d644..a349bd20917 100644 --- a/2017/3xxx/CVE-2017-3329.json +++ b/2017/3xxx/CVE-2017-3329.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.5.54 and earlier" - }, - { - "version_affected" : "=", - "version_value" : "5.6.35 and earlier" - }, - { - "version_affected" : "=", - "version_value" : "5.7.17 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.5.54 and earlier" + }, + { + "version_affected": "=", + "version_value": "5.6.35 and earlier" + }, + { + "version_affected": "=", + "version_value": "5.7.17 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "DSA-3834", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3834" - }, - { - "name" : "97763", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97763" - }, - { - "name" : "1038287", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038287", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038287" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "DSA-3834", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3834" + }, + { + "name": "97763", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97763" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3403.json b/2017/3xxx/CVE-2017-3403.json index e10f80ad3f7..fe883f24d78 100644 --- a/2017/3xxx/CVE-2017-3403.json +++ b/2017/3xxx/CVE-2017-3403.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advanced Outbound Telephony", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advanced Outbound Telephony", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95531" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3408.json b/2017/3xxx/CVE-2017-3408.json index c8d9cc8dff0..3be9ec8d916 100644 --- a/2017/3xxx/CVE-2017-3408.json +++ b/2017/3xxx/CVE-2017-3408.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advanced Outbound Telephony", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advanced Outbound Telephony", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95531" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8009.json b/2017/8xxx/CVE-2017-8009.json index 12539f5e990..3380f187bb9 100644 --- a/2017/8xxx/CVE-2017-8009.json +++ b/2017/8xxx/CVE-2017-8009.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8009", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-8009", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8084.json b/2017/8xxx/CVE-2017-8084.json index e8f8e3dafde..522ac3d2903 100644 --- a/2017/8xxx/CVE-2017-8084.json +++ b/2017/8xxx/CVE-2017-8084.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8084", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8084", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8329.json b/2017/8xxx/CVE-2017-8329.json index 4c26e270376..c167f1bdc48 100644 --- a/2017/8xxx/CVE-2017-8329.json +++ b/2017/8xxx/CVE-2017-8329.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8329", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8329", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8467.json b/2017/8xxx/CVE-2017-8467.json index 9ee6add6a0c..40c321d43f2 100644 --- a/2017/8xxx/CVE-2017-8467.json +++ b/2017/8xxx/CVE-2017-8467.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-07-11T00:00:00", - "ID" : "CVE-2017-8467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016.", - "version" : { - "version_data" : [ - { - "version_value" : "Graphics" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka \"Win32k Elevation of Privilege Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-07-11T00:00:00", + "ID": "CVE-2017-8467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016.", + "version": { + "version_data": [ + { + "version_value": "Graphics" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8467", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8467" - }, - { - "name" : "99409", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99409" - }, - { - "name" : "1038853", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038853" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka \"Win32k Elevation of Privilege Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99409", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99409" + }, + { + "name": "1038853", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038853" + }, + { + "name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8467", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8467" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10035.json b/2018/10xxx/CVE-2018-10035.json index 746168b3070..5c86045f293 100644 --- a/2018/10xxx/CVE-2018-10035.json +++ b/2018/10xxx/CVE-2018-10035.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10035", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10035", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12329.json b/2018/12xxx/CVE-2018-12329.json index 8d13bef1c99..1e5bc621314 100644 --- a/2018/12xxx/CVE-2018-12329.json +++ b/2018/12xxx/CVE-2018-12329.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows a local attacker to duplicate an authentication factor via cloning." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html", - "refsource" : "MISC", - "url" : "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows a local attacker to duplicate an authentication factor via cloning." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html", + "refsource": "MISC", + "url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12912.json b/2018/12xxx/CVE-2018-12912.json index cc258b5b563..604699712fe 100644 --- a/2018/12xxx/CVE-2018-12912.json +++ b/2018/12xxx/CVE-2018-12912.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue wan discovered in admin\\controllers\\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44953", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44953/" - }, - { - "name" : "https://github.com/Neeke/HongCMS/issues/4", - "refsource" : "MISC", - "url" : "https://github.com/Neeke/HongCMS/issues/4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue wan discovered in admin\\controllers\\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44953", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44953/" + }, + { + "name": "https://github.com/Neeke/HongCMS/issues/4", + "refsource": "MISC", + "url": "https://github.com/Neeke/HongCMS/issues/4" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13306.json b/2018/13xxx/CVE-2018-13306.json index a807d8dce2d..9b19e715b70 100644 --- a/2018/13xxx/CVE-2018-13306.json +++ b/2018/13xxx/CVE-2018-13306.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the \"ftpUser\" POST parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154", - "refsource" : "MISC", - "url" : "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the \"ftpUser\" POST parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154", + "refsource": "MISC", + "url": "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13433.json b/2018/13xxx/CVE-2018-13433.json index e0ed6c9c5c2..9109404128e 100644 --- a/2018/13xxx/CVE-2018-13433.json +++ b/2018/13xxx/CVE-2018-13433.