diff --git a/2003/0xxx/CVE-2003-0111.json b/2003/0xxx/CVE-2003-0111.json index d03360ac49d..8617c02efc8 100644 --- a/2003/0xxx/CVE-2003-0111.json +++ b/2003/0xxx/CVE-2003-0111.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka \"Flaw in Microsoft VM Could Enable System Compromise.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS03-011", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-011" - }, - { - "name" : "VU#447569", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/447569" - }, - { - "name" : "msvm-bytecode-improper-validation(11751)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11751.php" - }, - { - "name" : "oval:org.mitre.oval:def:136", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka \"Flaw in Microsoft VM Could Enable System Compromise.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "msvm-bytecode-improper-validation(11751)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11751.php" + }, + { + "name": "VU#447569", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/447569" + }, + { + "name": "MS03-011", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-011" + }, + { + "name": "oval:org.mitre.oval:def:136", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A136" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0167.json b/2003/0xxx/CVE-2003-0167.json index 18a26e21fa9..45842ce6aed 100644 --- a/2003/0xxx/CVE-2003-0167.json +++ b/2003/0xxx/CVE-2003-0167.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-274", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-274" - }, - { - "name" : "DSA-300", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-300" - }, - { - "name" : "7229", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7229" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7229", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7229" + }, + { + "name": "DSA-274", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-274" + }, + { + "name": "DSA-300", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-300" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1209.json b/2003/1xxx/CVE-2003-1209.json index 9afc5f64852..8452afb3794 100644 --- a/2003/1xxx/CVE-2003-1209.json +++ b/2003/1xxx/CVE-2003-1209.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request without a Content-Type header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://monkeyd.sourceforge.net/Changelog.txt", - "refsource" : "CONFIRM", - "url" : "http://monkeyd.sourceforge.net/Changelog.txt" - }, - { - "name" : "7201", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7201" - }, - { - "name" : "monkey-content-type-dos(11650)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request without a Content-Type header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7201", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7201" + }, + { + "name": "http://monkeyd.sourceforge.net/Changelog.txt", + "refsource": "CONFIRM", + "url": "http://monkeyd.sourceforge.net/Changelog.txt" + }, + { + "name": "monkey-content-type-dos(11650)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11650" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0481.json b/2004/0xxx/CVE-2004-0481.json index bbad8c9a0c8..ad62b24e0e2 100644 --- a/2004/0xxx/CVE-2004-0481.json +++ b/2004/0xxx/CVE-2004-0481.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050223 Sun Solaris kcms_configure Arbitrary File Corruption Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=206&type=vulnerabilities" - }, - { - "name" : "57706", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57706-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050223 Sun Solaris kcms_configure Arbitrary File Corruption Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=206&type=vulnerabilities" + }, + { + "name": "57706", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57706-1" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0559.json b/2004/0xxx/CVE-2004-0559.json index df86b6de2d2..6e39460dcf1 100644 --- a/2004/0xxx/CVE-2004-0559.json +++ b/2004/0xxx/CVE-2004-0559.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200409-15", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml" - }, - { - "name" : "http://www.webmin.com/uchanges-1.089.html", - "refsource" : "CONFIRM", - "url" : "http://www.webmin.com/uchanges-1.089.html" - }, - { - "name" : "12488", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12488/" - }, - { - "name" : "usermin-installation-unspecified(17299)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299" - }, - { - "name" : "11153", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.webmin.com/uchanges-1.089.html", + "refsource": "CONFIRM", + "url": "http://www.webmin.com/uchanges-1.089.html" + }, + { + "name": "11153", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11153" + }, + { + "name": "12488", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12488/" + }, + { + "name": "GLSA-200409-15", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml" + }, + { + "name": "usermin-installation-unspecified(17299)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0705.json b/2004/0xxx/CVE-2004-0705.json index 58c612b3022..286ad77200d 100644 --- a/2004/0xxx/CVE-2004-0705.json +++ b/2004/0xxx/CVE-2004-0705.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4) editproducts.cgi, (5) editusers.cgi, and (6) editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other users via a URL parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040710 [BUGZILLA] Multiple vulnerabilities in Bugzilla 2.16.5 and 2.17.7", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108965446813639&w=2" - }, - { - "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=235265", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=235265" - }, - { - "name" : "bugzilla-edit-xss(16670)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16670" - }, - { - "name" : "10698", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4) editproducts.cgi, (5) editusers.cgi, and (6) editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other users via a URL parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bugzilla-edit-xss(16670)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16670" + }, + { + "name": "10698", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10698" + }, + { + "name": "20040710 [BUGZILLA] Multiple vulnerabilities in Bugzilla 2.16.5 and 2.17.7", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108965446813639&w=2" + }, + { + "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=235265", + "refsource": "CONFIRM", + "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=235265" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0997.json b/2004/0xxx/CVE-2004-0997.json index 5dee5be44c7..c4d61fa507f 100644 --- a/2004/0xxx/CVE-2004-0997.json +++ b/2004/0xxx/CVE-2004-0997.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the ptrace MIPS assembly code in Linux kernel 2.4 before 2.4.17 allows local users to gain privileges via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2004-0997?op=file&rev=0&sc=0", - "refsource" : "MISC", - "url" : "http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2004-0997?op=file&rev=0&sc=0" - }, - { - "name" : "http://kernel.debian.net/debian/pool/main/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody4_ia64.changes", - "refsource" : "CONFIRM", - "url" : "http://kernel.debian.net/debian/pool/main/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody4_ia64.changes" - }, - { - "name" : "DSA-1070", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1070" - }, - { - "name" : "DSA-1067", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1067" - }, - { - "name" : "DSA-1069", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1069" - }, - { - "name" : "DSA-1082", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1082" - }, - { - "name" : "18176", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/18176" - }, - { - "name" : "20162", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20162" - }, - { - "name" : "20163", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20163" - }, - { - "name" : "20202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20202" - }, - { - "name" : "20338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the ptrace MIPS assembly code in Linux kernel 2.4 before 2.4.17 allows local users to gain privileges via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20163", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20163" + }, + { + "name": "DSA-1082", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1082" + }, + { + "name": "http://kernel.debian.net/debian/pool/main/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody4_ia64.changes", + "refsource": "CONFIRM", + "url": "http://kernel.debian.net/debian/pool/main/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody4_ia64.changes" + }, + { + "name": "DSA-1070", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1070" + }, + { + "name": "20162", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20162" + }, + { + "name": "DSA-1067", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1067" + }, + { + "name": "DSA-1069", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1069" + }, + { + "name": "http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2004-0997?op=file&rev=0&sc=0", + "refsource": "MISC", + "url": "http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2004-0997?op=file&rev=0&sc=0" + }, + { + "name": "20202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20202" + }, + { + "name": "18176", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/18176" + }, + { + "name": "20338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20338" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1094.json b/2004/1xxx/CVE-2004-1094.json index ddf03f708c6..dcc2f3a5a64 100644 --- a/2004/1xxx/CVE-2004-1094.json +++ b/2004/1xxx/CVE-2004-1094.