From 93ab9acf2c7b60c9d254b7849bd3ecbf4cba99e8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:41:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2003/0xxx/CVE-2003-0278.json | 140 ++++----- 2003/1xxx/CVE-2003-1142.json | 140 ++++----- 2003/1xxx/CVE-2003-1377.json | 140 ++++----- 2003/1xxx/CVE-2003-1468.json | 140 ++++----- 2004/0xxx/CVE-2004-0030.json | 170 +++++------ 2004/0xxx/CVE-2004-0191.json | 210 ++++++------- 2004/0xxx/CVE-2004-0597.json | 530 ++++++++++++++++----------------- 2004/1xxx/CVE-2004-1695.json | 160 +++++----- 2004/2xxx/CVE-2004-2124.json | 180 +++++------ 2004/2xxx/CVE-2004-2270.json | 170 +++++------ 2004/2xxx/CVE-2004-2696.json | 170 +++++------ 2008/2xxx/CVE-2008-2755.json | 150 +++++----- 2008/2xxx/CVE-2008-2917.json | 190 ++++++------ 2008/6xxx/CVE-2008-6448.json | 160 +++++----- 2008/6xxx/CVE-2008-6842.json | 150 +++++----- 2008/6xxx/CVE-2008-6870.json | 130 ++++---- 2012/1xxx/CVE-2012-1065.json | 150 +++++----- 2012/5xxx/CVE-2012-5469.json | 130 ++++---- 2012/5xxx/CVE-2012-5593.json | 34 +-- 2012/5xxx/CVE-2012-5770.json | 140 ++++----- 2012/5xxx/CVE-2012-5816.json | 130 ++++---- 2017/11xxx/CVE-2017-11133.json | 120 ++++---- 2017/11xxx/CVE-2017-11320.json | 130 ++++---- 2017/11xxx/CVE-2017-11473.json | 160 +++++----- 2017/11xxx/CVE-2017-11898.json | 34 +-- 2017/11xxx/CVE-2017-11917.json | 34 +-- 2017/3xxx/CVE-2017-3162.json | 130 ++++---- 2017/3xxx/CVE-2017-3208.json | 150 +++++----- 2017/3xxx/CVE-2017-3298.json | 146 ++++----- 2017/3xxx/CVE-2017-3450.json | 170 +++++------ 2017/7xxx/CVE-2017-7339.json | 120 ++++---- 2017/7xxx/CVE-2017-7709.json | 34 +-- 2017/8xxx/CVE-2017-8004.json | 140 ++++----- 2017/8xxx/CVE-2017-8621.json | 142 ++++----- 2017/8xxx/CVE-2017-8937.json | 120 ++++---- 2018/10xxx/CVE-2018-10307.json | 130 ++++---- 2018/10xxx/CVE-2018-10881.json | 280 ++++++++--------- 2018/12xxx/CVE-2018-12244.json | 34 +-- 2018/12xxx/CVE-2018-12253.json | 34 +-- 2018/12xxx/CVE-2018-12840.json | 140 ++++----- 2018/13xxx/CVE-2018-13490.json | 130 ++++---- 2018/13xxx/CVE-2018-13767.json | 130 ++++---- 2018/16xxx/CVE-2018-16321.json | 34 +-- 2018/17xxx/CVE-2018-17235.json | 120 ++++---- 2018/17xxx/CVE-2018-17337.json | 120 ++++---- 2018/17xxx/CVE-2018-17691.json | 130 ++++---- 2018/17xxx/CVE-2018-17904.json | 130 ++++---- 47 files changed, 3278 insertions(+), 3278 deletions(-) diff --git a/2003/0xxx/CVE-2003-0278.json b/2003/0xxx/CVE-2003-0278.json index 590e50534ae..ec9b8059be0 100644 --- a/2003/0xxx/CVE-2003-0278.json +++ b/2003/0xxx/CVE-2003-0278.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to insert arbitrary web script via the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030512 One more flaw in Happymall", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105276130814262&w=2" - }, - { - "name" : "7557", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7557" - }, - { - "name" : "happymall-normalhtml-xss(11988)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to insert arbitrary web script via the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7557", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7557" + }, + { + "name": "happymall-normalhtml-xss(11988)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11988" + }, + { + "name": "20030512 One more flaw in Happymall", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105276130814262&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1142.json b/2003/1xxx/CVE-2003-1142.json index 38094a8f86f..c9c9dd1cd5f 100644 --- a/2003/1xxx/CVE-2003-1142.json +++ b/2003/1xxx/CVE-2003-1142.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031104 SRT2003-11-02-0218 - NIPrint LPD-LPR Local Help API SYSTEM exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/343258" - }, - { - "name" : "8969", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8969" - }, - { - "name" : "niprint-helpapi-gain-privileges(13592)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031104 SRT2003-11-02-0218 - NIPrint LPD-LPR Local Help API SYSTEM exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/343258" + }, + { + "name": "niprint-helpapi-gain-privileges(13592)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13592" + }, + { + "name": "8969", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8969" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1377.json b/2003/1xxx/CVE-2003-1377.json index e0c90bf2b22..0a3dc59007a 100644 --- a/2003/1xxx/CVE-2003-1377.json +++ b/2003/1xxx/CVE-2003-1377.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) 0.4.0 and 0.4.4 allows remote attackers to execute arbitrary code via a client with a long hostname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030223 sircd proof-of-concept / advisory", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/312924" - }, - { - "name" : "6924", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6924" - }, - { - "name" : "sircd-reverse-dns-bo(11409)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11409" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) 0.4.0 and 0.4.4 allows remote attackers to execute arbitrary code via a client with a long hostname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sircd-reverse-dns-bo(11409)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11409" + }, + { + "name": "6924", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6924" + }, + { + "name": "20030223 sircd proof-of-concept / advisory", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/312924" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1468.json b/2003/1xxx/CVE-2003-1468.json index fa69e16b358..65e8e5d9424 100644 --- a/2003/1xxx/CVE-2003-1468.json +++ b/2003/1xxx/CVE-2003-1468.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030512 Re: Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/321313" - }, - { - "name" : "7589", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7589" - }, - { - "name" : "phpnuke-weblinks-path-disclosure(12436)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12436" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030512 Re: Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/321313" + }, + { + "name": "7589", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7589" + }, + { + "name": "phpnuke-weblinks-path-disclosure(12436)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12436" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0030.json b/2004/0xxx/CVE-2004-0030.json index 99238ef2d10..a19665777bc 100644 --- a/2004/0xxx/CVE-2004-0030.json +++ b/2004/0xxx/CVE-2004-0030.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107340840209453&w=2" - }, - { - "name" : "9368", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9368" - }, - { - "name" : "3343", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3343" - }, - { - "name" : "1008632", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1008632" - }, - { - "name" : "10565", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10565" - }, - { - "name" : "phpgedview-pgvbasedirectory-file-include(14159)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14159" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9368", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9368" + }, + { + "name": "10565", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10565" + }, + { + "name": "1008632", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1008632" + }, + { + "name": "phpgedview-pgvbasedirectory-file-include(14159)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14159" + }, + { + "name": "20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107340840209453&w=2" + }, + { + "name": "3343", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3343" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0191.json b/2004/0xxx/CVE-2004-0191.json index 23244a21937..8276f3dcedd 100644 --- a/2004/0xxx/CVE-2004-0191.json +++ b/2004/0xxx/CVE-2004-0191.