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as demonstrated by an onerror attribute of an IMG element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BoostIO/Boostnote/issues/2184", - "refsource" : "MISC", - "url" : "https://github.com/BoostIO/Boostnote/issues/2184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Boostnote v0.11.7 allows XSS during highlighting of Markdown text, as demonstrated by an onerror attribute of an IMG element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BoostIO/Boostnote/issues/2184", + "refsource": "MISC", + "url": "https://github.com/BoostIO/Boostnote/issues/2184" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13964.json b/2018/13xxx/CVE-2018-13964.json index 684cd0c4125..57491e5c6dc 100644 --- a/2018/13xxx/CVE-2018-13964.json +++ b/2018/13xxx/CVE-2018-13964.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13964", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13964", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16743.json b/2018/16xxx/CVE-2018-16743.json index 2041648c487..ec06ff38a52 100644 --- a/2018/16xxx/CVE-2018-16743.json +++ b/2018/16xxx/CVE-2018-16743.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16743", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty", - "refsource" : "MISC", - "url" : "https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty", + "refsource": "MISC", + "url": "https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16994.json b/2018/16xxx/CVE-2018-16994.json index 1f113c6f71e..55b7332e297 100644 --- a/2018/16xxx/CVE-2018-16994.json +++ b/2018/16xxx/CVE-2018-16994.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16994", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16994", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17042.json b/2018/17xxx/CVE-2018-17042.json index 201f372303f..c5e3c4b997c 100644 --- a/2018/17xxx/CVE-2018-17042.json +++ b/2018/17xxx/CVE-2018-17042.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue has been found in dbf2txt through 2012-07-19. It is a infinite loop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/bcsanches/dbf2txt/issues/2", - "refsource" : "MISC", - "url" : "https://github.com/bcsanches/dbf2txt/issues/2" - }, - { - "name" : "https://github.com/grandnew/software-vulnerabilities/tree/master/dbf2txt#infinite-loop", - "refsource" : "MISC", - "url" : "https://github.com/grandnew/software-vulnerabilities/tree/master/dbf2txt#infinite-loop" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue has been found in dbf2txt through 2012-07-19. It is a infinite loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bcsanches/dbf2txt/issues/2", + "refsource": "MISC", + "url": "https://github.com/bcsanches/dbf2txt/issues/2" + }, + { + "name": "https://github.com/grandnew/software-vulnerabilities/tree/master/dbf2txt#infinite-loop", + "refsource": "MISC", + "url": "https://github.com/grandnew/software-vulnerabilities/tree/master/dbf2txt#infinite-loop" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17180.json b/2018/17xxx/CVE-2018-17180.json index b1138bea887..8bd92d83078 100644 --- a/2018/17xxx/CVE-2018-17180.json +++ b/2018/17xxx/CVE-2018-17180.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17180", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17180", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17639.json b/2018/17xxx/CVE-2018-17639.json index ee895959262..32f203c505e 100644 --- a/2018/17xxx/CVE-2018-17639.json +++ b/2018/17xxx/CVE-2018-17639.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17639", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setElement method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6475." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1212/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1212/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setElement method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6475." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1212/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1212/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17675.json b/2018/17xxx/CVE-2018-17675.json index 24fdc532653..c90cd77aa03 100644 --- a/2018/17xxx/CVE-2018-17675.json +++ b/2018/17xxx/CVE-2018-17675.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeDataObject method of a document. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6848." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1194/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1194/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeDataObject method of a document. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6848." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1194/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1194/" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17720.json b/2018/17xxx/CVE-2018-17720.json index 1edbd30d847..42731899e27 100644 --- a/2018/17xxx/CVE-2018-17720.json +++ b/2018/17xxx/CVE-2018-17720.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17720", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17720", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17915.json b/2018/17xxx/CVE-2018-17915.json index 0d3de300ca8..9054f2ad555 100644 --- a/2018/17xxx/CVE-2018-17915.json +++ b/2018/17xxx/CVE-2018-17915.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-10-09T00:00:00", - "ID" : "CVE-2018-17915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "XMeye P2P Cloud Server", - "version" : { - "version_data" : [ - { - "version_value" : "All versions" - } - ] - } - } - ] - }, - "vendor_name" : "Hangzhou Xiongmai Technology Co., Ltd" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "MISSING ENCRYPTION OF SENSITIVE DATA CWE-311" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-10-09T00:00:00", + "ID": "CVE-2018-17915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "XMeye P2P Cloud Server", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + }, + "vendor_name": "Hangzhou Xiongmai Technology Co., Ltd" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-282-06", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-282-06" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmware update communication. This could allow an attacker to eavesdrop on video feeds, steal XMeye login credentials, or impersonate the update server with malicious update code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "MISSING ENCRYPTION OF SENSITIVE DATA CWE-311" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-282-06", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-282-06" + } + ] + } +} \ No newline at end of file