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041027 EEYE: RealPlayer Zipped Skin File Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1044.html" - }, - { - "name" : "20041027 High Risk Vulnerability in RealPlayer", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109894226007607&w=2" - }, - { - "name" : "20051223 dtSearch DUNZIP32.dll Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/420274/100/0/threaded" - }, - { - "name" : "20060330 McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/429361/100/0/threaded" - }, - { - "name" : "20060906 IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/445369/100/0/threaded" - }, - { - "name" : "http://www.networksecurity.fi/advisories/payroll.html", - "refsource" : "MISC", - "url" : "http://www.networksecurity.fi/advisories/payroll.html" - }, - { - "name" : "http://www.networksecurity.fi/advisories/multiledger.html", - "refsource" : "MISC", - "url" : "http://www.networksecurity.fi/advisories/multiledger.html" - }, - { - "name" : "http://www.networksecurity.fi/advisories/dtsearch.html", - "refsource" : "MISC", - "url" : "http://www.networksecurity.fi/advisories/dtsearch.html" - }, - { - "name" : "http://www.networksecurity.fi/advisories/mcafee-virusscan.html", - "refsource" : "MISC", - "url" : "http://www.networksecurity.fi/advisories/mcafee-virusscan.html" - }, - { - "name" : "http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html" - }, - { - "name" : "http://www.networksecurity.fi/advisories/lotus-notes.html", - "refsource" : "MISC", - "url" : "http://www.networksecurity.fi/advisories/lotus-notes.html" - }, - { - "name" : "http://service.real.com/help/faq/security/041026_player/EN/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/help/faq/security/041026_player/EN/" - }, - { - "name" : "VU#582498", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/582498" - }, - { - "name" : "11555", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11555" - }, - { - "name" : "ADV-2005-2057", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2057" - }, - { - "name" : "ADV-2006-1176", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/1176" - }, - { - "name" : "19906", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/19906" - }, - { - "name" : "1011944", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011944" - }, - { - "name" : "1012297", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012297" - }, - { - "name" : "1016817", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1016817" - }, - { - "name" : "17096", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17096" - }, - { - "name" : "17394", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17394" - }, - { - "name" : "18194", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18194" - }, - { - "name" : "19451", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19451" - }, - { - "name" : "296", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/296" - }, - { - "name" : "653", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/653" - }, - { - "name" : "realplayer-dunzip32-bo(17879)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17879" - }, - { - "name" : "payroll-dunzip32-bo(22737)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22737" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20051223 dtSearch DUNZIP32.dll Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/420274/100/0/threaded" + }, + { + "name": "1011944", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011944" + }, + { + "name": "20041027 EEYE: RealPlayer Zipped Skin File Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1044.html" + }, + { + "name": "payroll-dunzip32-bo(22737)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22737" + }, + { + "name": "19906", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/19906" + }, + { + "name": "ADV-2005-2057", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2057" + }, + { + "name": "http://www.networksecurity.fi/advisories/lotus-notes.html", + "refsource": "MISC", + "url": "http://www.networksecurity.fi/advisories/lotus-notes.html" + }, + { + "name": "20041027 High Risk Vulnerability in RealPlayer", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109894226007607&w=2" + }, + { + "name": "http://www.networksecurity.fi/advisories/payroll.html", + "refsource": "MISC", + "url": "http://www.networksecurity.fi/advisories/payroll.html" + }, + { + "name": "19451", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19451" + }, + { + "name": "http://www.networksecurity.fi/advisories/dtsearch.html", + "refsource": "MISC", + "url": "http://www.networksecurity.fi/advisories/dtsearch.html" + }, + { + "name": "http://www.networksecurity.fi/advisories/mcafee-virusscan.html", + "refsource": "MISC", + "url": "http://www.networksecurity.fi/advisories/mcafee-virusscan.html" + }, + { + "name": "11555", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11555" + }, + { + "name": "17394", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17394" + }, + { + "name": "realplayer-dunzip32-bo(17879)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17879" + }, + { + "name": "20060330 McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/429361/100/0/threaded" + }, + { + "name": "http://www.networksecurity.fi/advisories/multiledger.html", + "refsource": "MISC", + "url": "http://www.networksecurity.fi/advisories/multiledger.html" + }, + { + "name": "20060906 IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/445369/100/0/threaded" + }, + { + "name": "VU#582498", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/582498" + }, + { + "name": "1012297", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012297" + }, + { + "name": "ADV-2006-1176", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/1176" + }, + { + "name": "1016817", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1016817" + }, + { + "name": "18194", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18194" + }, + { + "name": "653", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/653" + }, + { + "name": "296", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/296" + }, + { + "name": "17096", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17096" + }, + { + "name": "http://service.real.com/help/faq/security/041026_player/EN/", + "refsource": "CONFIRM", + "url": "http://service.real.com/help/faq/security/041026_player/EN/" + }, + { + "name": "http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1729.json b/2004/1xxx/CVE-2004-1729.json index b941464ab13..fdef8c196ac 100644 --- a/2004/1xxx/CVE-2004-1729.json +++ b/2004/1xxx/CVE-2004-1729.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040820 Cross-Site Scripting (XSS) in Nihuo Web Log Analyzer", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109305923208449&w=2" - }, - { - "name" : "10988", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10988" - }, - { - "name" : "12347", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12347" - }, - { - "name" : "nihuo-http-get-xss(17055)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10988", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10988" + }, + { + "name": "nihuo-http-get-xss(17055)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17055" + }, + { + "name": "20040820 Cross-Site Scripting (XSS) in Nihuo Web Log Analyzer", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109305923208449&w=2" + }, + { + "name": "12347", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12347" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2158.json b/2004/2xxx/CVE-2004-2158.json index 01e3fcf8eb4..5162bbe9ee2 100644 --- a/2004/2xxx/CVE-2004-2158.json +++ b/2004/2xxx/CVE-2004-2158.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040928 Serendipity 0.7-beta1 SQL Injection PoC", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html" - }, - { - "name" : "11269", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11269" - }, - { - "name" : "10370", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10370" - }, - { - "name" : "10371", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10371" - }, - { - "name" : "1011448", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011448" - }, - { - "name" : "12673", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12673/" - }, - { - "name" : "serendipity-sql-injection(17533)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17533" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11269", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11269" + }, + { + "name": "1011448", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011448" + }, + { + "name": "12673", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12673/" + }, + { + "name": "20040928 Serendipity 0.7-beta1 SQL Injection PoC", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html" + }, + { + "name": "serendipity-sql-injection(17533)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17533" + }, + { + "name": "10371", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10371" + }, + { + "name": "10370", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10370" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2220.json b/2004/2xxx/CVE-2004-2220.json index f47b53c82de..97d1552ba7a 100644 --- a/2004/2xxx/CVE-2004-2220.json +++ b/2004/2xxx/CVE-2004-2220.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not properly detect certain password-protected files in a ZIP file, which allows remote attackers to bypass anti-virus protection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse63x-02_readme.txt", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse63x-02_readme.txt" - }, - { - "name" : "11600", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11600" - }, - { - "name" : "11395", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11395" - }, - { - "name" : "1012057", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012057" - }, - { - "name" : "13067", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13067" - }, - { - "name" : "fsecure-password-antivirus-bypass(17944)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not properly detect certain password-protected files in a ZIP file, which allows remote attackers to bypass anti-virus protection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1012057", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012057" + }, + { + "name": "13067", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13067" + }, + { + "name": "11600", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11600" + }, + { + "name": "ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse63x-02_readme.txt", + "refsource": "CONFIRM", + "url": "ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse63x-02_readme.txt" + }, + { + "name": "11395", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11395" + }, + { + "name": "fsecure-password-antivirus-bypass(17944)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17944" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2614.json b/2004/2xxx/CVE-2004-2614.json index 32fd8599d50..27eea2a5cd9 100644 --- a/2004/2xxx/CVE-2004-2614.json +++ b/2004/2xxx/CVE-2004-2614.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://security-protocols.com/modules.php?name=News&file=article&sid=1931", - "refsource" : "MISC", - "url" : "http://security-protocols.com/modules.php?name=News&file=article&sid=1931" - }, - { - "name" : "http://fux0r.phathookups.com/advisory/sp-x11-advisory.txt", - "refsource" : "MISC", - "url" : "http://fux0r.phathookups.com/advisory/sp-x11-advisory.txt" - }, - { - "name" : "10303", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10303" - }, - { - "name" : "5983", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5983" - }, - { - "name" : "11566", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11566" - }, - { - "name" : "myweb-long-get-bo(16101)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "myweb-long-get-bo(16101)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16101" + }, + { + "name": "11566", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11566" + }, + { + "name": "http://fux0r.phathookups.com/advisory/sp-x11-advisory.txt", + "refsource": "MISC", + "url": "http://fux0r.phathookups.com/advisory/sp-x11-advisory.txt" + }, + { + "name": "5983", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5983" + }, + { + "name": "10303", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10303" + }, + { + "name": "http://security-protocols.com/modules.php?name=News&file=article&sid=1931", + "refsource": "MISC", + "url": "http://security-protocols.com/modules.php?name=News&file=article&sid=1931" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2281.json b/2008/2xxx/CVE-2008-2281.json index 7221f970f97..a4829a8033f 100644 --- a/2008/2xxx/CVE-2008-2281.json +++ b/2008/2xxx/CVE-2008-2281.