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040225 Sandblad #13: Cross-domain exploit on zombie document with event handlers", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107774710729469&w=2" - }, - { - "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=227417", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=227417" - }, - { - "name" : "RHSA-2004:110", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-110.html" - }, - { - "name" : "RHSA-2004:112", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-112.html" - }, - { - "name" : "SSRT4722", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=108448379429944&w=2" - }, - { - "name" : "mozilla-event-handler-xss(15322)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15322" - }, - { - "name" : "9747", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9747" - }, - { - "name" : "4062", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4062" - }, - { - "name" : "oval:org.mitre.oval:def:874", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874" - }, - { - "name" : "oval:org.mitre.oval:def:937", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2004:110", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-110.html" + }, + { + "name": "RHSA-2004:112", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-112.html" + }, + { + "name": "SSRT4722", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=108448379429944&w=2" + }, + { + "name": "4062", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4062" + }, + { + "name": "mozilla-event-handler-xss(15322)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15322" + }, + { + "name": "9747", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9747" + }, + { + "name": "20040225 Sandblad #13: Cross-domain exploit on zombie document with event handlers", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107774710729469&w=2" + }, + { + "name": "oval:org.mitre.oval:def:937", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A937" + }, + { + "name": "oval:org.mitre.oval:def:874", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874" + }, + { + "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=227417", + "refsource": "CONFIRM", + "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=227417" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0597.json b/2004/0xxx/CVE-2004-0597.json index ac99c97dcef..060c58825f3 100644 --- a/2004/0xxx/CVE-2004-0597.json +++ b/2004/0xxx/CVE-2004-0597.json @@ -1,267 +1,267 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://scary.beasts.org/security/CESA-2004-001.txt", - "refsource" : "MISC", - "url" : "http://scary.beasts.org/security/CESA-2004-001.txt" - }, - { - "name" : "http://www.coresecurity.com/common/showdoc.php?idx=421&idxseccion=10", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/common/showdoc.php?idx=421&idxseccion=10" - }, - { - "name" : "20050209 MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110796779903455&w=2" - }, - { - "name" : "http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114816-02-1", - "refsource" : "CONFIRM", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114816-02-1" - }, - { - "name" : "APPLE-SA-2004-09-09", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/mhonarc/security-announce/msg00056.html" - }, - { - "name" : "CLA-2004:856", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000856" - }, - { - "name" : "DSA-536", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-536" - }, - { - "name" : "FLSA:1943", - "refsource" : "FEDORA", - "url" : "https://bugzilla.fedora.us/show_bug.cgi?id=1943" - }, - { - "name" : "FLSA:2089", - "refsource" : "FEDORA", - "url" : "http://marc.info/?l=bugtraq&m=109900315219363&w=2" - }, - { - "name" : "GLSA-200408-03", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200408-03.xml" - }, - { - "name" : "GLSA-200408-22", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml" - }, - { - "name" : "SSRT4778", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=109181639602978&w=2" - }, - { - "name" : "MDKSA-2004:079", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:079" - }, - { - "name" : "MDKSA-2006:212", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:212" - }, - { - "name" : "MDKSA-2006:213", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:213" - }, - { - "name" : "MS05-009", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-009" - }, - { - "name" : "RHSA-2004:402", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-402.html" - }, - { - "name" : "RHSA-2004:421", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-421.html" - }, - { - "name" : "RHSA-2004:429", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-429.html" - }, - { - "name" : "SCOSA-2004.16", - "refsource" : "SCO", - "url" : "http://marc.info/?l=bugtraq&m=109761239318458&w=2" - }, - { - "name" : "SCOSA-2005.49", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" - }, - { - "name" : "200663", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1" - }, - { - "name" : "SUSE-SA:2004:023", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_23_libpng.html" - }, - { - "name" : "2004-0040", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.net/errata/2004/0040/" - }, - { - "name" : "20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109163866717909&w=2" - }, - { - "name" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html" - }, - { - "name" : "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679" - }, - { - "name" : "TA04-217A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA04-217A.html" - }, - { - "name" : "TA05-039A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" - }, - { - "name" : "VU#388984", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/388984" - }, - { - "name" : "VU#817368", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/817368" - }, - { - "name" : "15495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15495" - }, - { - "name" : "10857", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10857" - }, - { - "name" : "oval:org.mitre.oval:def:2274", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2274" - }, - { - "name" : "oval:org.mitre.oval:def:2378", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2378" - }, - { - "name" : "oval:org.mitre.oval:def:594", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A594" - }, - { - "name" : "oval:org.mitre.oval:def:4492", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4492" - }, - { - "name" : "oval:org.mitre.oval:def:11284", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11284" - }, - { - "name" : "oval:org.mitre.oval:def:7709", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7709" - }, - { - "name" : "22957", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22957" - }, - { - "name" : "22958", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22958" - }, - { - "name" : "libpng-pnghandle-bo(16894)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2004-0040", + "refsource": "TRUSTIX", + "url": "http://www.trustix.net/errata/2004/0040/" + }, + { + "name": "200663", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1" + }, + { + "name": "oval:org.mitre.oval:def:2274", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2274" + }, + { + "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html" + }, + { + "name": "SCOSA-2005.49", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" + }, + { + "name": "RHSA-2004:421", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html" + }, + { + "name": "RHSA-2004:402", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-402.html" + }, + { + "name": "GLSA-200408-22", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml" + }, + { + "name": "22958", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22958" + }, + { + "name": "http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