diff --git a/2003/1xxx/CVE-2003-1262.json b/2003/1xxx/CVE-2003-1262.json index 53b158491d4..73b5cdcd1d1 100644 --- a/2003/1xxx/CVE-2003-1262.json +++ b/2003/1xxx/CVE-2003-1262.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request via a long (1) host, (2) referer, or (3) userAgent value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030106 [INetCop Security Advisory] Buffer Overflow vulnerability in HTTP Fetcher Library.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/305340" - }, - { - "name" : "20030107 GLSA: http-fetcher", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104195613529429&w=2" - }, - { - "name" : "GLSA-200301-6", - "refsource" : "GENTOO", - "url" : "http://www.linuxsecurity.com/content/view/104480/104/" - }, - { - "name" : "7823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/7823" - }, - { - "name" : "http-fetcher-httpfetch-bo(11000)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11000.php" - }, - { - "name" : "6531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request via a long (1) host, (2) referer, or (3) userAgent value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030107 GLSA: http-fetcher", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104195613529429&w=2" + }, + { + "name": "http-fetcher-httpfetch-bo(11000)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11000.php" + }, + { + "name": "6531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6531" + }, + { + "name": "GLSA-200301-6", + "refsource": "GENTOO", + "url": "http://www.linuxsecurity.com/content/view/104480/104/" + }, + { + "name": "20030106 [INetCop Security Advisory] Buffer Overflow vulnerability in HTTP Fetcher Library.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/305340" + }, + { + "name": "7823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/7823" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0508.json b/2004/0xxx/CVE-2004-0508.json index a6b246350db..859792f1aa2 100644 --- a/2004/0xxx/CVE-2004-0508.json +++ b/2004/0xxx/CVE-2004-0508.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0508", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0508", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0529.json b/2004/0xxx/CVE-2004-0529.json index 88384f04493..ede5e090f38 100644 --- a/2004/0xxx/CVE-2004-0529.json +++ b/2004/0xxx/CVE-2004-0529.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040605 cPanel mod_php suEXEC Taint Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108663003608211&w=2" - }, - { - "name" : "http://bugzilla.cpanel.net/show_bug.cgi?id=668", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.cpanel.net/show_bug.cgi?id=668" - }, - { - "name" : "10478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10478" - }, - { - "name" : "1010411", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010411" - }, - { - "name" : "11798", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11798" - }, - { - "name" : "cpanel-suexec-command-execute(16347)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1010411", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010411" + }, + { + "name": "20040605 cPanel mod_php suEXEC Taint Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108663003608211&w=2" + }, + { + "name": "11798", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11798" + }, + { + "name": "http://bugzilla.cpanel.net/show_bug.cgi?id=668", + "refsource": "CONFIRM", + "url": "http://bugzilla.cpanel.net/show_bug.cgi?id=668" + }, + { + "name": "10478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10478" + }, + { + "name": "cpanel-suexec-command-execute(16347)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16347" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0741.json b/2004/0xxx/CVE-2004-0741.json index 7e540e385a7..9935c984f2e 100644 --- a/2004/0xxx/CVE-2004-0741.json +++ b/2004/0xxx/CVE-2004-0741.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LionMax Software WWW File Share Pro 2.60 allows remote attackers to cause a denial of service (crash or hang) via a long URL, possibly triggering a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040720 dos_in_file_share_2.6", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109035774701051&w=2" - }, - { - "name" : "wwwfilesharepro-http-get-dos(16754)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16754" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LionMax Software WWW File Share Pro 2.60 allows remote attackers to cause a denial of service (crash or hang) via a long URL, possibly triggering a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040720 dos_in_file_share_2.6", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109035774701051&w=2" + }, + { + "name": "wwwfilesharepro-http-get-dos(16754)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16754" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0776.json b/2004/0xxx/CVE-2004-0776.json index a993551a0ac..683b6c3eba6 100644 --- a/2004/0xxx/CVE-2004-0776.json +++ b/2004/0xxx/CVE-2004-0776.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0776", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0776", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1447.json b/2004/1xxx/CVE-2004-1447.json index df0239f1cab..b56eb53548e 100644 --- a/2004/1xxx/CVE-2004-1447.json +++ b/2004/1xxx/CVE-2004-1447.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jetbox One 2.0.8 and possibly other versions stores passwords in the database in plaintext, which could allow attackers to gain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040804 vulnerabilities in JetboxOne CMS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/370852" - }, - { - "name" : "http://echo.or.id/adv/adv03-y3dips-2004.txt", - "refsource" : "MISC", - "url" : "http://echo.or.id/adv/adv03-y3dips-2004.txt" - }, - { - "name" : "VU#586720", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/586720" - }, - { - "name" : "10858", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10858" - }, - { - "name" : "8325", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8325" - }, - { - "name" : "12230", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12230" - }, - { - "name" : "jetbox-one-plaintext-password(16898)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16898" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jetbox One 2.0.8 and possibly other versions stores passwords in the database in plaintext, which could allow attackers to gain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://echo.or.id/adv/adv03-y3dips-2004.txt", + "refsource": "MISC", + "url": "http://echo.or.id/adv/adv03-y3dips-2004.txt" + }, + { + "name": "VU#586720", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/586720" + }, + { + "name": "jetbox-one-plaintext-password(16898)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16898" + }, + { + "name": "8325", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8325" + }, + { + "name": "10858", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10858" + }, + { + "name": "20040804 vulnerabilities in JetboxOne CMS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/370852" + }, + { + "name": "12230", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12230" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1700.json b/2004/1xxx/CVE-2004-1700.json index c41d663d3ba..cc572d378bf 100644 --- a/2004/1xxx/CVE-2004-1700.json +++ b/2004/1xxx/CVE-2004-1700.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in SettingsBase.php in Pinnacle ShowCenter 1.51 build 121 allows remote attackers to inject arbitrary HTML or web script via the Skin parameter, which is echoed in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11415", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11415" - }, - { - "name" : "12613", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12613" - }, - { - "name" : "pinnacle-showcenter-xss(17708)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17708" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in SettingsBase.php in Pinnacle ShowCenter 1.51 build 121 allows remote attackers to inject arbitrary HTML or web script via the Skin parameter, which is echoed in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pinnacle-showcenter-xss(17708)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17708" + }, + { + "name": "11415", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11415" + }, + { + "name": "12613", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12613" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2238.json b/2004/2xxx/CVE-2004-2238.json index 1e421a28ead..96c2d97ef14 100644 --- a/2004/2xxx/CVE-2004-2238.json +++ b/2004/2xxx/CVE-2004-2238.