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5619", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5619" - }, - { - "name" : "http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx", - "refsource" : "MISC", - "url" : "http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx" - }, - { - "name" : "29217", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29217" - }, - { - "name" : "ADV-2008-1529", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1529/references" - }, - { - "name" : "30141", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30141" - }, - { - "name" : "ie-printtableoflinks-code-execution(42416)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42416" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5619", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5619" + }, + { + "name": "ie-printtableoflinks-code-execution(42416)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42416" + }, + { + "name": "ADV-2008-1529", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1529/references" + }, + { + "name": "30141", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30141" + }, + { + "name": "http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx", + "refsource": "MISC", + "url": "http://aviv.raffon.net/2008/05/14/InternetExplorerQuotPrintTableOfLinksquotCrossZoneScriptingVulnerability.aspx" + }, + { + "name": "29217", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29217" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2371.json b/2008/2xxx/CVE-2008-2371.json index a529855011d..f4d0f608769 100644 --- a/2008/2xxx/CVE-2008-2371.json +++ b/2008/2xxx/CVE-2008-2371.json @@ -1,292 +1,292 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-2371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081027 rPSA-2008-0305-1 pcre", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497828/100/0/threaded" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=228091", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=228091" - }, - { - "name" : "http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes", - "refsource" : "CONFIRM", - "url" : "http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes" - }, - { - "name" : "http://support.apple.com/kb/HT3216", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3216" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305" - }, - { - "name" : "http://support.apple.com/kb/HT3549", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3549" - }, - { - "name" : "APPLE-SA-2008-10-09", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" - }, - { - "name" : "APPLE-SA-2009-05-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" - }, - { - "name" : "DSA-1602", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1602" - }, - { - "name" : "FEDORA-2008-6025", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00105.html" - }, - { - "name" : "FEDORA-2008-6048", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00123.html" - }, - { - "name" : "GLSA-200807-03", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200807-03.xml" - }, - { - "name" : "GLSA-200811-05", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200811-05.xml" - }, - { - "name" : "HPSBUX02431", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124654546101607&w=2" - }, - { - "name" : "SSRT090085", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124654546101607&w=2" - }, - { - "name" : "HPSBUX02465", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=125631037611762&w=2" - }, - { - "name" : "SSRT090192", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=125631037611762&w=2" - }, - { - "name" : "MDVSA-2008:147", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:147" - }, - { - "name" : "MDVSA-2009:023", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023" - }, - { - "name" : "SUSE-SR:2008:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html" - }, - { - "name" : "USN-624-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-624-1" - }, - { - "name" : "USN-628-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-628-1" - }, - { - "name" : "USN-624-2", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-624-2" - }, - { - "name" : "TA09-133A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" - }, - { - "name" : "30087", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30087" - }, - { - "name" : "31681", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31681" - }, - { - "name" : "35074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35074" - }, - { - "name" : "35650", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35650" - }, - { - "name" : "39300", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/39300" - }, - { - "name" : "32746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32746" - }, - { - "name" : "ADV-2008-2005", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2005" - }, - { - "name" : "ADV-2008-2006", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2006" - }, - { - "name" : "ADV-2008-2780", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2780" - }, - { - "name" : "30916", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30916" - }, - { - "name" : "30944", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30944" - }, - { - "name" : "30958", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30958" - }, - { - "name" : "30961", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30961" - }, - { - "name" : "30945", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30945" - }, - { - "name" : "30972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30972" - }, - { - "name" : "30967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30967" - }, - { - "name" : "30990", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30990" - }, - { - "name" : "31200", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31200" - }, - { - "name" : "32222", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32222" - }, - { - "name" : "32454", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32454" - }, - { - "name" : "ADV-2008-2336", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2336" - }, - { - "name" : "ADV-2009-1297", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1297" - }, - { - "name" : "ADV-2010-0833", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0833" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-2005", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2005" + }, + { + "name": "MDVSA-2008:147", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:147" + }, + { + "name": "32746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32746" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=228091", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=228091" + }, + { + "name": "HPSBUX02465", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2" + }, + { + "name": "http://support.apple.com/kb/HT3549", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3549" + }, + { + "name": "ADV-2008-2006", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2006" + }, + { + "name": "GLSA-200811-05", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200811-05.xml" + }, + { + "name": "SSRT090085", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2" + }, + { + "name": "31681", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31681" + }, + { + "name": "30972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30972" + }, + { + "name": "USN-624-2", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-624-2" + }, + { + "name": "32454", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32454" + }, + { + "name": "30944", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30944" + }, + { + "name": "30958", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30958" + }, + { + "name": "35074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35074" + }, + { + "name": "USN-628-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-628-1" + }, + { + "name": "39300", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/39300" + }, + { + "name": "FEDORA-2008-6025", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00105.html" + }, + { + "name": "SSRT090192", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2" + }, + { + "name": "http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes", + "refsource": "CONFIRM", + "url": "http://ftp.gnome.org/pub/GNOME/sources/glib/2.16/glib-2.16.4.changes" + }, + { + "name": "USN-624-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-624-1" + }, + { + "name": "APPLE-SA-2009-05-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" + }, + { + "name": "30967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30967" + }, + { + "name": "ADV-2010-0833", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0833" + }, + { + "name": "FEDORA-2008-6048", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00123.html" + }, + { + "name": "MDVSA-2009:023", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023" + }, + { + "name": "31200", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31200" + }, + { + "name": "30916", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30916" + }, + { + "name": "32222", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32222" + }, + { + "name": "30961", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30961" + }, + { + "name": "SUSE-SR:2008:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html" + }, + { + "name": "30087", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30087" + }, + { + "name": "30990", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30990" + }, + { + "name": "TA09-133A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0305" + }, + { + "name": "ADV-2009-1297", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1297" + }, + { + "name": "DSA-1602", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1602" + }, + { + "name": "HPSBUX02431", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2" + }, + { + "name": "ADV-2008-2336", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2336" + }, + { + "name": "ADV-2008-2780", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2780" + }, + { + "name": "30945", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30945" + }, + { + "name": "GLSA-200807-03", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-03.xml" + }, + { + "name": "APPLE-SA-2008-10-09", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT3216", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3216" + }, + { + "name": "20081027 rPSA-2008-0305-1 pcre", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497828/100/0/threaded" + }, + { + "name": "35650", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35650" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2954.json b/2008/2xxx/CVE-2008-2954.json index 2e202a2b443..5a41c9f19c2 100644 --- a/2008/2xxx/CVE-2008-2954.json +++ b/2008/2xxx/CVE-2008-2954.