114816-02-1", + "refsource": "CONFIRM", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-114816-02-1" + }, + { + "name": "FLSA:2089", + "refsource": "FEDORA", + "url": "http://marc.info/?l=bugtraq&m=109900315219363&w=2" + }, + { + "name": "FLSA:1943", + "refsource": "FEDORA", + "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1943" + }, + { + "name": "oval:org.mitre.oval:def:594", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A594" + }, + { + "name": "TA05-039A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" + }, + { + "name": "libpng-pnghandle-bo(16894)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16894" + }, + { + "name": "SCOSA-2004.16", + "refsource": "SCO", + "url": "http://marc.info/?l=bugtraq&m=109761239318458&w=2" + }, + { + "name": "http://scary.beasts.org/security/CESA-2004-001.txt", + "refsource": "MISC", + "url": "http://scary.beasts.org/security/CESA-2004-001.txt" + }, + { + "name": "RHSA-2004:429", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-429.html" + }, + { + "name": "oval:org.mitre.oval:def:2378", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2378" + }, + { + "name": "15495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15495" + }, + { + "name": "DSA-536", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-536" + }, + { + "name": "VU#388984", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/388984" + }, + { + "name": "APPLE-SA-2004-09-09", + "refsource": "APPLE", + "url": "http://lists.apple.com/mhonarc/security-announce/msg00056.html" + }, + { + "name": "VU#817368", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/817368" + }, + { + "name": "20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109163866717909&w=2" + }, + { + "name": "oval:org.mitre.oval:def:4492", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4492" + }, + { + "name": "SSRT4778", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=109181639602978&w=2" + }, + { + "name": "MS05-009", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-009" + }, + { + "name": "MDKSA-2006:213", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:213" + }, + { + "name": "TA04-217A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA04-217A.html" + }, + { + "name": "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679" + }, + { + "name": "oval:org.mitre.oval:def:7709", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7709" + }, + { + "name": "MDKSA-2006:212", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:212" + }, + { + "name": "20050209 MSN Messenger PNG Image Buffer Overflow Download Shellcoded Exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110796779903455&w=2" + }, + { + "name": "http://www.coresecurity.com/common/showdoc.php?idx=421&idxseccion=10", + "refsource": "MISC", + "url": "http://www.coresecurity.com/common/showdoc.php?idx=421&idxseccion=10" + }, + { + "name": "CLA-2004:856", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000856" + }, + { + "name": "10857", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10857" + }, + { + "name": "SUSE-SA:2004:023", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_23_libpng.html" + }, + { + "name": "GLSA-200408-03", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-03.xml" + }, + { + "name": "oval:org.mitre.oval:def:11284", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11284" + }, + { + "name": "MDKSA-2004:079", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:079" + }, + { + "name": "22957", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22957" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1695.json b/2004/1xxx/CVE-2004-1695.json index 084bb656e12..ab2034956a6 100644 --- a/2004/1xxx/CVE-2004-1695.json +++ b/2004/1xxx/CVE-2004-1695.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to bypass authentication for the remote administration feature via a URL that contains an extra leading / (slash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040921 Multiple Vulnerabilities In EmuLive Server4", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109577497718374&w=2" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00051-09202004", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00051-09202004" - }, - { - "name" : "11226", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11226" - }, - { - "name" : "12616", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12616" - }, - { - "name" : "emuliveserver4-url-gain-access(17450)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17450" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to bypass authentication for the remote administration feature via a URL that contains an extra leading / (slash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040921 Multiple Vulnerabilities In EmuLive Server4", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109577497718374&w=2" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00051-09202004", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00051-09202004" + }, + { + "name": "12616", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12616" + }, + { + "name": "emuliveserver4-url-gain-access(17450)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17450" + }, + { + "name": "11226", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11226" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2124.json b/2004/2xxx/CVE-2004-2124.json index 9753ef1fbc9..5b3d4731956 100644 --- a/2004/2xxx/CVE-2004-2124.json +++ b/2004/2xxx/CVE-2004-2124.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2124", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2124", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040127 Remote exploit in Gallery 1.3.1, 1.3.2, 1.3.3, 1.4 and 1.4.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107524414317693&w=2" - }, - { - "name" : "GLSA-200402-04", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200402-04.xml" - }, - { - "name" : "http://gallery.menalto.com/modules.php?op=modload&name=News&file=index", - "refsource" : "CONFIRM", - "url" : "http://gallery.menalto.com/modules.php?op=modload&name=News&file=index" - }, - { - "name" : "9490", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9490" - }, - { - "name" : "3737", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3737" - }, - { - "name" : "10712", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10712/" - }, - { - "name" : "gallery-gallerybasedir-file-include(14950)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9490", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9490" + }, + { + "name": "10712", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10712/" + }, + { + "name": "http://gallery.menalto.com/modules.php?op=modload&name=News&file=index", + "refsource": "CONFIRM", + "url": "http://gallery.menalto.com/modules.php?op=modload&name=News&file=index" + }, + { + "name": "gallery-gallerybasedir-file-include(14950)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14950" + }, + { + "name": "GLSA-200402-04", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200402-04.xml" + }, + { + "name": "20040127 Remote exploit in Gallery 1.3.1, 1.3.2, 1.3.3, 1.4 and 1.4.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107524414317693&w=2" + }, + { + "name": "3737", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3737" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2270.json b/2004/2xxx/CVE-2004-2270.json index 6f89dd5e9f9..c8a87b1e199 100644 --- a/2004/2xxx/CVE-2004-2270.json +++ b/2004/2xxx/CVE-2004-2270.