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Format string vulnerability in vsybase.c in vpopmail 5.4.2 and earlier has unknown impact and attack vectors. NOTE: in a followup post, it was observed that the source code used constants that, when compiled, became static format strings. Thus this is not a vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040817 vpopmail <= 5.4.2 (sybase vulnerability)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-08/0226.html" - }, - { - "name" : "20040818 [2Cents on] vpopmail <= 5.4.2 (sybase vulnerability)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-08/0264.html" - }, - { - "name" : "20040819 [Fwd: Re: [vchkpw] vpopmail <= 5.4.2 (sybase vulnerability) (fwd)]", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html" - }, - { - "name" : "10962", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10962" - }, - { - "name" : "9147", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/9147" - }, - { - "name" : "vpopmail-vsybase-format-string(17017)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Format string vulnerability in vsybase.c in vpopmail 5.4.2 and earlier has unknown impact and attack vectors. NOTE: in a followup post, it was observed that the source code used constants that, when compiled, became static format strings. Thus this is not a vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vpopmail-vsybase-format-string(17017)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17017" + }, + { + "name": "20040817 vpopmail <= 5.4.2 (sybase vulnerability)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-08/0226.html" + }, + { + "name": "20040819 [Fwd: Re: [vchkpw] vpopmail <= 5.4.2 (sybase vulnerability) (fwd)]", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html" + }, + { + "name": "20040818 [2Cents on] vpopmail <= 5.4.2 (sybase vulnerability)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-08/0264.html" + }, + { + "name": "9147", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/9147" + }, + { + "name": "10962", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10962" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2545.json b/2004/2xxx/CVE-2004-2545.json index b4127da0c14..fa59815b9ae 100644 --- a/2004/2xxx/CVE-2004-2545.json +++ b/2004/2xxx/CVE-2004-2545.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2545", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (SMTP proxy failure) via unknown attack vendors involving an \"extremely busy network.\" NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts after the failure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2545", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securecomputing.com/pdf/SW61002Rel_Notes_0512.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.securecomputing.com/pdf/SW61002Rel_Notes_0512.pdf" - }, - { - "name" : "6236", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6236" - }, - { - "name" : "11632", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (SMTP proxy failure) via unknown attack vendors involving an \"extremely busy network.\" NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts after the failure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securecomputing.com/pdf/SW61002Rel_Notes_0512.pdf", + "refsource": "CONFIRM", + "url": "http://www.securecomputing.com/pdf/SW61002Rel_Notes_0512.pdf" + }, + { + "name": "6236", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6236" + }, + { + "name": "11632", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11632" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2659.json b/2004/2xxx/CVE-2004-2659.json index 60f4f3bda4b..84674db7546 100644 --- a/2004/2xxx/CVE-2004-2659.json +++ b/2004/2xxx/CVE-2004-2659.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040407 Race conditions in security dialogs", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html" - }, - { - "name" : "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/", - "refsource" : "MISC", - "url" : "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/", + "refsource": "MISC", + "url": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/" + }, + { + "name": "20040407 Race conditions in security dialogs", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2018.json b/2008/2xxx/CVE-2008-2018.json index 4d22465177b..4f1c9b41312 100644 --- a/2008/2xxx/CVE-2008-2018.json +++ b/2008/2xxx/CVE-2008-2018.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a \"{user.password}\" comment in the profile of the admin user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5506", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5506" - }, - { - "name" : "28954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28954" - }, - { - "name" : "phpizabi-templateclass-info-disclosure(42143)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a \"{user.password}\" comment in the profile of the admin user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpizabi-templateclass-info-disclosure(42143)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42143" + }, + { + "name": "28954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28954" + }, + { + "name": "5506", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5506" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2214.json b/2008/2xxx/CVE-2008-2214.json index 7a6bfeb32c6..09e103fd877 100644 --- a/2008/2xxx/CVE-2008-2214.json +++ b/2008/2xxx/CVE-2008-2214.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long community string in an SNMP TRAP packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080430 Critical Vulnerability in SNMPc", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491454/100/0/threaded" - }, - { - "name" : "http://www.ngssoftware.com/advisories/critical-vulnerability-in-snmpc/", - "refsource" : "MISC", - "url" : "http://www.ngssoftware.com/advisories/critical-vulnerability-in-snmpc/" - }, - { - "name" : "28990", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28990" - }, - { - "name" : "ADV-2008-1403", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1403/references" - }, - { - "name" : "1019953", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019953" - }, - { - "name" : "30036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30036" - }, - { - "name" : "3886", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3886" - }, - { - "name" : "snmpc-snmptrap-bo(42104)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long community string in an SNMP TRAP packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3886", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3886" + }, + { + "name": "28990", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28990" + }, + { + "name": "snmpc-snmptrap-bo(42104)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42104" + }, + { + "name": "ADV-2008-1403", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1403/references" + }, + { + "name": "20080430 Critical Vulnerability in SNMPc", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491454/100/0/threaded" + }, + { + "name": "30036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30036" + }, + { + "name": "1019953", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019953" + }, + { + "name": "http://www.ngssoftware.com/advisories/critical-vulnerability-in-snmpc/", + "refsource": "MISC", + "url": "http://www.ngssoftware.com/advisories/critical-vulnerability-in-snmpc/" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2535.json b/2008/2xxx/CVE-2008-2535.json index 0b166395b60..09f73d4d9bc 100644 --- a/2008/2xxx/CVE-2008-2535.json +++ b/2008/2xxx/CVE-2008-2535.