From 964f8d53c5f123271fe6d8f38aa980e4ede9936e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:36:30 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2003/0xxx/CVE-2003-0961.json | 360 ++++++++++++++++----------------- 2003/1xxx/CVE-2003-1202.json | 160 +++++++-------- 2003/1xxx/CVE-2003-1302.json | 130 ++++++------ 2003/1xxx/CVE-2003-1480.json | 140 ++++++------- 2004/0xxx/CVE-2004-0011.json | 150 +++++++------- 2004/0xxx/CVE-2004-0100.json | 34 ++-- 2004/0xxx/CVE-2004-0221.json | 180 ++++++++--------- 2004/0xxx/CVE-2004-0976.json | 220 ++++++++++---------- 2004/1xxx/CVE-2004-1900.json | 180 ++++++++--------- 2004/2xxx/CVE-2004-2165.json | 180 ++++++++--------- 2004/2xxx/CVE-2004-2749.json | 170 ++++++++-------- 2008/2xxx/CVE-2008-2602.json | 190 ++++++++--------- 2008/2xxx/CVE-2008-2683.json | 190 ++++++++--------- 2008/2xxx/CVE-2008-2961.json | 140 ++++++------- 2008/2xxx/CVE-2008-2981.json | 130 ++++++------ 2008/6xxx/CVE-2008-6034.json | 140 ++++++------- 2008/6xxx/CVE-2008-6364.json | 160 +++++++-------- 2008/6xxx/CVE-2008-6436.json | 170 ++++++++-------- 2008/6xxx/CVE-2008-6442.json | 140 ++++++------- 2012/1xxx/CVE-2012-1874.json | 140 ++++++------- 2012/5xxx/CVE-2012-5351.json | 130 ++++++------ 2012/5xxx/CVE-2012-5859.json | 150 +++++++------- 2012/5xxx/CVE-2012-5904.json | 160 +++++++-------- 2012/5xxx/CVE-2012-5917.json | 150 +++++++------- 2017/11xxx/CVE-2017-11158.json | 122 +++++------ 2017/11xxx/CVE-2017-11218.json | 160 +++++++-------- 2017/11xxx/CVE-2017-11779.json | 142 ++++++------- 2017/11xxx/CVE-2017-11817.json | 142 ++++++------- 2017/11xxx/CVE-2017-11888.json | 142 ++++++------- 2017/15xxx/CVE-2017-15815.json | 140 ++++++------- 2017/15xxx/CVE-2017-15896.json | 140 ++++++------- 2017/15xxx/CVE-2017-15956.json | 120 +++++------ 2017/3xxx/CVE-2017-3033.json | 140 ++++++------- 2017/3xxx/CVE-2017-3625.json | 174 ++++++++-------- 2017/3xxx/CVE-2017-3666.json | 34 ++-- 2017/3xxx/CVE-2017-3965.json | 168 +++++++-------- 2017/8xxx/CVE-2017-8375.json | 34 ++-- 2017/8xxx/CVE-2017-8391.json | 140 ++++++------- 2017/8xxx/CVE-2017-8398.json | 130 ++++++------ 2017/8xxx/CVE-2017-8914.json | 140 ++++++------- 2018/10xxx/CVE-2018-10367.json | 120 +++++------ 2018/10xxx/CVE-2018-10399.json | 34 ++-- 2018/10xxx/CVE-2018-10674.json | 34 ++-- 2018/12xxx/CVE-2018-12331.json | 120 +++++------ 2018/12xxx/CVE-2018-12401.json | 162 +++++++-------- 2018/12xxx/CVE-2018-12584.json | 170 ++++++++-------- 2018/12xxx/CVE-2018-12684.json | 130 ++++++------ 2018/12xxx/CVE-2018-12701.json | 34 ++-- 2018/12xxx/CVE-2018-12710.json | 130 ++++++------ 2018/12xxx/CVE-2018-12945.json | 34 ++-- 2018/13xxx/CVE-2018-13171.json | 130 ++++++------ 2018/13xxx/CVE-2018-13238.json | 34 ++-- 2018/13xxx/CVE-2018-13488.json | 130 ++++++------ 2018/13xxx/CVE-2018-13972.json | 34 ++-- 2018/16xxx/CVE-2018-16727.json | 120 +++++------ 2018/17xxx/CVE-2018-17052.json | 34 ++-- 2018/17xxx/CVE-2018-17138.json | 120 +++++------ 2018/17xxx/CVE-2018-17426.json | 120 +++++------ 2018/17xxx/CVE-2018-17477.json | 172 ++++++++-------- 2018/17xxx/CVE-2018-17726.json | 34 ++-- 2018/17xxx/CVE-2018-17981.json | 34 ++-- 61 files changed, 3946 insertions(+), 3946 deletions(-) diff --git a/2003/0xxx/CVE-2003-0961.json b/2003/0xxx/CVE-2003-0961.json index 5aca50f59bd..d198c5556f4 100644 --- a/2003/0xxx/CVE-2003-0961.json +++ b/2003/0xxx/CVE-2003-0961.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031204 [iSEC] Linux kernel do_brk() vulnerability details", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107064798706473&w=2" - }, - { - "name" : "http://isec.pl/papers/linux_kernel_do_brk.pdf", - "refsource" : "MISC", - "url" : "http://isec.pl/papers/linux_kernel_do_brk.pdf" - }, - { - "name" : "RHSA-2003:368", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-368.html" - }, - { - "name" : "RHSA-2003:389", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-389.html" - }, - { - "name" : "DSA-403", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-403" - }, - { - "name" : "DSA-417", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-417" - }, - { - "name" : "DSA-423", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-423" - }, - { - "name" : "DSA-433", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-433" - }, - { - "name" : "DSA-439", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-439" - }, - { - "name" : "DSA-440", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-440" - }, - { - "name" : "DSA-442", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-442" - }, - { - "name" : "DSA-450", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-450" - }, - { - "name" : "DSA-470", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-470" - }, - { - "name" : "DSA-475", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-475" - }, - { - "name" : "MDKSA-2003:110", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:110" - }, - { - "name" : "CLA-2003:796", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000796" - }, - { - "name" : "SuSE-SA:2003:049", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2003_049_kernel.html" - }, - { - "name" : "20031204 Hot fix for do_brk bug", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107064830206816&w=2" - }, - { - "name" : "20040112 SmoothWall Project Security Advisory SWP-2004:001", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107394143105081&w=2" - }, - { - "name" : "VU#301156", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/301156" - }, - { - "name" : "10328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10328" - }, - { - "name" : "10329", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10329" - }, - { - "name" : "10330", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10330" - }, - { - "name" : "10333", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10333" - }, - { - "name" : "10338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10338" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031204 Hot fix for do_brk bug", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107064830206816&w=2" + }, + { + "name": "10330", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10330" + }, + { + "name": "DSA-433", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-433" + }, + { + "name": "DSA-423", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-423" + }, + { + "name": "VU#301156", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/301156" + }, + { + "name": "SuSE-SA:2003:049", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2003_049_kernel.html" + }, + { + "name": "DSA-450", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-450" + }, + { + "name": "RHSA-2003:389", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-389.html" + }, + { + "name": "DSA-440", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-440" + }, + { + "name": "MDKSA-2003:110", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:110" + }, + { + "name": "20040112 SmoothWall Project Security Advisory SWP-2004:001", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107394143105081&w=2" + }, + { + "name": "CLA-2003:796", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000796" + }, + { + "name": "RHSA-2003:368", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-368.html" + }, + { + "name": "10328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10328" + }, + { + "name": "10329", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10329" + }, + { + "name": "DSA-439", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-439" + }, + { + "name": "DSA-475", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-475" + }, + { + "name": "10338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10338" + }, + { + "name": "10333", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10333" + }, + { + "name": "20031204 [iSEC] Linux kernel do_brk() vulnerability details", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107064798706473&w=2" + }, + { + "name": "DSA-417", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-417" + }, + { + "name": "DSA-403", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-403" + }, + { + "name": "http://isec.pl/papers/linux_kernel_do_brk.pdf", + "refsource": "MISC", + "url": "http://isec.pl/papers/linux_kernel_do_brk.pdf" + }, + { + "name": "DSA-442", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-442" + }, + { + "name": "DSA-470", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-470" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1202.json b/2003/1xxx/CVE-2003-1202.json index 9df8b79ecd5..9341f5613e7 100644 --- a/2003/1xxx/CVE-2003-1202.json +++ b/2003/1xxx/CVE-2003-1202.