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via an empty private message, which triggers an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/Changelog.txt", - "refsource" : "CONFIRM", - "url" : "http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/Changelog.txt" - }, - { - "name" : "http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/NmdcHub.cpp.diff?r1=1.14&r2=1.15&sortby=date", - "refsource" : "CONFIRM", - "url" : "http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/NmdcHub.cpp.diff?r1=1.14&r2=1.15&sortby=date" - }, - { - "name" : "http://dcplusplus.svn.sourceforge.net/viewvc/dcplusplus/dcplusplus/trunk/changelog.txt?r1=1027&r2=1026&pathrev=1027", - "refsource" : "CONFIRM", - "url" : "http://dcplusplus.svn.sourceforge.net/viewvc/dcplusplus/dcplusplus/trunk/changelog.txt?r1=1027&r2=1026&pathrev=1027" - }, - { - "name" : "FEDORA-2008-6018", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00101.html" - }, - { - "name" : "FEDORA-2008-6038", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00116.html" - }, - { - "name" : "30037", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30037" - }, - { - "name" : "1020409", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020409" - }, - { - "name" : "1020410", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020410" - }, - { - "name" : "30907", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30907" - }, - { - "name" : "30918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30918" - }, - { - "name" : "dc-pm-dos(43566)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43566" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via an empty private message, which triggers an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dc-pm-dos(43566)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43566" + }, + { + "name": "http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/NmdcHub.cpp.diff?r1=1.14&r2=1.15&sortby=date", + "refsource": "CONFIRM", + "url": "http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/NmdcHub.cpp.diff?r1=1.14&r2=1.15&sortby=date" + }, + { + "name": "FEDORA-2008-6038", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00116.html" + }, + { + "name": "http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/Changelog.txt", + "refsource": "CONFIRM", + "url": "http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/Changelog.txt" + }, + { + "name": "http://dcplusplus.svn.sourceforge.net/viewvc/dcplusplus/dcplusplus/trunk/changelog.txt?r1=1027&r2=1026&pathrev=1027", + "refsource": "CONFIRM", + "url": "http://dcplusplus.svn.sourceforge.net/viewvc/dcplusplus/dcplusplus/trunk/changelog.txt?r1=1027&r2=1026&pathrev=1027" + }, + { + "name": "1020410", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020410" + }, + { + "name": "30037", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30037" + }, + { + "name": "30907", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30907" + }, + { + "name": "30918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30918" + }, + { + "name": "FEDORA-2008-6018", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00101.html" + }, + { + "name": "1020409", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020409" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2963.json b/2008/2xxx/CVE-2008-2963.json index 8eea3724a18..9bb4eb15b9d 100644 --- a/2008/2xxx/CVE-2008-2963.json +++ b/2008/2xxx/CVE-2008-2963.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in MyBlog allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to (a) index.php, and the (2) id parameter to (b) member.php and (c) post.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5913", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5913" - }, - { - "name" : "29900", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29900" - }, - { - "name" : "myblog-view-id-sql-injection(43292)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in MyBlog allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to (a) index.php, and the (2) id parameter to (b) member.php and (c) post.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29900", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29900" + }, + { + "name": "5913", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5913" + }, + { + "name": "myblog-view-id-sql-injection(43292)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43292" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6112.json b/2008/6xxx/CVE-2008-6112.json index ddb868da015..1b082054086 100644 --- a/2008/6xxx/CVE-2008-6112.json +++ b/2008/6xxx/CVE-2008-6112.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Ez Ringtone Manager allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a detail action to (1) main.php and (2) template.php in ringtones/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7190", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7190" - }, - { - "name" : "32431", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32431" - }, - { - "name" : "32767", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32767" - }, - { - "name" : "ADV-2008-3244", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3244" - }, - { - "name" : "ezringtone-main-file-include(46791)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46791" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Ez Ringtone Manager allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a detail action to (1) main.php and (2) template.php in ringtones/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32431", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32431" + }, + { + "name": "ADV-2008-3244", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3244" + }, + { + "name": "ezringtone-main-file-include(46791)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46791" + }, + { + "name": "32767", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32767" + }, + { + "name": "7190", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7190" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6286.json b/2008/6xxx/CVE-2008-6286.json index f1e2cfa8d1c..cefa6c2b0cc 100644 --- a/2008/6xxx/CVE-2008-6286.json +++ b/2008/6xxx/CVE-2008-6286.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in SubscriberStart.asp in Active Newsletter 4.3 allow remote attackers to execute arbitrary SQL commands via (1) the email parameter (aka username or E-mail field), or (2) the password parameter (aka password field), to (a) Subscriber.asp or (b) start.asp. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7280", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7280" - }, - { - "name" : "32908", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32908" - }, - { - "name" : "activenewsletter-subscriber-sql-injection(46916)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46916" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in SubscriberStart.asp in Active Newsletter 4.3 allow remote attackers to execute arbitrary SQL commands via (1) the email parameter (aka username or E-mail field), or (2) the password parameter (aka password field), to (a) Subscriber.asp or (b) start.asp. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32908", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32908" + }, + { + "name": "7280", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7280" + }, + { + "name": "activenewsletter-subscriber-sql-injection(46916)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46916" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6326.json b/2008/6xxx/CVE-2008-6326.json index 2b93e8e0214..441630e2bf1 100644 --- a/2008/6xxx/CVE-2008-6326.json +++ b/2008/6xxx/CVE-2008-6326.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in login.php in Simple Customer as downloaded on 20081118 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "49916", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/49916" - }, - { - "name" : "32727", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32727" - }, - { - "name" : "simplecustomer-login-sql-injection(46675)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46675" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in login.php in Simple Customer as downloaded on 20081118 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32727", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32727" + }, + { + "name": "simplecustomer-login-sql-injection(46675)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46675" + }, + { + "name": "49916", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/49916" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6922.json b/2008/6xxx/CVE-2008-6922.json index f22b062faa2..97ee784fe23 100644 --- a/2008/6xxx/CVE-2008-6922.json +++ b/2008/6xxx/CVE-2008-6922.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to execute arbitrary code via a long argument to the (1) CreateUserPath, (2) Logout, (3) DeleteMailByUID, (4) MoveToInbox, (5) MoveToFolder, (6) DeleteMailEx, (7) GetMailDataEx, (8) SetReplySign, (9) SetForwardSign, and (10) SetReadSign methods, which are not properly handled by (a) the POP3 Class ActiveX control (CMailCom.POP3); or a long argument to the (11) AddAttach, (12) SetSubject, (13) SetBcc, (14) SetBody, (15) SetCc, (16) SetFrom, (17) SetTo, and (18) SetFromUID methods, which are not properly handled by the Class ActiveX control (CMailCOM.SMTP), as demonstrated via the indexOfMail parameter to mwmail.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6012", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6012" - }, - { - "name" : "30098", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30098" - }, - { - "name" : "46750", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46750" - }, - { - "name" : "30940", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30940" - }, - { - "name" : "cmailserver-movetofolder-bo(43594)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to execute arbitrary code via a long argument to the (1) CreateUserPath, (2) Logout, (3) DeleteMailByUID, (4) MoveToInbox, (5) MoveToFolder, (6) DeleteMailEx, (7) GetMailDataEx, (8) SetReplySign, (9) SetForwardSign, and (10) SetReadSign methods, which are not properly handled by (a) the POP3 Class ActiveX control (CMailCom.POP3); or a long argument to the (11) AddAttach, (12) SetSubject, (13) SetBcc, (14) SetBody, (15) SetCc, (16) SetFrom, (17) SetTo, and (18) SetFromUID methods, which are not properly handled by the Class ActiveX control (CMailCOM.SMTP), as demonstrated via the indexOfMail parameter to mwmail.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6012", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6012" + }, + { + "name": "46750", + "refsource": "OSVDB", + "url": "http://osvdb.org/46750" + }, + { + "name": "cmailserver-movetofolder-bo(43594)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43594" + }, + { + "name": "30098", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30098" + }, + { + "name": "30940", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30940" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1928.json b/2012/1xxx/CVE-2012-1928.json index 648e51e9c84..e733dfcb6c2 100644 --- a/2012/1xxx/CVE-2012-1928.json +++ b/2012/1xxx/CVE-2012-1928.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 11.62 allows remote attackers to spoof the address field by triggering a page reload followed by a redirect to a different domain." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/mac/1162/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/mac/1162/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/unix/1162/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unix/1162/" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/1162/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/1162/" - }, - { - "name" : "http://www.opera.com/support/kb/view/1014/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/1014/" - }, - { - "name" : "openSUSE-SU-2012:0610", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00012.html" - }, - { - "name" : "80624", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80624" - }, - { - "name" : "48535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48535" - }, - { - "name" : "opera-redirects-spoofing(74353)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 11.62 allows remote attackers to spoof the address field by triggering a page reload followed by a redirect to a different domain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/support/kb/view/1014/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/1014/" + }, + { + "name": "opera-redirects-spoofing(74353)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74353" + }, + { + "name": "http://www.opera.com/docs/changelogs/mac/1162/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/mac/1162/" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/1162/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/1162/" + }, + { + "name": "openSUSE-SU-2012:0610", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00012.html" + }, + { + "name": "http://www.opera.com/docs/changelogs/unix/1162/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unix/1162/" + }, + { + "name": "48535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48535" + }, + { + "name": "80624", + "refsource": "OSVDB", + "url": "http://osvdb.org/80624" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5091.json b/2012/5xxx/CVE-2012-5091.json index 24e2e4ae303..8b3381a265b 100644 --- a/2012/5xxx/CVE-2012-5091.json +++ b/2012/5xxx/CVE-2012-5091.