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2270", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2270", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs?mode=18&ID=312", - "refsource" : "CONFIRM", - "url" : "https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs?mode=18&ID=312" - }, - { - "name" : "10310", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10310" - }, - { - "name" : "6008", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6008" - }, - { - "name" : "1010109", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010109" - }, - { - "name" : "11580", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11580" - }, - { - "name" : "ibm-pe-gain-privileges(16093)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-pe-gain-privileges(16093)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16093" + }, + { + "name": "6008", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6008" + }, + { + "name": "https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs?mode=18&ID=312", + "refsource": "CONFIRM", + "url": "https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs?mode=18&ID=312" + }, + { + "name": "10310", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10310" + }, + { + "name": "11580", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11580" + }, + { + "name": "1010109", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010109" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2696.json b/2004/2xxx/CVE-2004-2696.json index 1cdc4d67ca1..514f63f508f 100644 --- a/2004/2xxx/CVE-2004-2696.json +++ b/2004/2xxx/CVE-2004-2696.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an \"unexpected user identity\" to be used in an RMI call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA04-62.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/59" - }, - { - "name" : "10545", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10545" - }, - { - "name" : "7081", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7081" - }, - { - "name" : "1010493", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010493" - }, - { - "name" : "11865", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11865" - }, - { - "name" : "weblogic-unexpected-user-identity(16421)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16421" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an \"unexpected user identity\" to be used in an RMI call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11865", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11865" + }, + { + "name": "weblogic-unexpected-user-identity(16421)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16421" + }, + { + "name": "1010493", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010493" + }, + { + "name": "10545", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10545" + }, + { + "name": "BEA04-62.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/59" + }, + { + "name": "7081", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7081" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2755.json b/2008/2xxx/CVE-2008-2755.json index 6e4af969159..3080aa81980 100644 --- a/2008/2xxx/CVE-2008-2755.json +++ b/2008/2xxx/CVE-2008-2755.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in JAMM CMS allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5789", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5789" - }, - { - "name" : "29674", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29674" - }, - { - "name" : "30614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30614" - }, - { - "name" : "jamm-index-sql-injection(43023)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43023" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in JAMM CMS allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jamm-index-sql-injection(43023)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43023" + }, + { + "name": "5789", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5789" + }, + { + "name": "30614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30614" + }, + { + "name": "29674", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29674" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2917.json b/2008/2xxx/CVE-2008-2917.json index 2f8238aa5b5..749325bd577 100644 --- a/2008/2xxx/CVE-2008-2917.json +++ b/2008/2xxx/CVE-2008-2917.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in productsofcat.asp in E-SMART CART allows remote attackers to execute arbitrary SQL commands via the category_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080615 E-SMART CART (productsofcat.asp) Remote SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493372/100/0/threaded" - }, - { - "name" : "5805", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5805" - }, - { - "name" : "http://www.spanish-hackers.com/vuln/joss-40.txt", - "refsource" : "MISC", - "url" : "http://www.spanish-hackers.com/vuln/joss-40.txt" - }, - { - "name" : "29712", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29712" - }, - { - "name" : "1020296", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020296" - }, - { - "name" : "30687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30687" - }, - { - "name" : "3964", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3964" - }, - { - "name" : "esmartcart-productsofcat-sql-injection(43088)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in productsofcat.asp in E-SMART CART allows remote attackers to execute arbitrary SQL commands via the category_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020296", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020296" + }, + { + "name": "29712", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29712" + }, + { + "name": "http://www.spanish-hackers.com/vuln/joss-40.txt", + "refsource": "MISC", + "url": "http://www.spanish-hackers.com/vuln/joss-40.txt" + }, + { + "name": "30687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30687" + }, + { + "name": "esmartcart-productsofcat-sql-injection(43088)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43088" + }, + { + "name": "3964", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3964" + }, + { + "name": "5805", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5805" + }, + { + "name": "20080615 E-SMART CART (productsofcat.asp) Remote SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493372/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6448.json b/2008/6xxx/CVE-2008-6448.json index be38b21bea4..4116b1d4706 100644 --- a/2008/6xxx/CVE-2008-6448.json +++ b/2008/6xxx/CVE-2008-6448.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in install.cgi in SKYARC System MTCMS WYSIWYG Editor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mtcms.jp/01/3886.html", - "refsource" : "CONFIRM", - "url" : "http://www.mtcms.jp/01/3886.html" - }, - { - "name" : "JVN#21312708", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN21312708/index.html" - }, - { - "name" : "JVNDB-2008-000003", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000003.html" - }, - { - "name" : "34151", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34151" - }, - { - "name" : "wysiwyg-install-xss(49226)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49226" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in install.cgi in SKYARC System MTCMS WYSIWYG Editor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34151", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34151" + }, + { + "name": "JVN#21312708", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN21312708/index.html" + }, + { + "name": "JVNDB-2008-000003", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000003.html" + }, + { + "name": "http://www.mtcms.jp/01/3886.html", + "refsource": "CONFIRM", + "url": "http://www.mtcms.jp/01/3886.html" + }, + { + "name": "wysiwyg-install-xss(49226)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49226" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6842.json b/2008/6xxx/CVE-2008-6842.json index 99d63e3e75c..53821347d84 100644 --- a/2008/6xxx/CVE-2008-6842.json +++ b/2008/6xxx/CVE-2008-6842.