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to execute arbitrary SQL commands via the del parameter to (1) gbuch.admin.php, (2) links.admin.php, (3) menue.admin.php, (4) news.admin.php, and (5) todo.admin.php in admin/module/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5578", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5578" - }, - { - "name" : "phoenixview-del-sql-injection(42316)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to execute arbitrary SQL commands via the del parameter to (1) gbuch.admin.php, (2) links.admin.php, (3) menue.admin.php, (4) news.admin.php, and (5) todo.admin.php in admin/module/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5578", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5578" + }, + { + "name": "phoenixview-del-sql-injection(42316)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42316" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2979.json b/2008/2xxx/CVE-2008-2979.json index 9e44f011b04..347f5ee19e4 100644 --- a/2008/2xxx/CVE-2008-2979.json +++ b/2008/2xxx/CVE-2008-2979.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpi/login.php in Ourvideo CMS 9.5 allow remote attackers to inject arbitrary web script or HTML via the (1) top_page and (2) end_page parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5920", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5920" - }, - { - "name" : "29909", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29909" - }, - { - "name" : "3968", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3968" - }, - { - "name" : "ourvideocms-login-xss(43313)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43313" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpi/login.php in Ourvideo CMS 9.5 allow remote attackers to inject arbitrary web script or HTML via the (1) top_page and (2) end_page parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3968", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3968" + }, + { + "name": "ourvideocms-login-xss(43313)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43313" + }, + { + "name": "5920", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5920" + }, + { + "name": "29909", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29909" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6014.json b/2008/6xxx/CVE-2008-6014.json index 585948557a8..6630f2b6f7e 100644 --- a/2008/6xxx/CVE-2008-6014.json +++ b/2008/6xxx/CVE-2008-6014.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in scripts/links.php in Rianxosencabos CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6636", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6636" - }, - { - "name" : "31502", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31502" - }, - { - "name" : "rianxosencabos-id-sql-injection(45552)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in scripts/links.php in Rianxosencabos CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6636", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6636" + }, + { + "name": "rianxosencabos-id-sql-injection(45552)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45552" + }, + { + "name": "31502", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31502" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6376.json b/2008/6xxx/CVE-2008-6376.json index a4157e97b93..4a682217e01 100644 --- a/2008/6xxx/CVE-2008-6376.json +++ b/2008/6xxx/CVE-2008-6376.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6376", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the password (pass parameter)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6376", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0812-exploits/jbook-disclosesql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0812-exploits/jbook-disclosesql.txt" - }, - { - "name" : "32599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32599" - }, - { - "name" : "jbook-unspecified-sql-injection(47033)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the password (pass parameter)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32599" + }, + { + "name": "jbook-unspecified-sql-injection(47033)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47033" + }, + { + "name": "http://packetstormsecurity.org/0812-exploits/jbook-disclosesql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0812-exploits/jbook-disclosesql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6485.json b/2008/6xxx/CVE-2008-6485.json index d72f16a02f7..d7d1a1ff8c2 100644 --- a/2008/6xxx/CVE-2008-6485.json +++ b/2008/6xxx/CVE-2008-6485.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery allows remote attackers to execute arbitrary SQL commands via the ctg parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7026", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7026" - }, - { - "name" : "32182", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32182" - }, - { - "name" : "phpimagegallery-ctg-sql-injection(46436)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46436" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery allows remote attackers to execute arbitrary SQL commands via the ctg parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32182", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32182" + }, + { + "name": "phpimagegallery-ctg-sql-injection(46436)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46436" + }, + { + "name": "7026", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7026" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6584.json b/2008/6xxx/CVE-2008-6584.json index 53c82262201..29139646c34 100644 --- a/2008/6xxx/CVE-2008-6584.json +++ b/2008/6xxx/CVE-2008-6584.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/ user directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080418 BitTorrent Clients and CSRF", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491066/100/0/threaded" - }, - { - "name" : "28846", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28846" - }, - { - "name" : "44645", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/44645" - }, - { - "name" : "29935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29935" - }, - { - "name" : "torrentflux-torrent-code-execution(41925)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41925" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/ user directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44645", + "refsource": "OSVDB", + "url": "http://osvdb.org/44645" + }, + { + "name": "29935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29935" + }, + { + "name": "torrentflux-torrent-code-execution(41925)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41925" + }, + { + "name": "20080418 BitTorrent Clients and CSRF", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491066/100/0/threaded" + }, + { + "name": "28846", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28846" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1236.json b/2012/1xxx/CVE-2012-1236.json index af8174dc31d..208b2dc1ea5 100644 --- a/2012/1xxx/CVE-2012-1236.json +++ b/2012/1xxx/CVE-2012-1236.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Janetter before 3.3.0.0 (aka 3.3.0) allow remote attackers to hijack the authentication of arbitrary users for requests that (1) tweet, (2) upload an image file, or (3) execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-1236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.janetter.net/", - "refsource" : "CONFIRM", - "url" : "http://blog.janetter.net/" - }, - { - "name" : "http://janetter.net/history.html", - "refsource" : "CONFIRM", - "url" : "http://janetter.net/history.html" - }, - { - "name" : "JVN#83459967", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN83459967/index.html" - }, - { - "name" : "JVNDB-2012-000027", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000027" - }, - { - "name" : "48480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48480" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Janetter before 3.3.0.0 (aka 3.3.0) allow remote attackers to hijack the authentication of arbitrary users for requests that (1) tweet, (2) upload an image file, or (3) execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2012-000027", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000027" + }, + { + "name": "http://janetter.net/history.html", + "refsource": "CONFIRM", + "url": "http://janetter.net/history.html" + }, + { + "name": "48480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48480" + }, + { + "name": "JVN#83459967", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN83459967/index.html" + }, + { + "name": "http://blog.janetter.net/", + "refsource": "CONFIRM", + "url": "http://blog.janetter.net/" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1283.json b/2012/1xxx/CVE-2012-1283.json index a470450049f..65310a9d58d 100644 --- a/2012/1xxx/CVE-2012-1283.json +++ b/2012/1xxx/CVE-2012-1283.