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Agile Product Supplier Collaboration for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect confidentiality via unknown vectors related to Supplier Portal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-5091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "86380", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86380" - }, - { - "name" : "50999", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50999" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Agile Product Supplier Collaboration for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect confidentiality via unknown vectors related to Supplier Portal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "86380", + "refsource": "OSVDB", + "url": "http://osvdb.org/86380" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "50999", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50999" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5122.json b/2012/5xxx/CVE-2012-5122.json index 279d736d5ca..ae218e39981 100644 --- a/2012/5xxx/CVE-2012-5122.json +++ b/2012/5xxx/CVE-2012-5122.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 23.0.1271.64 does not properly perform a cast of an unspecified variable during handling of input, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-5122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=154465", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=154465" - }, - { - "name" : "56413", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56413" - }, - { - "name" : "87071", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87071" - }, - { - "name" : "oval:org.mitre.oval:def:15695", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15695" - }, - { - "name" : "chrome-cve20125122-code-exec(79869)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79869" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 23.0.1271.64 does not properly perform a cast of an unspecified variable during handling of input, which allows remote attackers to cause a denial of service or possibly have other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56413", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56413" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=154465", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=154465" + }, + { + "name": "87071", + "refsource": "OSVDB", + "url": "http://osvdb.org/87071" + }, + { + "name": "chrome-cve20125122-code-exec(79869)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79869" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html" + }, + { + "name": "oval:org.mitre.oval:def:15695", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15695" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5235.json b/2012/5xxx/CVE-2012-5235.json index 86f6bd7ff89..56239a82690 100644 --- a/2012/5xxx/CVE-2012-5235.json +++ b/2012/5xxx/CVE-2012-5235.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5235", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5235", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5384.json b/2012/5xxx/CVE-2012-5384.json index edc0eda255a..668ecf4b12e 100644 --- a/2012/5xxx/CVE-2012-5384.json +++ b/2012/5xxx/CVE-2012-5384.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/README.txt/download", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/README.txt/download" - }, - { - "name" : "http://sourceforge.net/tracker/?func=detail&aid=3488543&group_id=3870&atid=303870", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/?func=detail&aid=3488543&group_id=3870&atid=303870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/README.txt/download", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/README.txt/download" + }, + { + "name": "http://sourceforge.net/tracker/?func=detail&aid=3488543&group_id=3870&atid=303870", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/?func=detail&aid=3488543&group_id=3870&atid=303870" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5579.json b/2012/5xxx/CVE-2012-5579.json index 32b37946d76..f622c3c9525 100644 --- a/2012/5xxx/CVE-2012-5579.json +++ b/2012/5xxx/CVE-2012-5579.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5579", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5611. Reason: This candidate is a duplicate of CVE-2012-5611. Notes: All CVE users should reference CVE-2012-5611 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-5579", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5611. Reason: This candidate is a duplicate of CVE-2012-5611. Notes: All CVE users should reference CVE-2012-5611 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5601.json b/2012/5xxx/CVE-2012-5601.json index c0547032bd2..31cf618b7c0 100644 --- a/2012/5xxx/CVE-2012-5601.json +++ b/2012/5xxx/CVE-2012-5601.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5601", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6055. Reason: This candidate is a reservation duplicate of CVE-2012-6055. Notes: All CVE users should reference CVE-2012-6055 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-5601", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6055. Reason: This candidate is a reservation duplicate of CVE-2012-6055. Notes: All CVE users should reference CVE-2012-6055 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11026.json b/2017/11xxx/CVE-2017-11026.json index a39c51e3dc9..077277178a8 100644 --- a/2017/11xxx/CVE-2017-11026.json +++ b/2017/11xxx/CVE-2017-11026.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-11-01T00:00:00", - "ID" : "CVE-2017-11026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing FRP partition using reference FRP unlock, authentication method can be compromised for static keys." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Authorization in Boot" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-11-01T00:00:00", + "ID": "CVE-2017-11026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-11-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing FRP partition using reference FRP unlock, authentication method can be compromised for static keys." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authorization in Boot" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11234.json b/2017/11xxx/CVE-2017-11234.json index 6633bd2ce78..cad9502d495 100644 --- a/2017/11xxx/CVE-2017-11234.json +++ b/2017/11xxx/CVE-2017-11234.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-11234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Acrobat Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2017.009.20058 and earlier" - }, - { - "version_value" : "2017.008.30051 and earlier" - }, - { - "version_value" : "2015.006.30306 and earlier" - }, - { - "version_value" : "11.0.20 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe Systems Incorporated" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF data related to the way how the components of each pixel are stored. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-11234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_value": "2017.009.20058 and earlier" + }, + { + "version_value": "2017.008.30051 and earlier" + }, + { + "version_value": "2015.006.30306 and earlier" + }, + { + "version_value": "11.0.20 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Adobe Systems Incorporated" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" - }, - { - "name" : "100179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100179" - }, - { - "name" : "1039098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF data related to the way how the components of each pixel are stored. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" + }, + { + "name": "1039098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039098" + }, + { + "name": "100179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100179" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11502.json b/2017/11xxx/CVE-2017-11502.json index 31893ba02ea..1d6e96d13aa 100644 --- a/2017/11xxx/CVE-2017-11502.json +++ b/2017/11xxx/CVE-2017-11502.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11502", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with \"GET /../\" on TCP port 4321." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11502", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.securiteam.com/index.php/archives/2911#more-2911", - "refsource" : "MISC", - "url" : "https://blogs.securiteam.com/index.php/archives/2911#more-2911" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with \"GET /../\" on TCP port 4321." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.securiteam.com/index.php/archives/2911#more-2911", + "refsource": "MISC", + "url": "https://blogs.securiteam.com/index.php/archives/2911#more-2911" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11645.json b/2017/11xxx/CVE-2017-11645.json index f5304299436..8ed04d31bd6 100644 --- a/2017/11xxx/CVE-2017-11645.json +++ b/2017/11xxx/CVE-2017-11645.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://iscouncil.blogspot.com/2017/07/access-violation-vulnerability-in.html", - "refsource" : "MISC", - "url" : "https://iscouncil.blogspot.com/2017/07/access-violation-vulnerability-in.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://iscouncil.blogspot.com/2017/07/access-violation-vulnerability-in.html", + "refsource": "MISC", + "url": "https://iscouncil.blogspot.com/2017/07/access-violation-vulnerability-in.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11671.json b/2017/11xxx/CVE-2017-11671.json index 528dde7cbef..10f1e42d201 100644 --- a/2017/11xxx/CVE-2017-11671.json +++ b/2017/11xxx/CVE-2017-11671.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/07/27/2", - "refsource" : "CONFIRM", - "url" : "http://openwall.com/lists/oss-security/2017/07/27/2" - }, - { - "name" : "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180", - "refsource" : "CONFIRM", - "url" : "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180" - }, - { - "name" : "https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html", - "refsource" : "CONFIRM", - "url" : "https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html" - }, - { - "name" : "RHSA-2018:0849", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0849" - }, - { - "name" : "100018", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://openwall.com/lists/oss-security/2017/07/27/2", + "refsource": "CONFIRM", + "url": "http://openwall.com/lists/oss-security/2017/07/27/2" + }, + { + "name": "100018", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100018" + }, + { + "name": "RHSA-2018:0849", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0849" + }, + { + "name": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180", + "refsource": "CONFIRM", + "url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180" + }, + { + "name": "https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html", + "refsource": "CONFIRM", + "url": "https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11989.json b/2017/11xxx/CVE-2017-11989.json index 80442ed1788..6f3beb18018 100644 --- a/2017/11xxx/CVE-2017-11989.json +++ b/2017/11xxx/CVE-2017-11989.