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) password, (2) domainname, or (3) username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030821 Remote Execution of Commands in Omail Webmail 0.98.4 and earlier", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106132514828641&w=2" - }, - { - "name" : "20030821 Re: Remote Execution of Commands in Omail Webmail 0.98.4 and earlier", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106149679129042&w=2" - }, - { - "name" : "8451", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8451" - }, - { - "name" : "9585", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9585" - }, - { - "name" : "omailwebmail-checklogin-code-execution(12948)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12948" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) password, (2) domainname, or (3) username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030821 Re: Remote Execution of Commands in Omail Webmail 0.98.4 and earlier", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106149679129042&w=2" + }, + { + "name": "20030821 Remote Execution of Commands in Omail Webmail 0.98.4 and earlier", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106132514828641&w=2" + }, + { + "name": "9585", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9585" + }, + { + "name": "omailwebmail-checklogin-code-execution(12948)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12948" + }, + { + "name": "8451", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8451" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1302.json b/2003/1xxx/CVE-2003-1302.json index fc90a6d57f9..4d8a6d47ee7 100644 --- a/2003/1xxx/CVE-2003-1302.json +++ b/2003/1xxx/CVE-2003-1302.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of \"\\\" (backslash) characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2003-1302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040" - }, - { - "name" : "http://bugs.php.net/bug.php?id=22048", - "refsource" : "CONFIRM", - "url" : "http://bugs.php.net/bug.php?id=22048" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of \"\\\" (backslash) characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.php.net/bug.php?id=22048", + "refsource": "CONFIRM", + "url": "http://bugs.php.net/bug.php?id=22048" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1480.json b/2003/1xxx/CVE-2003-1480.json index 5b577a6bec3..41b4bad23ad 100644 --- a/2003/1xxx/CVE-2003-1480.json +++ b/2003/1xxx/CVE-2003-1480.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/tools/5WP031FA0U.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/tools/5WP031FA0U.html" - }, - { - "name" : "7500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7500" - }, - { - "name" : "8753", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8753" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8753", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8753" + }, + { + "name": "http://www.securiteam.com/tools/5WP031FA0U.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/tools/5WP031FA0U.html" + }, + { + "name": "7500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7500" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0011.json b/2004/0xxx/CVE-2004-0011.json index 1e86205d681..861ebbc0335 100644 --- a/2004/0xxx/CVE-2004-0011.json +++ b/2004/0xxx/CVE-2004-0011.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in fsp before 2.81.b18 allows remote users to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-416", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-416" - }, - { - "name" : "O-048", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-048.shtml" - }, - { - "name" : "9377", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9377" - }, - { - "name" : "fsp-boundry-error-bo(14155)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14155" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in fsp before 2.81.b18 allows remote users to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9377", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9377" + }, + { + "name": "O-048", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-048.shtml" + }, + { + "name": "fsp-boundry-error-bo(14155)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14155" + }, + { + "name": "DSA-416", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-416" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0100.json b/2004/0xxx/CVE-2004-0100.json index 140bfadcfee..f3efb2d0dd2 100644 --- a/2004/0xxx/CVE-2004-0100.json +++ b/2004/0xxx/CVE-2004-0100.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0100", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0100", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0221.json b/2004/0xxx/CVE-2004-0221.json index 4b78103c7cd..3dfedceec0e 100644 --- a/2004/0xxx/CVE-2004-0221.json +++ b/2004/0xxx/CVE-2004-0221.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a delete payload containing a large number of SPIs, which triggers an out-of-bounds read error, as demonstrated by the Striker ISAKMP Protocol Test Suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040323 R7-0018: OpenBSD isakmpd payload handling denial-of-service vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108008530028019&w=2" - }, - { - "name" : "http://www.rapid7.com/advisories/R7-0018.html", - "refsource" : "MISC", - "url" : "http://www.rapid7.com/advisories/R7-0018.html" - }, - { - "name" : "20040317 015: RELIABILITY FIX: March 17, 2004", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata.html" - }, - { - "name" : "VU#524497", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/524497" - }, - { - "name" : "9907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9907" - }, - { - "name" : "1009468", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2004/Mar/1009468.html" - }, - { - "name" : "openbsd-isakmp-delete-dos(15630)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a delete payload containing a large number of SPIs, which triggers an out-of-bounds read error, as demonstrated by the Striker ISAKMP Protocol Test Suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1009468", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2004/Mar/1009468.html" + }, + { + "name": "9907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9907" + }, + { + "name": "20040317 015: RELIABILITY FIX: March 17, 2004", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata.html" + }, + { + "name": "20040323 R7-0018: OpenBSD isakmpd payload handling denial-of-service vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108008530028019&w=2" + }, + { + "name": "VU#524497", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/524497" + }, + { + "name": "openbsd-isakmp-delete-dos(15630)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15630" + }, + { + "name": "http://www.rapid7.com/advisories/R7-0018.html", + "refsource": "MISC", + "url": "http://www.rapid7.com/advisories/R7-0018.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0976.json b/2004/0xxx/CVE-2004-0976.json index 7e00fa2c1bf..2d2d87e11c3 100644 --- a/2004/0xxx/CVE-2004-0976.json +++ b/2004/0xxx/CVE-2004-0976.