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1283", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1283", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5334.json b/2012/5xxx/CVE-2012-5334.json index 86e24a5138b..d80bb138968 100644 --- a/2012/5xxx/CVE-2012-5334.json +++ b/2012/5xxx/CVE-2012-5334.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18616", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18616" - }, - { - "name" : "52551", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52551" - }, - { - "name" : "80191", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/80191" - }, - { - "name" : "48443", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48443" - }, - { - "name" : "preprinting-multiple-sql-injection(74122)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74122" - }, - { - "name" : "preprintingpress-multiple-sql-injection(74125)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52551", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52551" + }, + { + "name": "preprintingpress-multiple-sql-injection(74125)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74125" + }, + { + "name": "80191", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/80191" + }, + { + "name": "18616", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18616" + }, + { + "name": "48443", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48443" + }, + { + "name": "preprinting-multiple-sql-injection(74122)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74122" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5616.json b/2012/5xxx/CVE-2012-5616.json index 966b84296fa..5bc35b3fe7a 100644 --- a/2012/5xxx/CVE-2012-5616.json +++ b/2012/5xxx/CVE-2012-5616.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2013/Jan/65" - }, - { - "name" : "[incubator-cloudstack-users] 20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201301.mbox/%3C1BD2169F-BBFE-4E27-B50F-F17D7D08B565@stratosec.co%3E" - }, - { - "name" : "http://support.citrix.com/article/CTX136163", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX136163" - }, - { - "name" : "57225", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57225" - }, - { - "name" : "57259", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57259" - }, - { - "name" : "89070", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/89070" - }, - { - "name" : "89146", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/89146" - }, - { - "name" : "89147", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/89147" - }, - { - "name" : "1027978", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027978" - }, - { - "name" : "51366", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51366" - }, - { - "name" : "51821", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51821" - }, - { - "name" : "51827", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.citrix.com/article/CTX136163", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX136163" + }, + { + "name": "89146", + "refsource": "OSVDB", + "url": "http://osvdb.org/89146" + }, + { + "name": "20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2013/Jan/65" + }, + { + "name": "89147", + "refsource": "OSVDB", + "url": "http://osvdb.org/89147" + }, + { + "name": "57225", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57225" + }, + { + "name": "[incubator-cloudstack-users] 20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201301.mbox/%3C1BD2169F-BBFE-4E27-B50F-F17D7D08B565@stratosec.co%3E" + }, + { + "name": "51821", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51821" + }, + { + "name": "57259", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57259" + }, + { + "name": "89070", + "refsource": "OSVDB", + "url": "http://osvdb.org/89070" + }, + { + "name": "51366", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51366" + }, + { + "name": "51827", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51827" + }, + { + "name": "1027978", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027978" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5722.json b/2012/5xxx/CVE-2012-5722.json index 680cde0e382..032ad7ebd09 100644 --- a/2012/5xxx/CVE-2012-5722.json +++ b/2012/5xxx/CVE-2012-5722.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5722", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5722", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11052.json b/2017/11xxx/CVE-2017-11052.json index e39224250f2..20048a78ae9 100644 --- a/2017/11xxx/CVE-2017-11052.json +++ b/2017/11xxx/CVE-2017-11052.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-10-02T00:00:00", - "ID" : "CVE-2017-11052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_NDP cfg80211 vendor command a buffer over-read can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-10-02T00:00:00", + "ID": "CVE-2017-11052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-10-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-10-01" - }, - { - "name" : "101160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_NDP cfg80211 vendor command a buffer over-read can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-10-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-10-01" + }, + { + "name": "101160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101160" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11266.json b/2017/11xxx/CVE-2017-11266.json index ef76d71296c..20bf7c15c7c 100644 --- a/2017/11xxx/CVE-2017-11266.json +++ b/2017/11xxx/CVE-2017-11266.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11266", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-11266", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11292.json b/2017/11xxx/CVE-2017-11292.json index 999275a2da3..5723ee0d9ee 100644 --- a/2017/11xxx/CVE-2017-11292.json +++ b/2017/11xxx/CVE-2017-11292.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-11292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player version 27.0.0.159 and earlier", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player version 27.0.0.159 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "arbitrary code execution" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-11292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player version 27.0.0.159 and earlier", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player version 27.0.0.159 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html" - }, - { - "name" : "GLSA-201710-22", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-22" - }, - { - "name" : "RHSA-2017:2899", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2899" - }, - { - "name" : "101286", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101286" - }, - { - "name" : "1039582", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039582" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039582", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039582" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html" + }, + { + "name": "GLSA-201710-22", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-22" + }, + { + "name": "101286", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101286" + }, + { + "name": "RHSA-2017:2899", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2899" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11464.json b/2017/11xxx/CVE-2017-11464.json index a6c984fdea8..29a3bfa0515 100644 --- a/2017/11xxx/CVE-2017-11464.json +++ b/2017/11xxx/CVE-2017-11464.