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the post parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8271", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8271" - }, - { - "name" : "34207", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34207" - }, - { - "name" : "34415", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34415" - }, - { - "name" : "pluck-modulepagessite-file-include(49378)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the post parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34415", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34415" + }, + { + "name": "8271", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8271" + }, + { + "name": "pluck-modulepagessite-file-include(49378)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49378" + }, + { + "name": "34207", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34207" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6870.json b/2008/6xxx/CVE-2008-6870.json index d5ad7bafaf1..934023df7cb 100644 --- a/2008/6xxx/CVE-2008-6870.json +++ b/2008/6xxx/CVE-2008-6870.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Merlix Educate Server allows remote attackers to bypass intended security restrictions and obtain sensitive information via a direct request to (1) config.asp and (2) users.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7348", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7348" - }, - { - "name" : "educateservert-configusers-security-bypass(47107)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Merlix Educate Server allows remote attackers to bypass intended security restrictions and obtain sensitive information via a direct request to (1) config.asp and (2) users.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "educateservert-configusers-security-bypass(47107)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47107" + }, + { + "name": "7348", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7348" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1065.json b/2012/1xxx/CVE-2012-1065.json index 1ac2076b718..7a775563b12 100644 --- a/2012/1xxx/CVE-2012-1065.json +++ b/2012/1xxx/CVE-2012-1065.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insecure method vulnerability in TuxScripting.dll in the TuxSystem ActiveX control in 2X ApplicationServer 10.1 Build 1224 allows remote attackers to create or overwrite arbitrary files via the ExportSettings method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "51856", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51856" - }, - { - "name" : "78831", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78831" - }, - { - "name" : "47657", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47657" - }, - { - "name" : "2xapplication-activex-file-overwrite(72947)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insecure method vulnerability in TuxScripting.dll in the TuxSystem ActiveX control in 2X ApplicationServer 10.1 Build 1224 allows remote attackers to create or overwrite arbitrary files via the ExportSettings method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2xapplication-activex-file-overwrite(72947)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72947" + }, + { + "name": "47657", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47657" + }, + { + "name": "78831", + "refsource": "OSVDB", + "url": "http://osvdb.org/78831" + }, + { + "name": "51856", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51856" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5469.json b/2012/5xxx/CVE-2012-5469.json index b11bf4b6a27..05809830626 100644 --- a/2012/5xxx/CVE-2012-5469.json +++ b/2012/5xxx/CVE-2012-5469.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121212 'portable-phpMyAdmin (WordPress Plugin)' Authentication Bypass (CVE-2012-5469)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-12/0092.html" - }, - { - "name" : "http://wordpress.org/extend/plugins/portable-phpmyadmin/changelog/", - "refsource" : "MISC", - "url" : "http://wordpress.org/extend/plugins/portable-phpmyadmin/changelog/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wordpress.org/extend/plugins/portable-phpmyadmin/changelog/", + "refsource": "MISC", + "url": "http://wordpress.org/extend/plugins/portable-phpmyadmin/changelog/" + }, + { + "name": "20121212 'portable-phpMyAdmin (WordPress Plugin)' Authentication Bypass (CVE-2012-5469)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0092.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5593.json b/2012/5xxx/CVE-2012-5593.json index dbb7a4e2e68..d6cf1a05ed4 100644 --- a/2012/5xxx/CVE-2012-5593.json +++ b/2012/5xxx/CVE-2012-5593.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5593", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6053. Reason: This candidate is a reservation duplicate of CVE-2012-6053. Notes: All CVE users should reference CVE-2012-6053 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-5593", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6053. Reason: This candidate is a reservation duplicate of CVE-2012-6053. Notes: All CVE users should reference CVE-2012-6053 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5770.json b/2012/5xxx/CVE-2012-5770.json index cd71d5f153f..c7f47d4c190 100644 --- a/2012/5xxx/CVE-2012-5770.json +++ b/2012/5xxx/CVE-2012-5770.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic via a brute-force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-5770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21626029", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21626029" - }, - { - "name" : "IV32391", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391" - }, - { - "name" : "taddm-weak-ssl(80354)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80354" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "taddm-weak-ssl(80354)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80354" + }, + { + "name": "IV32391", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV32391" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21626029", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626029" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5816.json b/2012/5xxx/CVE-2012-5816.json index 5c38b10c34a..4cea4da0ab0 100644 --- a/2012/5xxx/CVE-2012-5816.json +++ b/2012/5xxx/CVE-2012-5816.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", - "refsource" : "MISC", - "url" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" - }, - { - "name" : "aim-ssl-spoofing(79935)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79935" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aim-ssl-spoofing(79935)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79935" + }, + { + "name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", + "refsource": "MISC", + "url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11133.json b/2017/11xxx/CVE-2017-11133.json index 5893697778a..f6e1a75062f 100644 --- a/2017/11xxx/CVE-2017-11133.json +++ b/2017/11xxx/CVE-2017-11133.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. To encrypt messages, AES in CBC mode is used with a pseudo-random secret. This secret and the IV are generated with math.random() in previous versions and with CryptoJS.lib.WordArray.random() in newer versions, which uses math.random() internally. This is not cryptographically strong." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jul/90", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jul/90" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. To encrypt messages, AES in CBC mode is used with a pseudo-random secret. This secret and the IV are generated with math.random() in previous versions and with CryptoJS.lib.WordArray.random() in newer versions, which uses math.random() internally. This is not cryptographically strong." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Jul/90", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Jul/90" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11320.json b/2017/11xxx/CVE-2017-11320.json index c2ee5ee0b2c..62fb1acef03 100644 --- a/2017/11xxx/CVE-2017-11320.json +++ b/2017/11xxx/CVE-2017-11320.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42427", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42427/" - }, - { - "name" : "http://seclists.org/fulldisclosure/2017/Aug/3", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Aug/3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Aug/3", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Aug/3" + }, + { + "name": "42427", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42427/" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11473.json b/2017/11xxx/CVE-2017-11473.json index 90c48ea8674..26a5ca13f71 100644 --- a/2017/11xxx/CVE-2017-11473.json +++ b/2017/11xxx/CVE-2017-11473.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=70ac67826602edf8c0ccb413e5ba7eacf597a60c", - "refsource" : "CONFIRM", - "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=70ac67826602edf8c0ccb413e5ba7eacf597a60c" - }, - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01" - }, - { - "name" : "RHSA-2018:0654", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0654" - }, - { - "name" : "USN-3754-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3754-1/" - }, - { - "name" : "100010", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=70ac67826602edf8c0ccb413e5ba7eacf597a60c", + "refsource": "CONFIRM", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=70ac67826602edf8c0ccb413e5ba7eacf597a60c" + }, + { + "name": "USN-3754-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3754-1/" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-01-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-01-01" + }, + { + "name": "RHSA-2018:0654", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0654" + }, + { + "name": "100010", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100010" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11898.json b/2017/11xxx/CVE-2017-11898.json index c2f2d31eacb..541ee8b1849 100644 --- a/2017/11xxx/CVE-2017-11898.json +++ b/2017/11xxx/CVE-2017-11898.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11898", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11898", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11917.json b/2017/11xxx/CVE-2017-11917.json index c49ee595224..de074bafa93 100644 --- a/2017/11xxx/CVE-2017-11917.json +++ b/2017/11xxx/CVE-2017-11917.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11917", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11917", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3162.json b/2017/3xxx/CVE-2017-3162.json index 0d253da52a6..bdc4e08eac0 100644 --- a/2017/3xxx/CVE-2017-3162.json +++ b/2017/3xxx/CVE-2017-3162.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-3162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Hadoop", - "version" : { - "version_data" : [ - { - "version_value" : "2.6.x and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unchecked parameter in query string" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-3162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Hadoop", + "version": { + "version_data": [ + { + "version_value": "2.6.x and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[hadoop-common-dev] 20170425 CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability", - "refsource" : "MLIST", - "url" : "https://s.apache.org/k2ss" - }, - { - "name" : "98017", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unchecked parameter in query string" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98017", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98017" + }, + { + "name": "[hadoop-common-dev] 20170425 CVE-2017-3162: Apache Hadoop DataNode web UI vulnerability", + "refsource": "MLIST", + "url": "https://s.apache.org/k2ss" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3208.json b/2017/3xxx/CVE-2017-3208.json index 44453034c2e..a4889fad7e6 100644 --- a/2017/3xxx/CVE-2017-3208.json +++ b/2017/3xxx/CVE-2017-3208.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2017-3208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, denial of service, or server side request forgery." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-3208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution", - "refsource" : "MISC", - "url" : "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution" - }, - { - "name" : "https://codewhitesec.blogspot.com/2017/04/amf.html", - "refsource" : "MISC", - "url" : "https://codewhitesec.blogspot.com/2017/04/amf.html" - }, - { - "name" : "VU#307983", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/307983" - }, - { - "name" : "97384", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97384" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references (XXEs) from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, denial of service, or server side request forgery." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://codewhitesec.blogspot.com/2017/04/amf.html", + "refsource": "MISC", + "url": "https://codewhitesec.blogspot.com/2017/04/amf.html" + }, + { + "name": "VU#307983", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/307983" + }, + { + "name": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution", + "refsource": "MISC", + "url": "http://www.securityweek.com/flaws-java-amf-libraries-allow-remote-code-execution" + }, + { + "name": "97384", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97384" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3298.json b/2017/3xxx/CVE-2017-3298.json index c3b230b974b..2c67b5888d8 100644 --- a/2017/3xxx/CVE-2017-3298.json +++ b/2017/3xxx/CVE-2017-3298.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_value" : "8.54" - }, - { - "version_value" : "8.55" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.54" + }, + { + "version_value": "8.55" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95504", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95504" - }, - { - "name" : "1037634", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037634" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95504", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95504" + }, + { + "name": "1037634", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037634" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3450.json b/2017/3xxx/CVE-2017-3450.json index 54fcbd42920..c2a422e873f 100644 --- a/2017/3xxx/CVE-2017-3450.json +++ b/2017/3xxx/CVE-2017-3450.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.6.35 and earlier" - }, - { - "version_affected" : "=", - "version_value" : "5.7.17 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.6.35 and earlier" + }, + { + "version_affected": "=", + "version_value": "5.7.17 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "RHSA-2017:2886", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2886" - }, - { - "name" : "RHSA-2017:2787", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2787" - }, - { - "name" : "97747", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97747" - }, - { - "name" : "1038287", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:2787", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2787" + }, + { + "name": "1038287", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038287" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "97747", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97747" + }, + { + "name": "RHSA-2017:2886", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2886" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7339.json b/2017/7xxx/CVE-2017-7339.json index 59329001b5a..87ae13678be 100644 --- a/2017/7xxx/CVE-2017-7339.json +++ b/2017/7xxx/CVE-2017-7339.