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-620", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-620" - }, - { - "name" : "FLSA-2006:152845", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/updates/FEDORA--.shtml" - }, - { - "name" : "MDKSA-2005:031", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:031" - }, - { - "name" : "RHSA-2005:881", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-881.html" - }, - { - "name" : "2004-0050", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2004/0050" - }, - { - "name" : "OpenPKG-SA-2005.001", - "refsource" : "OPENPKG", - "url" : "http://marc.info/?l=bugtraq&m=110547693019788&w=2" - }, - { - "name" : "11294", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11294" - }, - { - "name" : "oval:org.mitre.oval:def:9752", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9752" - }, - { - "name" : "18075", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18075" - }, - { - "name" : "17661", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17661" - }, - { - "name" : "script-temporary-file-overwrite(17583)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:881", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-881.html" + }, + { + "name": "script-temporary-file-overwrite(17583)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583" + }, + { + "name": "18075", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18075" + }, + { + "name": "2004-0050", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2004/0050" + }, + { + "name": "oval:org.mitre.oval:def:9752", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9752" + }, + { + "name": "DSA-620", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-620" + }, + { + "name": "FLSA-2006:152845", + "refsource": "FEDORA", + "url": "http://fedoranews.org/updates/FEDORA--.shtml" + }, + { + "name": "OpenPKG-SA-2005.001", + "refsource": "OPENPKG", + "url": "http://marc.info/?l=bugtraq&m=110547693019788&w=2" + }, + { + "name": "MDKSA-2005:031", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:031" + }, + { + "name": "17661", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17661" + }, + { + "name": "11294", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11294" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1900.json b/2004/1xxx/CVE-2004-1900.json index bef4d137c5b..d11b1d1b2ce 100644 --- a/2004/1xxx/CVE-2004-1900.json +++ b/2004/1xxx/CVE-2004-1900.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the logging function in IGI 2 Covert Strike server 1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in RCON commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040405 Format string bug in IGI 2: Covert Strike 1.3", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108120385811815&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/igi2fs-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/igi2fs-adv.txt" - }, - { - "name" : "10053", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10053" - }, - { - "name" : "4966", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4966" - }, - { - "name" : "1009667", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009667" - }, - { - "name" : "11299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11299" - }, - { - "name" : "igi2covertstrike-rcon-format-string(15742)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15742" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the logging function in IGI 2 Covert Strike server 1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in RCON commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11299" + }, + { + "name": "4966", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4966" + }, + { + "name": "1009667", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009667" + }, + { + "name": "igi2covertstrike-rcon-format-string(15742)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15742" + }, + { + "name": "10053", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10053" + }, + { + "name": "20040405 Format string bug in IGI 2: Covert Strike 1.3", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108120385811815&w=2" + }, + { + "name": "http://aluigi.altervista.org/adv/igi2fs-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/igi2fs-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2165.json b/2004/2xxx/CVE-2004-2165.json index a092101bc51..9087366a627 100644 --- a/2004/2xxx/CVE-2004-2165.json +++ b/2004/2xxx/CVE-2004-2165.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lords of the Realm III 1.01 and earlier, when in the lobby stage, allows remote attackers to cause a denial of service (crash from unallocated memory write) via a long user nickname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040914 Crash in Lords of the Realm III 1.01", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/lists/fulldisclosure/2004/Sep/0660.html" - }, - { - "name" : "http://aluigi.altervista.org/adv/lotr3boom-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/lotr3boom-adv.txt" - }, - { - "name" : "11223", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11223" - }, - { - "name" : "10078", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10078" - }, - { - "name" : "1011361", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011361" - }, - { - "name" : "12589", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12589/" - }, - { - "name" : "lordsoftherealm-username-dos(17438)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17438" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lords of the Realm III 1.01 and earlier, when in the lobby stage, allows remote attackers to cause a denial of service (crash from unallocated memory write) via a long user nickname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/lotr3boom-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/lotr3boom-adv.txt" + }, + { + "name": "12589", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12589/" + }, + { + "name": "10078", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10078" + }, + { + "name": "11223", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11223" + }, + { + "name": "lordsoftherealm-username-dos(17438)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17438" + }, + { + "name": "20040914 Crash in Lords of the Realm III 1.01", + "refsource": "FULLDISC", + "url": "http://seclists.org/lists/fulldisclosure/2004/Sep/0660.html" + }, + { + "name": "1011361", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011361" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2749.json b/2004/2xxx/CVE-2004-2749.json index 81105e123b7..11ea2ef2069 100644 --- a/2004/2xxx/CVE-2004-2749.json +++ b/2004/2xxx/CVE-2004-2749.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a .. (dot dot) in the return parameter. NOTE: this issue was reported as XSS, but this might be a terminology error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040120 2Wire-Gateway Cross Site Scripting and Directory Transversal bug in SSL Form", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-01/0179.html" - }, - { - "name" : "9463", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9463" - }, - { - "name" : "3683", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3683" - }, - { - "name" : "1008798", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008798" - }, - { - "name" : "10666", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10666" - }, - { - "name" : "homeportal-wralogin-directory-traversal(14894)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a .. (dot dot) in the return parameter. NOTE: this issue was reported as XSS, but this might be a terminology error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "homeportal-wralogin-directory-traversal(14894)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14894" + }, + { + "name": "10666", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10666" + }, + { + "name": "9463", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9463" + }, + { + "name": "3683", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3683" + }, + { + "name": "1008798", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008798" + }, + { + "name": "20040120 2Wire-Gateway Cross Site Scripting and Directory Transversal bug in SSL Form", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-01/0179.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2602.json b/2008/2xxx/CVE-2008-2602.json index bb00b5d2772..26dcb9191d6 100644 --- a/2008/2xxx/CVE-2008-2602.json +++ b/2008/2xxx/CVE-2008-2602.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to the IMP_FULL_DATABASE role." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "ADV-2008-2115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2115" - }, - { - "name" : "ADV-2008-2109", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2109/references" - }, - { - "name" : "1020499", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020499" - }, - { - "name" : "31113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31113" - }, - { - "name" : "31087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to the IMP_FULL_DATABASE role." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" + }, + { + "name": "ADV-2008-2115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2115" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "ADV-2008-2109", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2109/references" + }, + { + "name": "1020499", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020499" + }, + { + "name": "31087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31087" + }, + { + "name": "31113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31113" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2683.json b/2008/2xxx/CVE-2008-2683.json index 4f08922dafc..fd9b8d3da02 100644 --- a/2008/2xxx/CVE-2008-2683.json +++ b/2008/2xxx/CVE-2008-2683.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2683", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2683", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "17415", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/17415" - }, - { - "name" : "5750", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5750" - }, - { - "name" : "46007", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/46007" - }, - { - "name" : "8276", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8276" - }, - { - "name" : "8277", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8277" - }, - { - "name" : "ADV-2008-1768", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1768/references" - }, - { - "name" : "30548", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30548" - }, - { - "name" : "barcode-bidib-file-overwrite(42891)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42891" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30548", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30548" + }, + { + "name": "17415", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/17415" + }, + { + "name": "5750", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5750" + }, + { + "name": "ADV-2008-1768", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1768/references" + }, + { + "name": "46007", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/46007" + }, + { + "name": "barcode-bidib-file-overwrite(42891)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42891" + }, + { + "name": "8276", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8276" + }, + { + "name": "8277", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8277" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2961.json b/2008/2xxx/CVE-2008-2961.json index 9dd0cda2a5a..7a86442554c 100644 --- a/2008/2xxx/CVE-2008-2961.json +++ b/2008/2xxx/CVE-2008-2961.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in view/index.php in CMS Mini 0.2.2 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) path and (2) p parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5896", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5896" - }, - { - "name" : "29890", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29890" - }, - { - "name" : "cmsmini-index-file-include(43276)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43276" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in view/index.php in CMS Mini 0.2.2 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) path and (2) p parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29890", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29890" + }, + { + "name": "5896", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5896" + }, + { + "name": "cmsmini-index-file-include(43276)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43276" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2981.json b/2008/2xxx/CVE-2008-2981.json index 0e46ccc2657..f31a459b083 100644 --- a/2008/2xxx/CVE-2008-2981.json +++ b/2008/2xxx/CVE-2008-2981.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in admin/templates/template_thumbnail.php in HomePH Design 2.10 RC2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the thumb_template parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5903", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5903" - }, - { - "name" : "homephdesign-templatethumbnail-file-include(43256)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in admin/templates/template_thumbnail.php in HomePH Design 2.10 RC2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the thumb_template parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "homephdesign-templatethumbnail-file-include(43256)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43256" + }, + { + "name": "5903", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5903" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6034.json b/2008/6xxx/CVE-2008-6034.json index 3722cfb332b..1a581ff6293 100644 --- a/2008/6xxx/CVE-2008-6034.json +++ b/2008/6xxx/CVE-2008-6034.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "31325", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31325" - }, - { - "name" : "31973", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31973" - }, - { - "name" : "achievo-dispatch-xss(45331)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45331" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31325", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31325" + }, + { + "name": "achievo-dispatch-xss(45331)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45331" + }, + { + "name": "31973", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31973" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6364.json b/2008/6xxx/CVE-2008-6364.json index 01c72bdc093..8ab1e770044 100644 --- a/2008/6xxx/CVE-2008-6364.json +++ b/2008/6xxx/CVE-2008-6364.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in logon_process.jsp in Ad Server Solutions Banner Exchange Solution Java allows remote attackers to execute arbitrary SQL commands via the (1) username (uname parameter) and (2) password (pass parameter). NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7425", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7425" - }, - { - "name" : "http://packetstorm.linuxsecurity.com/0812-exploits/bej-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstorm.linuxsecurity.com/0812-exploits/bej-sql.txt" - }, - { - "name" : "32781", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32781" - }, - { - "name" : "33072", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33072" - }, - { - "name" : "bannerexchange-logonlicense-sql-injection(47281)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in logon_process.jsp in Ad Server Solutions Banner Exchange Solution Java allows remote attackers to execute arbitrary SQL commands via the (1) username (uname parameter) and (2) password (pass parameter). NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7425", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7425" + }, + { + "name": "bannerexchange-logonlicense-sql-injection(47281)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47281" + }, + { + "name": "33072", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33072" + }, + { + "name": "32781", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32781" + }, + { + "name": "http://packetstorm.linuxsecurity.com/0812-exploits/bej-sql.txt", + "refsource": "MISC", + "url": "http://packetstorm.linuxsecurity.com/0812-exploits/bej-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6436.json b/2008/6xxx/CVE-2008-6436.json index 6e178dee475..dc789d192ba 100644 --- a/2008/6xxx/CVE-2008-6436.json +++ b/2008/6xxx/CVE-2008-6436.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Web Server in Xerox WorkCentre 7132, 7228, 7235, and 7245 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX08_004.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX08_004.pdf" - }, - { - "name" : "29345", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29345" - }, - { - "name" : "45627", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45627" - }, - { - "name" : "30364", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30364" - }, - { - "name" : "ADV-2008-1628", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1628/references" - }, - { - "name" : "workcentre-unspecified-xss(42595)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42595" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Web Server in Xerox WorkCentre 7132, 7228, 7235, and 7245 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30364", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30364" + }, + { + "name": "workcentre-unspecified-xss(42595)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42595" + }, + { + "name": "45627", + "refsource": "OSVDB", + "url": "http://osvdb.org/45627" + }, + { + "name": "ADV-2008-1628", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1628/references" + }, + { + "name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX08_004.