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11989", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11989", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15412.json b/2017/15xxx/CVE-2017-15412.json index f06492ebfca..d4ba598348a 100644 --- a/2017/15xxx/CVE-2017-15412.json +++ b/2017/15xxx/CVE-2017-15412.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2017-15412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Google Chrome prior to 63.0.3239.84 unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Google Chrome prior to 63.0.3239.84 unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2017-15412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Google Chrome prior to 63.0.3239.84 unknown", + "version": { + "version_data": [ + { + "version_value": "Google Chrome prior to 63.0.3239.84 unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171218 [SECURITY] [DLA 1211-1] libxml2 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=783160", - "refsource" : "MISC", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=783160" - }, - { - "name" : "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", - "refsource" : "MISC", - "url" : "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html" - }, - { - "name" : "https://crbug.com/727039", - "refsource" : "MISC", - "url" : "https://crbug.com/727039" - }, - { - "name" : "DSA-4086", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4086" - }, - { - "name" : "GLSA-201801-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201801-03" - }, - { - "name" : "RHSA-2017:3401", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3401" - }, - { - "name" : "RHSA-2018:0287", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0287" - }, - { - "name" : "1040348", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040348" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040348", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040348" + }, + { + "name": "https://crbug.com/727039", + "refsource": "MISC", + "url": "https://crbug.com/727039" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=783160", + "refsource": "MISC", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=783160" + }, + { + "name": "DSA-4086", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4086" + }, + { + "name": "RHSA-2018:0287", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0287" + }, + { + "name": "[debian-lts-announce] 20171218 [SECURITY] [DLA 1211-1] libxml2 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html" + }, + { + "name": "RHSA-2017:3401", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3401" + }, + { + "name": "GLSA-201801-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201801-03" + }, + { + "name": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15434.json b/2017/15xxx/CVE-2017-15434.json index 3de87d9cc99..357e67a8c87 100644 --- a/2017/15xxx/CVE-2017-15434.json +++ b/2017/15xxx/CVE-2017-15434.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15434", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15434", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3095.json b/2017/3xxx/CVE-2017-3095.json index 22688d8f41c..190f081b580 100644 --- a/2017/3xxx/CVE-2017-3095.json +++ b/2017/3xxx/CVE-2017-3095.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Digital Editions 4.5.4 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Digital Editions 4.5.4 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF parsing engine. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Digital Editions 4.5.4 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Digital Editions 4.5.4 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html" - }, - { - "name" : "99021", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99021" - }, - { - "name" : "1038658", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF parsing engine. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99021", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99021" + }, + { + "name": "1038658", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038658" + }, + { + "name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3201.json b/2017/3xxx/CVE-2017-3201.json index 95f224d5211..0f4f6fd9f4e 100644 --- a/2017/3xxx/CVE-2017-3201.json +++ b/2017/3xxx/CVE-2017-3201.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2017-3201", - "STATE" : "PUBLIC", - "TITLE" : "Flamingo amf-serializer by Exadel, version 2.2.0, Action Message Format (AMF3) Java implementation is vulnerable to insecure deserialization" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Flamingo amf-serializer", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_name" : "2.2.0", - "version_value" : "2.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Exadel" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0 derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-502: Deserialization of Untrusted Data" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-3201", + "STATE": "PUBLIC", + "TITLE": "Flamingo amf-serializer by Exadel, version 2.2.0, Action Message Format (AMF3) Java implementation is vulnerable to insecure deserialization" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Flamingo amf-serializer", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "2.2.0", + "version_value": "2.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Exadel" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution", - "refsource" : "MISC", - "url" : "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution" - }, - { - "name" : "https://codewhitesec.blogspot.com/2017/04/amf.html", - "refsource" : "MISC", - "url" : "https://codewhitesec.blogspot.com/2017/04/amf.html" - }, - { - "name" : "VU#307983", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/307983" - }, - { - "name" : "97380", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97380" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Java implementation of AMF3 deserializers used in Flamingo amf-serializer by Exadel, version 2.2.0 derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may be able to send serialized Java objects that execute arbitrary code when deserialized." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502: Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://codewhitesec.blogspot.com/2017/04/amf.html", + "refsource": "MISC", + "url": "https://codewhitesec.blogspot.com/2017/04/amf.html" + }, + { + "name": "VU#307983", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/307983" + }, + { + "name": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution", + "refsource": "MISC", + "url": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution" + }, + { + "name": "97380", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97380" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3753.json b/2017/3xxx/CVE-2017-3753.json index f46260fd9bd..ccd12f0fc0b 100644 --- a/2017/3xxx/CVE-2017-3753.json +++ b/2017/3xxx/CVE-2017-3753.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "DATE_PUBLIC" : "2017-07-27T00:00:00", - "ID" : "CVE-2017-3753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Desktop and Notebook BIOS", - "version" : { - "version_data" : [ - { - "version_value" : "various" - } - ] - } - } - ] - }, - "vendor_name" : "Lenovo Group Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Execution of code in System Management Mode by an attacker with local administrative access" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2017-07-27T00:00:00", + "ID": "CVE-2017-3753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Desktop and Notebook BIOS", + "version": { + "version_data": [ + { + "version_value": "various" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo Group Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/product_security/LEN-14695", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/product_security/LEN-14695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execution of code in System Management Mode by an attacker with local administrative access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/product_security/LEN-14695", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/product_security/LEN-14695" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3764.json b/2017/3xxx/CVE-2017-3764.json index f7348a43e0a..f95db9b418d 100644 --- a/2017/3xxx/CVE-2017-3764.json +++ b/2017/3xxx/CVE-2017-3764.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "DATE_PUBLIC" : "2017-11-30T00:00:00", - "ID" : "CVE-2017-3764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "xClarity Administrator", - "version" : { - "version_data" : [ - { - "version_value" : "Earlier than 1.4.0" - } - ] - } - } - ] - }, - "vendor_name" : "Lenovo Group Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. No password information of the user accounts is exposed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unauthenticated User Enumeration" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2017-11-30T00:00:00", + "ID": "CVE-2017-3764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "xClarity Administrator", + "version": { + "version_data": [ + { + "version_value": "Earlier than 1.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo Group Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/product_security/LEN-16335", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/product_security/LEN-16335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was identified in Lenovo XClarity Administrator (LXCA) before 1.4.0 where LXCA user account names may be exposed to unauthenticated users with access to the LXCA web user interface. No password information of the user accounts is exposed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthenticated User Enumeration" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/product_security/LEN-16335", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/product_security/LEN-16335" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3947.json b/2017/3xxx/CVE-2017-3947.json index 24f237e52df..ec90d9a5fcb 100644 --- a/2017/3xxx/CVE-2017-3947.json +++ b/2017/3xxx/CVE-2017-3947.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3947", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-3947", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8071.json b/2017/8xxx/CVE-2017-8071.json index 84abcfea6c7..58a571fb620 100644 --- a/2017/8xxx/CVE-2017-8071.json +++ b/2017/8xxx/CVE-2017-8071.