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=783835", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=783835" - }, - { - "name" : "https://git.gnome.org/browse/librsvg/commit/?id=ecf9267a24b2c3c0cd211dbdfa9ef2232511972a", - "refsource" : "CONFIRM", - "url" : "https://git.gnome.org/browse/librsvg/commit/?id=ecf9267a24b2c3c0cd211dbdfa9ef2232511972a" - }, - { - "name" : "https://github.com/GNOME/librsvg/commit/ecf9267a24b2c3c0cd211dbdfa9ef2232511972a", - "refsource" : "CONFIRM", - "url" : "https://github.com/GNOME/librsvg/commit/ecf9267a24b2c3c0cd211dbdfa9ef2232511972a" - }, - { - "name" : "99956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=783835", + "refsource": "CONFIRM", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=783835" + }, + { + "name": "https://git.gnome.org/browse/librsvg/commit/?id=ecf9267a24b2c3c0cd211dbdfa9ef2232511972a", + "refsource": "CONFIRM", + "url": "https://git.gnome.org/browse/librsvg/commit/?id=ecf9267a24b2c3c0cd211dbdfa9ef2232511972a" + }, + { + "name": "99956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99956" + }, + { + "name": "https://github.com/GNOME/librsvg/commit/ecf9267a24b2c3c0cd211dbdfa9ef2232511972a", + "refsource": "CONFIRM", + "url": "https://github.com/GNOME/librsvg/commit/ecf9267a24b2c3c0cd211dbdfa9ef2232511972a" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11539.json b/2017/11xxx/CVE-2017-11539.json index 8243536e9e8..92edbd37b6f 100644 --- a/2017/11xxx/CVE-2017-11539.json +++ b/2017/11xxx/CVE-2017-11539.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/582", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/582" - }, - { - "name" : "99936", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99936" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99936", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99936" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/582", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/582" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11652.json b/2017/11xxx/CVE-2017-11652.json index 4220bf03415..b732e4c9b4d 100644 --- a/2017/11xxx/CVE-2017-11652.json +++ b/2017/11xxx/CVE-2017-11652.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/143516/Razer-Synapse-2.20-DLL-Hijacking.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/143516/Razer-Synapse-2.20-DLL-Hijacking.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/143516/Razer-Synapse-2.20-DLL-Hijacking.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/143516/Razer-Synapse-2.20-DLL-Hijacking.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11815.json b/2017/11xxx/CVE-2017-11815.json index ea2cad85d9a..09298176e4d 100644 --- a/2017/11xxx/CVE-2017-11815.json +++ b/2017/11xxx/CVE-2017-11815.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-11815", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Server Block Message (SMB)", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability in the way that it handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-11815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Server Block Message (SMB)", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11815", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11815" - }, - { - "name" : "101136", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101136" - }, - { - "name" : "1039528", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability in the way that it handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039528", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039528" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11815", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11815" + }, + { + "name": "101136", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101136" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15299.json b/2017/15xxx/CVE-2017-15299.json index a65b8f3498f..528e946502e 100644 --- a/2017/15xxx/CVE-2017-15299.json +++ b/2017/15xxx/CVE-2017-15299.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1498016", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1498016" - }, - { - "name" : "https://marc.info/?t=150654188100001&r=1&w=2", - "refsource" : "MISC", - "url" : "https://marc.info/?t=150654188100001&r=1&w=2" - }, - { - "name" : "https://marc.info/?t=150783958600011&r=1&w=2", - "refsource" : "MISC", - "url" : "https://marc.info/?t=150783958600011&r=1&w=2" - }, - { - "name" : "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1499828.html", - "refsource" : "MISC", - "url" : "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1499828.html" - }, - { - "name" : "RHSA-2018:0654", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0654" - }, - { - "name" : "USN-3798-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3798-2/" - }, - { - "name" : "USN-3798-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3798-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1498016", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1498016" + }, + { + "name": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1499828.html", + "refsource": "MISC", + "url": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1499828.html" + }, + { + "name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html" + }, + { + "name": "RHSA-2018:0654", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0654" + }, + { + "name": "https://marc.info/?t=150654188100001&r=1&w=2", + "refsource": "MISC", + "url": "https://marc.info/?t=150654188100001&r=1&w=2" + }, + { + "name": "USN-3798-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3798-1/" + }, + { + "name": "USN-3798-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3798-2/" + }, + { + "name": "https://marc.info/?t=150783958600011&r=1&w=2", + "refsource": "MISC", + "url": "https://marc.info/?t=150783958600011&r=1&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3399.json b/2017/3xxx/CVE-2017-3399.json index 97f5c5808ff..d852ddfee63 100644 --- a/2017/3xxx/CVE-2017-3399.json +++ b/2017/3xxx/CVE-2017-3399.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3399", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advanced Outbound Telephony", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3399", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advanced Outbound Telephony", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95531" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3509.json b/2017/3xxx/CVE-2017-3509.json index 121e57a6668..d81ffaa3623 100644 --- a/2017/3xxx/CVE-2017-3509.json +++ b/2017/3xxx/CVE-2017-3509.json @@ -1,146 +1,146 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 6u141" - }, - { - "version_affected" : "=", - "version_value" : "7u131" - }, - { - "version_affected" : "=", - "version_value" : "8u121; Java SE Embedded: 8u121" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 6u141" + }, + { + "version_affected": "=", + "version_value": "7u131" + }, + { + "version_affected": "=", + "version_value": "8u121; Java SE Embedded: 