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX08_004.pdf" + }, + { + "name": "29345", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29345" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6442.json b/2008/6xxx/CVE-2008-6442.json index 5188bf2cc52..6fc773e2a58 100644 --- a/2008/6xxx/CVE-2008-6442.json +++ b/2008/6xxx/CVE-2008-6442.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insecure method vulnerability in Sina Inc. DLoader Class ActiveX Control allows remote attackers to overwrite arbitrary files via a URL in the first parameter to the DonwloadAndInstall method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30223.html", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30223.html" - }, - { - "name" : "30223", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30223" - }, - { - "name" : "sinadloader-activex-file-overwrite(43881)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43881" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insecure method vulnerability in Sina Inc. DLoader Class ActiveX Control allows remote attackers to overwrite arbitrary files via a URL in the first parameter to the DonwloadAndInstall method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sinadloader-activex-file-overwrite(43881)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43881" + }, + { + "name": "30223", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30223" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/30223.html", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/30223.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1874.json b/2012/1xxx/CVE-2012-1874.json index dbff924a28d..9a21a051afe 100644 --- a/2012/1xxx/CVE-2012-1874.json +++ b/2012/1xxx/CVE-2012-1874.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka \"Developer Toolbar Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-1874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-037", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037" - }, - { - "name" : "TA12-164A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-164A.html" - }, - { - "name" : "oval:org.mitre.oval:def:15425", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka \"Developer Toolbar Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-164A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html" + }, + { + "name": "MS12-037", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037" + }, + { + "name": "oval:org.mitre.oval:def:15425", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15425" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5351.json b/2012/5xxx/CVE-2012-5351.json index 8d9e46b6517..2996c1434ac 100644 --- a/2012/5xxx/CVE-2012-5351.json +++ b/2012/5xxx/CVE-2012-5351.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a \"Signature exclusion attack,\" a different vulnerability than CVE-2012-4418." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf", - "refsource" : "MISC", - "url" : "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf" - }, - { - "name" : "apache-axis2-saml-sec-bypass(79487)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a \"Signature exclusion attack,\" a different vulnerability than CVE-2012-4418." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf", + "refsource": "MISC", + "url": "http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf" + }, + { + "name": "apache-axis2-saml-sec-bypass(79487)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79487" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5859.json b/2012/5xxx/CVE-2012-5859.json index 1eb5f4e9cd4..0da98ec5e47 100644 --- a/2012/5xxx/CVE-2012-5859.json +++ b/2012/5xxx/CVE-2012-5859.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Samsung Kies Air 2.1.207051 and 2.1.210161 allows remote attackers to cause a denial of service (crash) via a crafted request to www/apps/KiesAir/jws/ssd.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121115 [CVE-2012-5858] [CVE-2012-5859] DoS/Authorization Bypass - Kies Air", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-11/0061.html" - }, - { - "name" : "http://packetstormsecurity.org/files/118154/Kies-Air-Denial-Of-Service-Authorization-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/118154/Kies-Air-Denial-Of-Service-Authorization-Bypass.html" - }, - { - "name" : "56560", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56560" - }, - { - "name" : "kies-air-get-dos(80091)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Samsung Kies Air 2.1.207051 and 2.1.210161 allows remote attackers to cause a denial of service (crash) via a crafted request to www/apps/KiesAir/jws/ssd.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/118154/Kies-Air-Denial-Of-Service-Authorization-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/118154/Kies-Air-Denial-Of-Service-Authorization-Bypass.html" + }, + { + "name": "kies-air-get-dos(80091)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80091" + }, + { + "name": "20121115 [CVE-2012-5858] [CVE-2012-5859] DoS/Authorization Bypass - Kies Air", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0061.html" + }, + { + "name": "56560", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56560" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5904.json b/2012/5xxx/CVE-2012-5904.json index 1fd938669e3..f1e64e58b22 100644 --- a/2012/5xxx/CVE-2012-5904.json +++ b/2012/5xxx/CVE-2012-5904.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary code via a crafted RLE compressed bitmap file such as a DIB, RLE, or BMP image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.irfanview.com/history_old.htm", - "refsource" : "CONFIRM", - "url" : "http://www.irfanview.com/history_old.htm" - }, - { - "name" : "52806", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52806" - }, - { - "name" : "80716", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80716" - }, - { - "name" : "47333", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47333" - }, - { - "name" : "irfanview-dibrlebmp-bo(74452)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74452" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in IrfanView before 4.33 allows remote attackers to execute arbitrary code via a crafted RLE compressed bitmap file such as a DIB, RLE, or BMP image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52806", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52806" + }, + { + "name": "47333", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47333" + }, + { + "name": "80716", + "refsource": "OSVDB", + "url": "http://osvdb.org/80716" + }, + { + "name": "irfanview-dibrlebmp-bo(74452)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74452" + }, + { + "name": "http://www.irfanview.com/history_old.htm", + "refsource": "CONFIRM", + "url": "http://www.irfanview.com/history_old.htm" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5917.json b/2012/5xxx/CVE-2012-5917.json index 052d36cc533..7ebb4660629 100644 --- a/2012/5xxx/CVE-2012-5917.json +++ b/2012/5xxx/CVE-2012-5917.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SnackAmp 3.1.3 allows remote attackers to cause a denial of service (application crash) via a long string in an aiff file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18692", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18692" - }, - { - "name" : "52842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52842" - }, - { - "name" : "80805", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80805" - }, - { - "name" : "snackamp-aiff-dos(74528)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SnackAmp 3.1.3 allows remote attackers to cause a denial of service (application crash) via a long string in an aiff file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18692", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18692" + }, + { + "name": "52842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52842" + }, + { + "name": "snackamp-aiff-dos(74528)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74528" + }, + { + "name": "80805", + "refsource": "OSVDB", + "url": "http://osvdb.org/80805" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11158.json b/2017/11xxx/CVE-2017-11158.json index a0b0d7cfa81..6273fe2e054 100644 --- a/2017/11xxx/CVE-2017-11158.json +++ b/2017/11xxx/CVE-2017-11158.