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial of service (deadlock) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170416 Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/04/16/4" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.9", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.9" - }, - { - "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7a7b5df84b6b4e5d599c7289526eed96541a0654", - "refsource" : "CONFIRM", - "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7a7b5df84b6b4e5d599c7289526eed96541a0654" - }, - { - "name" : "https://github.com/torvalds/linux/commit/7a7b5df84b6b4e5d599c7289526eed96541a0654", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/7a7b5df84b6b4e5d599c7289526eed96541a0654" - }, - { - "name" : "97991", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial of service (deadlock) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7a7b5df84b6b4e5d599c7289526eed96541a0654", + "refsource": "CONFIRM", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7a7b5df84b6b4e5d599c7289526eed96541a0654" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.9", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.9" + }, + { + "name": "[oss-security] 20170416 Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/04/16/4" + }, + { + "name": "97991", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97991" + }, + { + "name": "https://github.com/torvalds/linux/commit/7a7b5df84b6b4e5d599c7289526eed96541a0654", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/7a7b5df84b6b4e5d599c7289526eed96541a0654" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8157.json b/2017/8xxx/CVE-2017-8157.json index ef39f7c2981..dd8dbc71b8b 100644 --- a/2017/8xxx/CVE-2017-8157.json +++ b/2017/8xxx/CVE-2017-8157.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "OceanStor 5800 V3, OceanStor 6900 V3", - "version" : { - "version_data" : [ - { - "version_value" : "OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "information leakage" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OceanStor 5800 V3, OceanStor 6900 V3", + "version": { + "version_data": [ + { + "version_value": "OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-oceanstor-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-oceanstor-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information leakage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-oceanstor-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-oceanstor-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8201.json b/2017/8xxx/CVE-2017-8201.json index 9c8f7be49db..5e05bd97971 100644 --- a/2017/8xxx/CVE-2017-8201.json +++ b/2017/8xxx/CVE-2017-8201.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MAX PRESENCE,TP3106,TP3206,", - "version" : { - "version_data" : [ - { - "version_value" : "V100R001C00,V100R002C00,V100R002C00," - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an a memory leak vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "a memory leak" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MAX PRESENCE,TP3106,TP3206,", + "version": { + "version_data": [ + { + "version_value": "V100R001C00,V100R002C00,V100R002C00," + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-h323-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-h323-en" - }, - { - "name" : "101952", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101952" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an a memory leak vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit could cause a memory leak and eventual denial of service (DoS) condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "a memory leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-h323-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-h323-en" + }, + { + "name": "101952", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101952" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8235.json b/2017/8xxx/CVE-2017-8235.json index c0f09d164f8..4078f75c935 100644 --- a/2017/8xxx/CVE-2017-8235.json +++ b/2017/8xxx/CVE-2017-8235.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-8235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free Vulnerability in Camera" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-8235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-06-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-06-01" - }, - { - "name" : "1038623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free Vulnerability in Camera" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-06-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-06-01" + }, + { + "name": "1038623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038623" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8443.json b/2017/8xxx/CVE-2017-8443.json index 7f3e7145f62..b540f8a7de2 100644 --- a/2017/8xxx/CVE-2017-8443.json +++ b/2017/8xxx/CVE-2017-8443.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@elastic.co", - "ID" : "CVE-2017-8443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kibana X-Pack Security", - "version" : { - "version_data" : [ - { - "version_value" : "before 5.4.3" - } - ] - } - } - ] - }, - "vendor_name" : "Elastic" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be viewed by untrusted parties or logged into the Kibana access logs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-598: Information Exposure Through Query Strings in GET Request" - } + "CVE_data_meta": { + "ASSIGNER": "security@elastic.co", + "ID": "CVE-2017-8443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kibana X-Pack Security", + "version": { + "version_data": [ + { + "version_value": "before 5.4.3" + } + ] + } + } + ] + }, + "vendor_name": "Elastic" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.elastic.co/community/security", - "refsource" : "CONFIRM", - "url" : "https://www.elastic.co/community/security" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be viewed by untrusted parties or logged into the Kibana access logs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-598: Information Exposure Through Query Strings in GET Request" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.elastic.co/community/security", + "refsource": "CONFIRM", + "url": "https://www.elastic.co/community/security" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10784.json b/2018/10xxx/CVE-2018-10784.json index d9dfaddd279..d7c2d8df670 100644 --- a/2018/10xxx/CVE-2018-10784.json +++ b/2018/10xxx/CVE-2018-10784.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10784", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10784", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10891.json b/2018/10xxx/CVE-2018-10891.json index 4baed670880..c1cfdd7c896 100644 --- a/2018/10xxx/CVE-2018-10891.json +++ b/2018/10xxx/CVE-2018-10891.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-10891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "moodle", - "version" : { - "version_data" : [ - { - "version_value" : "moodle 3.5.1" - }, - { - "version_value" : "moodle 3.4.4" - }, - { - "version_value" : "moodle 3.3.7" - }, - { - "version_value" : "moodle 3.1.13" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "moodle", + "version": { + "version_data": [ + { + "version_value": "moodle 3.5.1" + }, + { + "version_value": "moodle 3.4.4" + }, + { + "version_value": "moodle 3.3.7" + }, + { + "version_value": "moodle 3.1.13" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10891", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10891" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=373371", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=373371" - }, - { - "name" : "104739", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://moodle.org/mod/forum/discuss.php?d=373371", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=373371" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10891", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10891" + }, + { + "name": "104739", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104739" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10900.json b/2018/10xxx/CVE-2018-10900.json index 5622286dce0..f0237fb4e4c 100644 --- a/2018/10xxx/CVE-2018-10900.json +++ b/2018/10xxx/CVE-2018-10900.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-10900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "networkmanager-vpnc", - "version" : { - "version_data" : [ - { - "version_value" : "NetworkManager-vpnc 1.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "8.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "networkmanager-vpnc", + "version": { + "version_data": [ + { + "version_value": "NetworkManager-vpnc 1.2.6" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45313", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45313/" - }, - { - "name" : "[debian-lts-announce] 20180731 [SECURITY] [DLA 1454-1] network-manager-vpnc security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00048.html" - }, - { - "name" : "https://pulsesecurity.co.nz/advisories/NM-VPNC-Privesc", - "refsource" : "MISC", - "url" : "https://pulsesecurity.co.nz/advisories/NM-VPNC-Privesc" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=1101147", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=1101147" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10900", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10900" - }, - { - "name" : "https://download.gnome.org/sources/NetworkManager-vpnc/1.2/NetworkManager-vpnc-1.2.6.news", - "refsource" : "CONFIRM", - "url" : "https://download.gnome.org/sources/NetworkManager-vpnc/1.2/NetworkManager-vpnc-1.2.6.news" - }, - { - "name" : "https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4", - "refsource" : "CONFIRM", - "url" : "https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4" - }, - { - "name" : "DSA-4253", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4253" - }, - { - "name" : "GLSA-201808-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201808-03" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "8.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4253", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4253" + }, + { + "name": "https://pulsesecurity.co.nz/advisories/NM-VPNC-Privesc", + "refsource": "MISC", + "url": "https://pulsesecurity.co.nz/advisories/NM-VPNC-Privesc" + }, + { + "name": "https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4", + "refsource": "CONFIRM", + "url": "https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4" + }, + { + "name": "GLSA-201808-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201808-03" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=1101147", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=1101147" + }, + { + "name": "[debian-lts-announce] 20180731 [SECURITY] [DLA 1454-1] network-manager-vpnc security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00048.html" + }, + { + "name": "https://download.gnome.org/sources/NetworkManager-vpnc/1.2/NetworkManager-vpnc-1.2.6.news", + "refsource": "CONFIRM", + "url": "https://download.gnome.org/sources/NetworkManager-vpnc/1.2/NetworkManager-vpnc-1.2.6.news" + }, + { + "name": "45313", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45313/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10900", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10900" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12082.json b/2018/12xxx/CVE-2018-12082.json index b851a7ae22a..c893bfeba66 100644 --- a/2018/12xxx/CVE-2018-12082.json +++ b/2018/12xxx/CVE-2018-12082.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12082", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for Fujinto (NTO), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12082", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://peckshield.com/2018/06/11/tradeTrap/", - "refsource" : "MISC", - "url" : "https://peckshield.com/2018/06/11/tradeTrap/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for Fujinto (NTO), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://peckshield.com/2018/06/11/tradeTrap/", + "refsource": "MISC", + "url": "https://peckshield.com/2018/06/11/tradeTrap/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12254.json b/2018/12xxx/CVE-2018-12254.json index 3c32f9cd884..d6c726234ab 100644 --- a/2018/12xxx/CVE-2018-12254.json +++ b/2018/12xxx/CVE-2018-12254.