8u121" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "DSA-3858", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3858" - }, - { - "name" : "GLSA-201705-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-03" - }, - { - "name" : "GLSA-201707-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-01" - }, - { - "name" : "RHSA-2017:3453", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3453" - }, - { - "name" : "RHSA-2017:1108", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1108" - }, - { - "name" : "RHSA-2017:1109", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1109" - }, - { - "name" : "RHSA-2017:1117", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1117" - }, - { - "name" : "RHSA-2017:1118", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1118" - }, - { - "name" : "RHSA-2017:1119", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1119" - }, - { - "name" : "RHSA-2017:1204", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1204" - }, - { - "name" : "RHSA-2017:1220", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1220" - }, - { - "name" : "RHSA-2017:1221", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1221" - }, - { - "name" : "RHSA-2017:1222", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1222" - }, - { - "name" : "97737", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97737" - }, - { - "name" : "1038286", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1221", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1221" + }, + { + "name": "GLSA-201705-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-03" + }, + { + "name": "RHSA-2017:1220", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1220" + }, + { + "name": "RHSA-2017:1117", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1117" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "RHSA-2017:1109", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1109" + }, + { + "name": "1038286", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038286" + }, + { + "name": "DSA-3858", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3858" + }, + { + "name": "RHSA-2017:1108", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1108" + }, + { + "name": "RHSA-2017:1204", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1204" + }, + { + "name": "RHSA-2017:1118", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1118" + }, + { + "name": "GLSA-201707-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-01" + }, + { + "name": "RHSA-2017:1222", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1222" + }, + { + "name": "RHSA-2017:3453", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3453" + }, + { + "name": "97737", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97737" + }, + { + "name": "RHSA-2017:1119", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1119" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3900.json b/2017/3xxx/CVE-2017-3900.json index 20ca21da79d..5d66f892b9c 100644 --- a/2017/3xxx/CVE-2017-3900.json +++ b/2017/3xxx/CVE-2017-3900.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3900", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3900", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3960.json b/2017/3xxx/CVE-2017-3960.json index 28e4eff21c2..63510a0547d 100644 --- a/2017/3xxx/CVE-2017-3960.json +++ b/2017/3xxx/CVE-2017-3960.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@mcafee.com", - "ID" : "CVE-2017-3960", - "STATE" : "PUBLIC", - "TITLE" : "McAfee Network Security Management (NSM) - Exploitation of Authorization vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Network Security Management (NSM)", - "version" : { - "version_data" : [ - { - "affected" : "<", - "platform" : "x86", - "version_name" : "8", - "version_value" : "8.2.7.42.2" - } - ] - } - } - ] - }, - "vendor_name" : "McAfee" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "LOW", - "baseScore" : 5.9, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "HIGH", - "scope" : "CHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Exploitation of Authorization vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", + "ID": "CVE-2017-3960", + "STATE": "PUBLIC", + "TITLE": "McAfee Network Security Management (NSM) - Exploitation of Authorization vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Network Security Management (NSM)", + "version": { + "version_data": [ + { + "affected": "<", + "platform": "x86", + "version_name": "8", + "version_value": "8.2.7.42.2" + } + ] + } + } + ] + }, + "vendor_name": "McAfee" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10192", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10192" - } - ] - }, - "source" : { - "advisory" : "SB10192", - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Exploitation of Authorization vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192" + } + ] + }, + "source": { + "advisory": "SB10192", + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8191.json b/2017/8xxx/CVE-2017-8191.json index 4d1a84ea955..931fbe47ae9 100644 --- a/2017/8xxx/CVE-2017-8191.json +++ b/2017/8xxx/CVE-2017-8191.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FusionSphere OpenStack", - "version" : { - "version_data" : [ - { - "version_value" : "V100R006C00SPC102(NFV)" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "week cryptographic algorithm" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FusionSphere OpenStack", + "version": { + "version_data": [ + { + "version_value": "V100R006C00SPC102(NFV)" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en" - }, - { - "name" : "102282", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "week cryptographic algorithm" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en" + }, + { + "name": "102282", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102282" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8233.json b/2017/8xxx/CVE-2017-8233.json index be9958eadc3..80b56cac9a5 100644 --- a/2017/8xxx/CVE-2017-8233.json +++ b/2017/8xxx/CVE-2017-8233.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-8233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array potentially leading to an out-of-bounds heap write." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Validation of Array Index in Camera" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-8233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-06-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-06-01" - }, - { - "name" : "1038623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array potentially leading to an out-of-bounds heap write." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Validation of Array Index in Camera" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-06-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-06-01" + }, + { + "name": "1038623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038623" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8505.json b/2017/8xxx/CVE-2017-8505.json index 657bf675426..feaceebdd30 100644 --- a/2017/8xxx/CVE-2017-8505.json +++ b/2017/8xxx/CVE-2017-8505.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8505", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8505", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8562.json b/2017/8xxx/CVE-2017-8562.json index c1aad7773ba..689970aebd3 100644 --- a/2017/8xxx/CVE-2017-8562.json +++ b/2017/8xxx/CVE-2017-8562.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-07-11T00:00:00", - "ID" : "CVE-2017-8562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703.", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows improperly handling calls to Advanced Local Procedure Call (ALPC), aka \"Windows ALPC Elevation of Privilege Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-07-11T00:00:00", + "ID": "CVE-2017-8562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703.", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8562", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8562" - }, - { - "name" : "99397", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows improperly handling calls to Advanced Local Procedure Call (ALPC), aka \"Windows ALPC Elevation of Privilege Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99397", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99397" + }, + { + "name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8562", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8562" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8642.json b/2017/8xxx/CVE-2017-8642.json index 7efae2b8d5a..e137c6e846a 100644 --- a/2017/8xxx/CVE-2017-8642.json +++ b/2017/8xxx/CVE-2017-8642.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-8642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 1703." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka \"Microsoft Edge Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-8503." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-8642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 1703." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8642", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8642" - }, - { - "name" : "100046", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100046" - }, - { - "name" : "1039101", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka \"Microsoft Edge Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-8503." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100046", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100046" + }, + { + "name": "1039101", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039101" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8642", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8642" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10075.json b/2018/10xxx/CVE-2018-10075.json index 9820ce94670..e571fcf9cd0 100644 --- a/2018/10xxx/CVE-2018-10075.json +++ b/2018/10xxx/CVE-2018-10075.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.manageengine.com/products/eventlog/release-notes.html", - "refsource" : "CONFIRM", - "url" : "https://www.manageengine.com/products/eventlog/release-notes.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.manageengine.com/products/eventlog/release-notes.html", + "refsource": "CONFIRM", + "url": "https://www.manageengine.com/products/eventlog/release-notes.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12173.json b/2018/12xxx/CVE-2018-12173.json index a5e5676a21a..a7440547820 100644 --- a/2018/12xxx/CVE-2018-12173.json +++ b/2018/12xxx/CVE-2018-12173.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2018-10-09T00:00:00", - "ID" : "CVE-2018-12173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel Server Boards Firmware", - "version" : { - "version_data" : [ - { - "version_value" : "before 00.01.0014" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privilege, Denial of Service, Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2018-10-09T00:00:00", + "ID": "CVE-2018-12173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel Server Boards Firmware", + "version": { + "version_data": [ + { + "version_value": "before 00.01.0014" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00179.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00179.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege, Denial of Service, Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00179.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00179.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12353.json b/2018/12xxx/CVE-2018-12353.json index 72fc4c6de63..3ddb07c72ab 100644 --- a/2018/12xxx/CVE-2018-12353.json +++ b/2018/12xxx/CVE-2018-12353.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the \"Business Model's Catalogue\" catalogue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/stolabs/security-issue-on-knowage-spagobi-ec539a68e55", - "refsource" : "MISC", - "url" : "https://medium.com/stolabs/security-issue-on-knowage-spagobi-ec539a68e55" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the \"Business Model's Catalogue\" catalogue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/stolabs/security-issue-on-knowage-spagobi-ec539a68e55", + "refsource": "MISC", + "url": "https://medium.com/stolabs/security-issue-on-knowage-spagobi-ec539a68e55" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12435.json b/2018/12xxx/CVE-2018-12435.json index d7c66273758..7b81168216e 100644 --- a/2018/12xxx/CVE-2018-12435.json +++ b/2018/12xxx/CVE-2018-12435.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "refsource" : "MISC", - "url" : "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/" - }, - { - "name" : "https://botan.randombit.net/security.html", - "refsource" : "CONFIRM", - "url" : "https://botan.randombit.net/security.html" - }, - { - "name" : "https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3", - "refsource" : "CONFIRM", - "url" : "https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "refsource": "MISC", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/" + }, + { + "name": "https://botan.randombit.net/security.html", + "refsource": "CONFIRM", + "url": "https://botan.randombit.net/security.html" + }, + { + "name": "https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3", + "refsource": "CONFIRM", + "url": "https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12501.json b/2018/12xxx/CVE-2018-12501.json index 9d2aaab4c25..7630a837a07 100644 --- a/2018/12xxx/CVE-2018-12501.json +++ b/2018/12xxx/CVE-2018-12501.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12501", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12501", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.nagios.com/downloads/nagios-fusion/change-log/", - "refsource" : "CONFIRM", - "url" : "https://www.nagios.com/downloads/nagios-fusion/change-log/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.nagios.com/downloads/nagios-fusion/change-log/", + "refsource": "CONFIRM", + "url": "https://www.nagios.com/downloads/nagios-fusion/change-log/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12920.json b/2018/12xxx/CVE-2018-12920.json index 38401a5551e..cddbb947c4b 100644 --- a/2018/12xxx/CVE-2018-12920.json +++ b/2018/12xxx/CVE-2018-12920.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basic.html#datadelivery URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.seebug.org/vuldb/ssvid-97370", - "refsource" : "MISC", - "url" : "https://www.seebug.org/vuldb/ssvid-97370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basic.html#datadelivery URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.seebug.org/vuldb/ssvid-97370", + "refsource": "MISC", + "url": "https://www.seebug.org/vuldb/ssvid-97370" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13110.json b/2018/13xxx/CVE-2018-13110.json index 3a16ad0bec0..dc3d7b590c3 100644 --- a/2018/13xxx/CVE-2018-13110.json +++ b/2018/13xxx/CVE-2018-13110.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180704 SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/542118/100/0/threaded" - }, - { - "name" : "44984", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44984/" - }, - { - "name" : "20180704 SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jul/19" - }, - { - "name" : "http://packetstormsecurity.com/files/148430/ADB-Group-Manipulation-Privilege-Escalation.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148430/ADB-Group-Manipulation-Privilege-Escalation.html" - }, - { - "name" : "https://www.sec-consult.com/en/blog/advisories/privilege-escalation-via-linux-group-manipulation-in-all-adb-broadband-gateways-routers/", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/en/blog/advisories/privilege-escalation-via-linux-group-manipulation-in-all-adb-broadband-gateways-routers/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.sec-consult.com/en/blog/advisories/privilege-escalation-via-linux-group-manipulation-in-all-adb-broadband-gateways-routers/", + "refsource": "MISC", + "url": "https://www.sec-consult.com/en/blog/advisories/privilege-escalation-via-linux-group-manipulation-in-all-adb-broadband-gateways-routers/" + }, + { + "name": "20180704 SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/542118/100/0/threaded" + }, + { + "name": "44984", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44984/" + }, + { + "name": "http://packetstormsecurity.com/files/148430/ADB-Group-Manipulation-Privilege-Escalation.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148430/ADB-Group-Manipulation-Privilege-Escalation.html" + }, + { + "name": "20180704 SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jul/19" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13141.json b/2018/13xxx/CVE-2018-13141.json index 7fb3ebc5485..e1051175e4a 100644 --- a/2018/13xxx/CVE-2018-13141.json +++ b/2018/13xxx/CVE-2018-13141.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13141", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13141", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13170.json b/2018/13xxx/CVE-2018-13170.json index 711e1b2860c..cce9f39781a 100644 --- a/2018/13xxx/CVE-2018-13170.json +++ b/2018/13xxx/CVE-2018-13170.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for Snoqualmie Coin (SNOW), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SnoqualmieCoin", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SnoqualmieCoin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for Snoqualmie Coin (SNOW), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SnoqualmieCoin", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SnoqualmieCoin" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13211.json b/2018/13xxx/CVE-2018-13211.json index 1f656ffd3bf..2f11c939f05 100644 --- a/2018/13xxx/CVE-2018-13211.json +++ b/2018/13xxx/CVE-2018-13211.