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "DATE_PUBLIC" : "2017-08-30T00:00:00", - "ID" : "CVE-2017-11158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Station Drive", - "version" : { - "version_data" : [ - { - "version_value" : "before 4.2.5-4396" - } - ] - } - } - ] - }, - "vendor_name" : "Synology" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Uncontrolled Search Path Element (CWE-427)" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "DATE_PUBLIC": "2017-08-30T00:00:00", + "ID": "CVE-2017-11158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud Station Drive", + "version": { + "version_data": [ + { + "version_value": "before 4.2.5-4396" + } + ] + } + } + ] + }, + "vendor_name": "Synology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.synology.com/en-global/support/security/Synology_SA_17_51_Cloud_Station_Drive", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/en-global/support/security/Synology_SA_17_51_Cloud_Station_Drive" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Drive before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) shfolder.dll, (2) ntmarta.dll, (3) secur32.dll or (4) dwmapi.dll file in the current working directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Uncontrolled Search Path Element (CWE-427)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.synology.com/en-global/support/security/Synology_SA_17_51_Cloud_Station_Drive", + "refsource": "CONFIRM", + "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_51_Cloud_Station_Drive" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11218.json b/2017/11xxx/CVE-2017-11218.json index 08a9f110db4..cd0c6777d1e 100644 --- a/2017/11xxx/CVE-2017-11218.json +++ b/2017/11xxx/CVE-2017-11218.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-11218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Acrobat Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2017.009.20058 and earlier" - }, - { - "version_value" : "2017.008.30051 and earlier" - }, - { - "version_value" : "2015.006.30306 and earlier" - }, - { - "version_value" : "11.0.20 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe Systems Incorporated" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in XFA event management. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-11218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_value": "2017.009.20058 and earlier" + }, + { + "version_value": "2017.008.30051 and earlier" + }, + { + "version_value": "2015.006.30306 and earlier" + }, + { + "version_value": "11.0.20 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Adobe Systems Incorporated" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" - }, - { - "name" : "100182", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100182" - }, - { - "name" : "1039098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in XFA event management. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" + }, + { + "name": "1039098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039098" + }, + { + "name": "100182", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100182" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11779.json b/2017/11xxx/CVE-2017-11779.json index ec871716d9c..c9bab6345f8 100644 --- a/2017/11xxx/CVE-2017-11779.json +++ b/2017/11xxx/CVE-2017-11779.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-11779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Domain Name System (DNS)", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka \"Windows DNSAPI Remote Code Execution Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-11779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Domain Name System (DNS)", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11779", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11779" - }, - { - "name" : "101166", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101166" - }, - { - "name" : "1039533", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039533" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka \"Windows DNSAPI Remote Code Execution Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101166", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101166" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11779", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11779" + }, + { + "name": "1039533", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039533" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11817.json b/2017/11xxx/CVE-2017-11817.json index f3e4faf4a64..120c90a80e4 100644 --- a/2017/11xxx/CVE-2017-11817.json +++ b/2017/11xxx/CVE-2017-11817.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-11817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Kernel", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly validates objects in memory, aka \"Windows Information Disclosure Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-11817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Kernel", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11817", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11817" - }, - { - "name" : "101095", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101095" - }, - { - "name" : "1039526", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly validates objects in memory, aka \"Windows Information Disclosure Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039526", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039526" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11817", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11817" + }, + { + "name": "101095", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101095" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11888.json b/2017/11xxx/CVE-2017-11888.json index af80fd2b3c4..be93eb9f8fb 100644 --- a/2017/11xxx/CVE-2017-11888.json +++ b/2017/11xxx/CVE-2017-11888.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-12-12T00:00:00", - "ID" : "CVE-2017-11888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-12-12T00:00:00", + "ID": "CVE-2017-11888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11888", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11888" - }, - { - "name" : "102065", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102065" - }, - { - "name" : "1039990", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039990", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039990" + }, + { + "name": "102065", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102065" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11888", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11888" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15815.json b/2017/15xxx/CVE-2017-15815.json index c9b05a87c7a..e726922ab46 100644 --- a/2017/15xxx/CVE-2017-15815.json +++ b/2017/15xxx/CVE-2017-15815.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-15815", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a potential buffer overflow can happen when processing any 802.11 MGMT frames like Auth frame in limProcessAuthFrame." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-15815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a5096157fd80350a0e0409e7ad96265ae60861f6", - "refsource" : "MISC", - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a5096157fd80350a0e0409e7ad96265ae60861f6" - }, - { - "name" : "https://source.android.com/security/bulletin/2018-03-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-03-01" - }, - { - "name" : "103254", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a potential buffer overflow can happen when processing any 802.11 MGMT frames like Auth frame in limProcessAuthFrame." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a5096157fd80350a0e0409e7ad96265ae60861f6", + "refsource": "MISC", + "url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a5096157fd80350a0e0409e7ad96265ae60861f6" + }, + { + "name": "https://source.android.com/security/bulletin/2018-03-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-03-01" + }, + { + "name": "103254", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103254" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15896.json b/2017/15xxx/CVE-2017-15896.json index eef7c04c59f..07127d830e5 100644 --- a/2017/15xxx/CVE-2017-15896.json +++ b/2017/15xxx/CVE-2017-15896.