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@fortinet.com", - "ID" : "CVE-2017-7339", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fortinet FortiPortal", - "version" : { - "version_data" : [ - { - "version_value" : "FortiPortal versions 4.0.0 and below" - } - ] - } - } - ] - }, - "vendor_name" : "Fortinet, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Execution of unauthorized code or commands" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@fortinet.com", + "ID": "CVE-2017-7339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiPortal", + "version": { + "version_data": [ + { + "version_value": "FortiPortal versions 4.0.0 and below" + } + ] + } + } + ] + }, + "vendor_name": "Fortinet, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fortiguard.com/psirt/FG-IR-17-114", - "refsource" : "CONFIRM", - "url" : "https://fortiguard.com/psirt/FG-IR-17-114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execution of unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://fortiguard.com/psirt/FG-IR-17-114", + "refsource": "CONFIRM", + "url": "https://fortiguard.com/psirt/FG-IR-17-114" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7709.json b/2017/7xxx/CVE-2017-7709.json index 8d43facbdcb..a09e8daebc0 100644 --- a/2017/7xxx/CVE-2017-7709.json +++ b/2017/7xxx/CVE-2017-7709.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7709", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7709", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8004.json b/2017/8xxx/CVE-2017-8004.json index db23a886856..528e533e4ad 100644 --- a/2017/8xxx/CVE-2017-8004.json +++ b/2017/8xxx/CVE-2017-8004.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-8004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)", - "version" : { - "version_data" : [ - { - "version_value" : "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unrestricted file upload" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-8004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)", + "version": { + "version_data": [ + { + "version_value": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jul/24", - "refsource" : "CONFIRM", - "url" : "http://seclists.org/fulldisclosure/2017/Jul/24" - }, - { - "name" : "99591", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99591" - }, - { - "name" : "1038877", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038877" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) allow an application administrator to upload arbitrary files that may potentially contain a malicious code. The malicious file could be then executed on the affected system with the privileges of the user the application is running under." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unrestricted file upload" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038877", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038877" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Jul/24", + "refsource": "CONFIRM", + "url": "http://seclists.org/fulldisclosure/2017/Jul/24" + }, + { + "name": "99591", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99591" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8621.json b/2017/8xxx/CVE-2017-8621.json index 04f875f9f99..6a4da728abd 100644 --- a/2017/8xxx/CVE-2017-8621.json +++ b/2017/8xxx/CVE-2017-8621.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-07-11T00:00:00", - "ID" : "CVE-2017-8621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5.", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Exchange" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka \"Microsoft Exchange Open Redirect Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Spoofing" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-07-11T00:00:00", + "ID": "CVE-2017-8621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5.", + "version": { + "version_data": [ + { + "version_value": "Microsoft Exchange" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8621", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8621" - }, - { - "name" : "99533", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99533" - }, - { - "name" : "1038852", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038852" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka \"Microsoft Exchange Open Redirect Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8621", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8621" + }, + { + "name": "1038852", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038852" + }, + { + "name": "99533", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99533" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8937.json b/2017/8xxx/CVE-2017-8937.json index 9f7eb18147e..3adbcf4787e 100644 --- a/2017/8xxx/CVE-2017-8937.json +++ b/2017/8xxx/CVE-2017-8937.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10307.json b/2018/10xxx/CVE-2018-10307.json index e109f4e6259..9659fceca74 100644 --- a/2018/10xxx/CVE-2018-10307.json +++ b/2018/10xxx/CVE-2018-10307.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ILIAS-eLearning/ILIAS/commit/ca982e59d0b76c0374c9a7fd1acf2685ca57cf41", - "refsource" : "MISC", - "url" : "https://github.com/ILIAS-eLearning/ILIAS/commit/ca982e59d0b76c0374c9a7fd1acf2685ca57cf41" - }, - { - "name" : "https://www.ilias.de/docu/goto_docu_pg_116799_35.html", - "refsource" : "MISC", - "url" : "https://www.ilias.de/docu/goto_docu_pg_116799_35.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ILIAS-eLearning/ILIAS/commit/ca982e59d0b76c0374c9a7fd1acf2685ca57cf41", + "refsource": "MISC", + "url": "https://github.com/ILIAS-eLearning/ILIAS/commit/ca982e59d0b76c0374c9a7fd1acf2685ca57cf41" + }, + { + "name": "https://www.ilias.de/docu/goto_docu_pg_116799_35.html", + "refsource": "MISC", + "url": "https://www.ilias.de/docu/goto_docu_pg_116799_35.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10881.json b/2018/10xxx/CVE-2018-10881.json index 07ee5efdcef..39f0d622a53 100644 --- a/2018/10xxx/CVE-2018-10881.json +++ b/2018/10xxx/CVE-2018-10881.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-10881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "kernel", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "4.2/CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-787" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "kernel", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" - }, - { - "name" : "http://patchwork.ozlabs.org/patch/929792/", - "refsource" : "CONFIRM", - "url" : "http://patchwork.ozlabs.org/patch/929792/" - }, - { - "name" : "https://bugzilla.kernel.org/show_bug.cgi?id=200015", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.kernel.org/show_bug.cgi?id=200015" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881" - }, - { - "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b", - "refsource" : "CONFIRM", - "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b" - }, - { - "name" : "RHSA-2018:2948", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2948" - }, - { - "name" : "RHSA-2018:3083", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3083" - }, - { - "name" : "RHSA-2018:3096", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3096" - }, - { - "name" : "USN-3752-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3752-1/" - }, - { - "name" : "USN-3752-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3752-2/" - }, - { - "name" : "USN-3753-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3753-1/" - }, - { - "name" : "USN-3753-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3753-2/" - }, - { - "name" : "USN-3754-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3754-1/" - }, - { - "name" : "USN-3752-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3752-3/" - }, - { - "name" : "104901", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104901" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.2/CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