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sell function of a smart contract implementation for MyToken, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sell function of a smart contract implementation for MyToken, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyToken" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13910.json b/2018/13xxx/CVE-2018-13910.json index 89340157e5e..6f8ab01f51c 100644 --- a/2018/13xxx/CVE-2018-13910.json +++ b/2018/13xxx/CVE-2018-13910.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13910", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13910", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13979.json b/2018/13xxx/CVE-2018-13979.json index 4fe03155702..9f54f7d1479 100644 --- a/2018/13xxx/CVE-2018-13979.json +++ b/2018/13xxx/CVE-2018-13979.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13979", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13979", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13986.json b/2018/13xxx/CVE-2018-13986.json index 8917971a345..2cb6fedaa4e 100644 --- a/2018/13xxx/CVE-2018-13986.json +++ b/2018/13xxx/CVE-2018-13986.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13986", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13986", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16149.json b/2018/16xxx/CVE-2018-16149.json index 63d68f90461..8c67667e9cb 100644 --- a/2018/16xxx/CVE-2018-16149.json +++ b/2018/16xxx/CVE-2018-16149.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Consequently, when small public exponents are being used, a remote attacker can generate purposefully crafted signatures (and put them on X.509 certificates) to induce illegal memory access and crash the verifier." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[axtls-general] 20181105 Re: Problems of PKCS#1 v1.5 RSA Signature Verification", - "refsource" : "MLIST", - "url" : "https://sourceforge.net/p/axtls/mailman/message/36459928/" - }, - { - "name" : "https://github.com/igrr/axtls-8266/commit/5efe2947ab45e81d84b5f707c51d1c64be52f36c", - "refsource" : "CONFIRM", - "url" : "https://github.com/igrr/axtls-8266/commit/5efe2947ab45e81d84b5f707c51d1c64be52f36c" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Consequently, when small public exponents are being used, a remote attacker can generate purposefully crafted signatures (and put them on X.509 certificates) to induce illegal memory access and crash the verifier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/igrr/axtls-8266/commit/5efe2947ab45e81d84b5f707c51d1c64be52f36c", + "refsource": "CONFIRM", + "url": "https://github.com/igrr/axtls-8266/commit/5efe2947ab45e81d84b5f707c51d1c64be52f36c" + }, + { + "name": "[axtls-general] 20181105 Re: Problems of PKCS#1 v1.5 RSA Signature Verification", + "refsource": "MLIST", + "url": "https://sourceforge.net/p/axtls/mailman/message/36459928/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16793.json b/2018/16xxx/CVE-2018-16793.json index d3ef889501a..67f6a71775e 100644 --- a/2018/16xxx/CVE-2018-16793.json +++ b/2018/16xxx/CVE-2018-16793.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180917 Disclose SSRF Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "https://seclists.org/bugtraq/2018/Sep/38" - }, - { - "name" : "20180917 Disclose SSRF Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Sep/20" - }, - { - "name" : "http://packetstormsecurity.com/files/149411/Rollup-18-For-Microsoft-Exchange-Server-2010-SP3-Server-Side-Request-Forgery.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149411/Rollup-18-For-Microsoft-Exchange-Server-2010-SP3-Server-Side-Request-Forgery.html" - }, - { - "name" : "105386", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105386" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/149411/Rollup-18-For-Microsoft-Exchange-Server-2010-SP3-Server-Side-Request-Forgery.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149411/Rollup-18-For-Microsoft-Exchange-Server-2010-SP3-Server-Side-Request-Forgery.html" + }, + { + "name": "20180917 Disclose SSRF Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Sep/20" + }, + { + "name": "105386", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105386" + }, + { + "name": "20180917 Disclose SSRF Vulnerability", + "refsource": "BUGTRAQ", + "url": "https://seclists.org/bugtraq/2018/Sep/38" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16897.json b/2018/16xxx/CVE-2018-16897.json index 7a9f9d8f392..ea68106360c 100644 --- a/2018/16xxx/CVE-2018-16897.json +++ b/2018/16xxx/CVE-2018-16897.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16897", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16897", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16917.json b/2018/16xxx/CVE-2018-16917.json index 8e52ec7debf..e300c9b2e1e 100644 --- a/2018/16xxx/CVE-2018-16917.json +++ b/2018/16xxx/CVE-2018-16917.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16917", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16917", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17080.json b/2018/17xxx/CVE-2018-17080.json index 4e8d415b32f..651af42db5d 100644 --- a/2018/17xxx/CVE-2018-17080.json +++ b/2018/17xxx/CVE-2018-17080.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17080", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17080", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17168.json b/2018/17xxx/CVE-2018-17168.json index 0b5fd5d2b1e..9e0f6e966c2 100644 --- a/2018/17xxx/CVE-2018-17168.json +++ b/2018/17xxx/CVE-2018-17168.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17168", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17168", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17470.json b/2018/17xxx/CVE-2018-17470.json index f3738164456..da5d985d37a 100644 --- a/2018/17xxx/CVE-2018-17470.json +++ b/2018/17xxx/CVE-2018-17470.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-17470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "70.0.3538.67" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-17470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "70.0.3538.67" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/877874", - "refsource" : "MISC", - "url" : "https://crbug.com/877874" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4330", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4330" - }, - { - "name" : "GLSA-201811-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-10" - }, - { - "name" : "RHSA-2018:3004", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3004" - }, - { - "name" : "105666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105666" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4330", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4330" + }, + { + "name": "RHSA-2018:3004", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3004" + }, + { + "name": "GLSA-201811-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-10" + }, + { + "name": "https://crbug.com/877874", + "refsource": "MISC", + "url": "https://crbug.com/877874" + }, + { + "name": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" + }, + { + "name": "105666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105666" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17620.json b/2018/17xxx/CVE-2018-17620.json index 5a758898a3d..6f1a60a111f 100644 --- a/2018/17xxx/CVE-2018-17620.json +++ b/2018/17xxx/CVE-2018-17620.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.5096" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6353." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.5096" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-1101", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-1101" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6353." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-1101", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-1101" + } + ] + } +} \ No newline at end of file