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-request@iojs.org", - "DATE_PUBLIC" : "2017-12-07T00:00:00", - "ID" : "CVE-2017-15896", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Node.js", - "version" : { - "version_data" : [ - { - "version_value" : "4.0.0 and higher" - }, - { - "version_value" : "6.0.0 and higher" - }, - { - "version_value" : "8.0.0 and higher" - }, - { - "version_value" : "9.0.0 and higher" - } - ] - } - } - ] - }, - "vendor_name" : "The Node.js Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Data Confidentiality/Integrity" - } + "CVE_data_meta": { + "ASSIGNER": "cve-request@iojs.org", + "DATE_PUBLIC": "2017-12-07T00:00:00", + "ID": "CVE-2017-15896", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Node.js", + "version": { + "version_data": [ + { + "version_value": "4.0.0 and higher" + }, + { + "version_value": "6.0.0 and higher" + }, + { + "version_value": "8.0.0 and higher" + }, + { + "version_value": "9.0.0 and higher" + } + ] + } + } + ] + }, + "vendor_name": "The Node.js Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/", - "refsource" : "CONFIRM", - "url" : "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentication and encryption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Data Confidentiality/Integrity" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/", + "refsource": "CONFIRM", + "url": "https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15956.json b/2017/15xxx/CVE-2017-15956.json index 407617f6fae..10d25f9a2ca 100644 --- a/2017/15xxx/CVE-2017-15956.json +++ b/2017/15xxx/CVE-2017-15956.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/144456/ConverTo-Video-Downloader-And-Converter-1.4.1-Arbitrary-File-Download.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/144456/ConverTo-Video-Downloader-And-Converter-1.4.1-Arbitrary-File-Download.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/144456/ConverTo-Video-Downloader-And-Converter-1.4.1-Arbitrary-File-Download.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/144456/ConverTo-Video-Downloader-And-Converter-1.4.1-Arbitrary-File-Download.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3033.json b/2017/3xxx/CVE-2017-3033.json index 4155121346e..a80e50733c8 100644 --- a/2017/3xxx/CVE-2017-3033.json +++ b/2017/3xxx/CVE-2017-3033.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling JPEG 2000 code-stream tile data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" - }, - { - "name" : "97554", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97554" - }, - { - "name" : "1038228", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling JPEG 2000 code-stream tile data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97554", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97554" + }, + { + "name": "1038228", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038228" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3625.json b/2017/3xxx/CVE-2017-3625.json index 4c51d04d0e9..5c29cfb9aae 100644 --- a/2017/3xxx/CVE-2017-3625.json +++ b/2017/3xxx/CVE-2017-3625.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebCenter Content", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.1.7" - }, - { - "version_affected" : "=", - "version_value" : "11.1.1.9" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 11.1.1.7, 11.1.1.9, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Content accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Content accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebCenter Content", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.1.7" + }, + { + "version_affected": "=", + "version_value": "11.1.1.9" + }, + { + "version_affected": "=", + "version_value": "12.2.1.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.1" + }, + { + "version_affected": "=", + "version_value": "12.2.1.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97769", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97769" - }, - { - "name" : "1038291", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 11.1.1.7, 11.1.1.9, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Content accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Content accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038291", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038291" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "97769", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97769" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3666.json b/2017/3xxx/CVE-2017-3666.json index 705f997ac1e..225cff32cfb 100644 --- a/2017/3xxx/CVE-2017-3666.json +++ b/2017/3xxx/CVE-2017-3666.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3666", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3666", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3965.json b/2017/3xxx/CVE-2017-3965.json index 15fe47943e0..ccb62781dfa 100644 --- a/2017/3xxx/CVE-2017-3965.json +++ b/2017/3xxx/CVE-2017-3965.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@mcafee.com", - "DATE_PUBLIC" : "2017-03-29T17:00:00.000Z", - "ID" : "CVE-2017-3965", - "STATE" : "PUBLIC", - "TITLE" : "SB10192 - Network Security Management (NSM) - Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Network Security Management (NSM)", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "8.2", - "version_value" : "8.2.7.42.2" - } - ] - } - } - ] - }, - "vendor_name" : "McAfee" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 8.8, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", + "DATE_PUBLIC": "2017-03-29T17:00:00.000Z", + "ID": "CVE-2017-3965", + "STATE": "PUBLIC", + "TITLE": "SB10192 - Network Security Management (NSM) - Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Network Security Management (NSM)", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "8.2", + "version_value": "8.2.7.42.2" + } + ] + } + } + ] + }, + "vendor_name": "McAfee" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10192", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10192" - } - ] - }, - "source" : { - "advisory" : "SB10192", - "discovery" : "EXTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192" + } + ] + }, + "source": { + "advisory": "SB10192", + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8375.json b/2017/8xxx/CVE-2017-8375.json index 48738d8e497..50e26c163bb 100644 --- a/2017/8xxx/CVE-2017-8375.json +++ b/2017/8xxx/CVE-2017-8375.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8375", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8375", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8391.json b/2017/8xxx/CVE-2017-8391.json index 67ee89d844b..06aa09ec5e4 100644 --- a/2017/8xxx/CVE-2017-8391.json +++ b/2017/8xxx/CVE-2017-8391.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170504-01-security-notice-for-ca-client-automation-os-installation-mgmt.html", - "refsource" : "CONFIRM", - "url" : "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170504-01-security-notice-for-ca-client-automation-os-installation-mgmt.html" - }, - { - "name" : "98344", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98344" - }, - { - "name" : "1038410", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The OS Installation Management component in CA Client Automation r12.9, r14.0, and r14.0 SP1 places an encrypted password into a readable local file during operating system installation, which allows local users to obtain sensitive information by reading this file after operating system installation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038410", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038410" + }, + { + "name": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170504-01-security-notice-for-ca-client-automation-os-installation-mgmt.html", + "refsource": "CONFIRM", + "url": "https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170504-01-security-notice-for-ca-client-automation-os-installation-mgmt.html" + }, + { + "name": "98344", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98344" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8398.json b/2017/8xxx/CVE-2017-8398.json index b185fd34103..6d599ebfe99 100644 --- a/2017/8xxx/CVE-2017-8398.json +++ b/2017/8xxx/CVE-2017-8398.