3752-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3752-2/" + }, + { + "name": "RHSA-2018:3083", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3083" + }, + { + "name": "USN-3752-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3752-3/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881" + }, + { + "name": "http://patchwork.ozlabs.org/patch/929792/", + "refsource": "CONFIRM", + "url": "http://patchwork.ozlabs.org/patch/929792/" + }, + { + "name": "USN-3753-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3753-2/" + }, + { + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b", + "refsource": "CONFIRM", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b" + }, + { + "name": "104901", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104901" + }, + { + "name": "USN-3754-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3754-1/" + }, + { + "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" + }, + { + "name": "RHSA-2018:2948", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2948" + }, + { + "name": "https://bugzilla.kernel.org/show_bug.cgi?id=200015", + "refsource": "CONFIRM", + "url": "https://bugzilla.kernel.org/show_bug.cgi?id=200015" + }, + { + "name": "USN-3752-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3752-1/" + }, + { + "name": "RHSA-2018:3096", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3096" + }, + { + "name": "USN-3753-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3753-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12244.json b/2018/12xxx/CVE-2018-12244.json index 7eab385fe3f..5ca9762f474 100644 --- a/2018/12xxx/CVE-2018-12244.json +++ b/2018/12xxx/CVE-2018-12244.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12244", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12244", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12253.json b/2018/12xxx/CVE-2018-12253.json index 04f8effa6ab..ed860358563 100644 --- a/2018/12xxx/CVE-2018-12253.json +++ b/2018/12xxx/CVE-2018-12253.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12253", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12253", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12840.json b/2018/12xxx/CVE-2018-12840.json index 8ad870710d3..cf4266864ab 100644 --- a/2018/12xxx/CVE-2018-12840.json +++ b/2018/12xxx/CVE-2018-12840.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html" - }, - { - "name" : "105358", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105358" - }, - { - "name" : "1041702", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041702" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html" + }, + { + "name": "105358", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105358" + }, + { + "name": "1041702", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041702" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13490.json b/2018/13xxx/CVE-2018-13490.json index 97eb39af399..c6a40150171 100644 --- a/2018/13xxx/CVE-2018-13490.json +++ b/2018/13xxx/CVE-2018-13490.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13490", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for FILM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/FILM", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/FILM" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for FILM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/FILM", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/FILM" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13767.json b/2018/13xxx/CVE-2018-13767.json index c131f1a78ca..a5039218f30 100644 --- a/2018/13xxx/CVE-2018-13767.json +++ b/2018/13xxx/CVE-2018-13767.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for Cornerstone, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Cornerstone", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Cornerstone" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for Cornerstone, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Cornerstone", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Cornerstone" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16321.json b/2018/16xxx/CVE-2018-16321.json index 97f95edc434..9651fcae5c9 100644 --- a/2018/16xxx/CVE-2018-16321.json +++ b/2018/16xxx/CVE-2018-16321.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16321", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16321", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17235.json b/2018/17xxx/CVE-2018-17235.json index 2290d90c5f8..a05bdca0594 100644 --- a/2018/17xxx/CVE-2018-17235.json +++ b/2018/17xxx/CVE-2018-17235.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17235", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in libmp4v2 2.1.0 mishandles compatibleBrand while processing a crafted mp4 file, which leads to a heap-based buffer over-read, causing denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1629451", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1629451" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in libmp4v2 2.1.0 mishandles compatibleBrand while processing a crafted mp4 file, which leads to a heap-based buffer over-read, causing denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1629451", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1629451" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17337.json b/2018/17xxx/CVE-2018-17337.json index 6e9de3bdbd3..744c880622d 100644 --- a/2018/17xxx/CVE-2018-17337.json +++ b/2018/17xxx/CVE-2018-17337.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181008 Multiple vulnerabilities in NPLUG wireless repeater", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Oct/18" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181008 Multiple vulnerabilities in NPLUG wireless repeater", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Oct/18" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17691.json b/2018/17xxx/CVE-2018-17691.json index 3e8da4804e9..1c19efdc760 100644 --- a/2018/17xxx/CVE-2018-17691.json +++ b/2018/17xxx/CVE-2018-17691.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PhantomPDF", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7128." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1167/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1167/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7128." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1167/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1167/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17904.json b/2018/17xxx/CVE-2018-17904.json index 06a5db37a0b..e17b1e5add2 100644 --- a/2018/17xxx/CVE-2018-17904.json +++ b/2018/17xxx/CVE-2018-17904.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2018-17904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reliance 4 SCADA/HMI", - "version" : { - "version_data" : [ - { - "version_value" : "Version 4.7.3 Update 3 and prior." - } - ] - } - } - ] - }, - "vendor_name" : "GEOVAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2018-17904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reliance 4 SCADA/HMI", + "version": { + "version_data": [ + { + "version_value": "Version 4.7.3 Update 3 and prior." + } + ] + } + } + ] + }, + "vendor_name": "GEOVAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-298-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-298-01" - }, - { - "name" : "105738", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105738" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Reliance 4 SCADA/HMI, Version 4.7.3 Update 3 and prior. This vulnerability could allow an unauthorized attacker to inject arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105738", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105738" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-298-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-298-01" + } + ] + } +} \ No newline at end of file