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20interest/ URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44893", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44893/" - }, - { - "name" : "https://m4k4br0.github.io/sql-injection-joomla-component/", - "refsource" : "MISC", - "url" : "https://m4k4br0.github.io/sql-injection-joomla-component/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20interest/ URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44893", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44893/" + }, + { + "name": "https://m4k4br0.github.io/sql-injection-joomla-component/", + "refsource": "MISC", + "url": "https://m4k4br0.github.io/sql-injection-joomla-component/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12398.json b/2018/12xxx/CVE-2018-12398.json index b0e446fdc31..86489ef24bb 100644 --- a/2018/12xxx/CVE-2018-12398.json +++ b/2018/12xxx/CVE-2018-12398.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-12398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "63" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). This vulnerability affects Firefox < 63." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CSP bypass through stylesheet injection in resource URIs" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-12398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "63" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1460538", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1460538" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1488061", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1488061" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-26/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-26/" - }, - { - "name" : "USN-3801-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3801-1/" - }, - { - "name" : "105721", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105721" - }, - { - "name" : "1041944", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject stylesheets and bypass Content Security Policy (CSP). This vulnerability affects Firefox < 63." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CSP bypass through stylesheet injection in resource URIs" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-26/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-26/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1460538", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1460538" + }, + { + "name": "105721", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105721" + }, + { + "name": "USN-3801-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3801-1/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1488061", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1488061" + }, + { + "name": "1041944", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041944" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12415.json b/2018/12xxx/CVE-2018-12415.json index 7a70efba34b..95bf30feb7f 100644 --- a/2018/12xxx/CVE-2018-12415.json +++ b/2018/12xxx/CVE-2018-12415.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@tibco.com", - "ID" : "CVE-2018-12415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Messaging Service, TIBCO Enterprise Messaging Service - Community Edition, and TIBCO Enterprise Messaging Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Messaging Service: versions up to and including 8.4.0, TIBCO Enterprise Messaging Service - Community Edition: versions up to and including 8.4.0, and TIBCO Enterprise Messaging Service - Developer Edition versions up to and including 8.4.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "ID": "CVE-2018-12415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.tibco.com/services/support/advisories", - "refsource" : "MISC", - "url" : "http://www.tibco.com/services/support/advisories" - }, - { - "name" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service", - "refsource" : "CONFIRM", - "url" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service" - }, - { - "name" : "105850", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105850" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Messaging Service, TIBCO Enterprise Messaging Service - Community Edition, and TIBCO Enterprise Messaging Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Messaging Service: versions up to and including 8.4.0, TIBCO Enterprise Messaging Service - Community Edition: versions up to and including 8.4.0, and TIBCO Enterprise Messaging Service - Developer Edition versions up to and including 8.4.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/services/support/advisories", + "refsource": "MISC", + "url": "http://www.tibco.com/services/support/advisories" + }, + { + "name": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service", + "refsource": "CONFIRM", + "url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service" + }, + { + "name": "105850", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105850" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12836.json b/2018/12xxx/CVE-2018-12836.json index 4037fa539d8..7c04209116b 100644 --- a/2018/12xxx/CVE-2018-12836.json +++ b/2018/12xxx/CVE-2018-12836.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12836", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105436", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105436" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "105436", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105436" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12959.json b/2018/12xxx/CVE-2018-12959.json index 231c600e495..8a9221a8846 100644 --- a/2018/12xxx/CVE-2018-12959.json +++ b/2018/12xxx/CVE-2018-12959.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rootclay/Audit-of-smart-contracts/tree/master/0x8810C63470d38639954c6B41AaC545848C46484a", - "refsource" : "MISC", - "url" : "https://github.com/rootclay/Audit-of-smart-contracts/tree/master/0x8810C63470d38639954c6B41AaC545848C46484a" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The approveAndCall function of a smart contract implementation for Aditus (ADI), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all contract balances into their account)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rootclay/Audit-of-smart-contracts/tree/master/0x8810C63470d38639954c6B41AaC545848C46484a", + "refsource": "MISC", + "url": "https://github.com/rootclay/Audit-of-smart-contracts/tree/master/0x8810C63470d38639954c6B41AaC545848C46484a" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13448.json b/2018/13xxx/CVE-2018-13448.json index 8771dd2146a..d893db66d2f 100644 --- a/2018/13xxx/CVE-2018-13448.json +++ b/2018/13xxx/CVE-2018-13448.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb", - "refsource" : "MISC", - "url" : "https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the country_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb", + "refsource": "MISC", + "url": "https://github.com/Dolibarr/dolibarr/commit/36402c22eef49d60edd73a2f312f8e28fe0bd1cb" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13878.json b/2018/13xxx/CVE-2018-13878.json index 523ba5ba43e..a0bed73f601 100644 --- a/2018/13xxx/CVE-2018-13878.json +++ b/2018/13xxx/CVE-2018-13878.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. The real name of a username is displayed unescaped when the user is mentioned (using the @ symbol) in a channel or private chat. Consequently, it is possible to exfiltrate the secret token of every user and also admins in the channel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/RocketChat/Rocket.Chat/pull/10793", - "refsource" : "CONFIRM", - "url" : "https://github.com/RocketChat/Rocket.Chat/pull/10793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. The real name of a username is displayed unescaped when the user is mentioned (using the @ symbol) in a channel or private chat. Consequently, it is possible to exfiltrate the secret token of every user and also admins in the channel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/RocketChat/Rocket.Chat/pull/10793", + "refsource": "CONFIRM", + "url": "https://github.com/RocketChat/Rocket.Chat/pull/10793" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16500.json b/2018/16xxx/CVE-2018-16500.json index 508d2fc60d9..827971991ab 100644 --- a/2018/16xxx/CVE-2018-16500.json +++ b/2018/16xxx/CVE-2018-16500.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16500", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16500", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16531.json b/2018/16xxx/CVE-2018-16531.json index 18a5ecb59de..60eade3afdf 100644 --- a/2018/16xxx/CVE-2018-16531.json +++ b/2018/16xxx/CVE-2018-16531.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16531", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-16531", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16838.json b/2018/16xxx/CVE-2018-16838.json index 637cf49a558..dc055280cce 100644 --- a/2018/16xxx/CVE-2018-16838.json +++ b/2018/16xxx/CVE-2018-16838.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16838", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16838", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17422.json b/2018/17xxx/CVE-2018-17422.json index 5d6344d1e24..ee4c2eec1d3 100644 --- a/2018/17xxx/CVE-2018-17422.json +++ b/2018/17xxx/CVE-2018-17422.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/dotCMS/core/issues/15286", - "refsource" : "MISC", - "url" : "https://github.com/dotCMS/core/issues/15286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/dotCMS/core/issues/15286", + "refsource": "MISC", + "url": "https://github.com/dotCMS/core/issues/15286" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17451.json b/2018/17xxx/CVE-2018-17451.json index 54672b73aa1..c338f8e8811 100644 --- a/2018/17xxx/CVE-2018-17451.json +++ b/2018/17xxx/CVE-2018-17451.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17451", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17451", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17952.json b/2018/17xxx/CVE-2018-17952.json index 5b6305553d3..e44162336c3 100644 --- a/2018/17xxx/CVE-2018-17952.json +++ b/2018/17xxx/CVE-2018-17952.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "ID" : "CVE-2018-17952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NetIQ eDirectory 9.1 SP2", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 9.1 SP2" - } - ] - } - } - ] - }, - "vendor_name" : "Micro Focus" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross site scripting vulnerability in eDirectory prior to 9.1 SP2" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XSS" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2018-17952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetIQ eDirectory 9.1 SP2", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 9.1 SP2" + } + ] + } + } + ] + }, + "vendor_name": "Micro Focus" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html", - "refsource" : "MISC", - "url" : "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross site scripting vulnerability in eDirectory prior to 9.1 SP2" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html", + "refsource": "MISC", + "url": "https://www.netiq.com/documentation/edirectory-91/edirectory912_releasenotes/data/edirectory912_releasenotes.html" + } + ] + } +} \ No newline at end of file