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21438", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21438" - }, - { - "name" : "GLSA-201709-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 during dumping of debug information from a corrupt binary. This vulnerability causes programs that conduct an analysis of binary programs, such as objdump and readelf, to crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-02" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=21438", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21438" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8914.json b/2017/8xxx/CVE-2017-8914.json index 79ed172a90c..5f60e862125 100644 --- a/2017/8xxx/CVE-2017-8914.json +++ b/2017/8xxx/CVE-2017-8914.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://erpscan.io/advisories/erpscan-17-009-sap-hana-sinopia-default-user-creation-policy-insecure/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-17-009-sap-hana-sinopia-default-user-creation-policy-insecure/" - }, - { - "name" : "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-february-2017/", - "refsource" : "MISC", - "url" : "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-february-2017/" - }, - { - "name" : "96206", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers to hijack npm packages or host arbitrary files by leveraging an insecure user creation policy, aka SAP Security Note 2407694." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96206", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96206" + }, + { + "name": "https://erpscan.io/advisories/erpscan-17-009-sap-hana-sinopia-default-user-creation-policy-insecure/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-17-009-sap-hana-sinopia-default-user-creation-policy-insecure/" + }, + { + "name": "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-february-2017/", + "refsource": "MISC", + "url": "https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-february-2017/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10367.json b/2018/10xxx/CVE-2018-10367.json index 2fc2247fdb7..0a68533d076 100644 --- a/2018/10xxx/CVE-2018-10367.json +++ b/2018/10xxx/CVE-2018-10367.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wuzhicms/wuzhicms/issues/135", - "refsource" : "MISC", - "url" : "https://github.com/wuzhicms/wuzhicms/issues/135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wuzhicms/wuzhicms/issues/135", + "refsource": "MISC", + "url": "https://github.com/wuzhicms/wuzhicms/issues/135" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10399.json b/2018/10xxx/CVE-2018-10399.json index 135e9b3a3d5..94a074413bf 100644 --- a/2018/10xxx/CVE-2018-10399.json +++ b/2018/10xxx/CVE-2018-10399.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10399", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10399", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10674.json b/2018/10xxx/CVE-2018-10674.json index b7ae35f2c07..864cfcc61db 100644 --- a/2018/10xxx/CVE-2018-10674.json +++ b/2018/10xxx/CVE-2018-10674.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10674", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10674", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12331.json b/2018/12xxx/CVE-2018-12331.json index ea3b6858cb6..140a9571114 100644 --- a/2018/12xxx/CVE-2018-12331.json +++ b/2018/12xxx/CVE-2018-12331.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12331", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP spoofing during \"Easy Enrollment.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html", - "refsource" : "MISC", - "url" : "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP spoofing during \"Easy Enrollment.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html", + "refsource": "MISC", + "url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12401.json b/2018/12xxx/CVE-2018-12401.json index 665616b9c2c..2fe1bd2991c 100644 --- a/2018/12xxx/CVE-2018-12401.json +++ b/2018/12xxx/CVE-2018-12401.json @@ -1,83 +1,83 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-12401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "63" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service (DOS) attacks. This vulnerability affects Firefox < 63." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DOS attack through special resource URI parsing" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-12401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "63" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1422456", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1422456" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-26/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-26/" - }, - { - "name" : "USN-3801-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3801-1/" - }, - { - "name" : "105721", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105721" - }, - { - "name" : "1041944", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service (DOS) attacks. This vulnerability affects Firefox < 63." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DOS attack through special resource URI parsing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-26/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-26/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1422456", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1422456" + }, + { + "name": "105721", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105721" + }, + { + "name": "USN-3801-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3801-1/" + }, + { + "name": "1041944", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041944" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12584.json b/2018/12xxx/CVE-2018-12584.json index 9fbf6d868ef..2014133b755 100644 --- a/2018/12xxx/CVE-2018-12584.json +++ b/2018/12xxx/CVE-2018-12584.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180808 [CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2018/Aug/14" - }, - { - "name" : "45174", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45174/" - }, - { - "name" : "[debian-lts-announce] 20180724 [SECURITY] [DLA 1439-1] resiprocate security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00031.html" - }, - { - "name" : "http://joachimdezutter.webredirect.org/advisory.html", - "refsource" : "MISC", - "url" : "http://joachimdezutter.webredirect.org/advisory.html" - }, - { - "name" : "https://packetstormsecurity.com/files/148856/reSIProcate-1.10.2-Heap-Overflow.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/148856/reSIProcate-1.10.2-Heap-Overflow.html" - }, - { - "name" : "https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608", - "refsource" : "CONFIRM", - "url" : "https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45174", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45174/" + }, + { + "name": "https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608", + "refsource": "CONFIRM", + "url": "https://github.com/resiprocate/resiprocate/commit/2cb291191c93c7c4e371e22cb89805a5b31d6608" + }, + { + "name": "[debian-lts-announce] 20180724 [SECURITY] [DLA 1439-1] resiprocate security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00031.html" + }, + { + "name": "20180808 [CVE-2018-12584] Heap overflow vulnerability in reSIProcate through 1.10.2", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2018/Aug/14" + }, + { + "name": "https://packetstormsecurity.com/files/148856/reSIProcate-1.10.2-Heap-Overflow.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/148856/reSIProcate-1.10.2-Heap-Overflow.html" + }, + { + "name": "http://joachimdezutter.webredirect.org/advisory.html", + "refsource": "MISC", + "url": "http://joachimdezutter.webredirect.org/advisory.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12684.json b/2018/12xxx/CVE-2018-12684.json index 690d84260dc..081a4a8985d 100644 --- a/2018/12xxx/CVE-2018-12684.json +++ b/2018/12xxx/CVE-2018-12684.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/civetweb/civetweb/commit/8fd069f6dedb064339f1091069ac96f3f8bdb552", - "refsource" : "MISC", - "url" : "https://github.com/civetweb/civetweb/commit/8fd069f6dedb064339f1091069ac96f3f8bdb552" - }, - { - "name" : "https://github.com/civetweb/civetweb/issues/633", - "refsource" : "MISC", - "url" : "https://github.com/civetweb/civetweb/issues/633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/civetweb/civetweb/issues/633", + "refsource": "MISC", + "url": "https://github.com/civetweb/civetweb/issues/633" + }, + { + "name": "https://github.com/civetweb/civetweb/commit/8fd069f6dedb064339f1091069ac96f3f8bdb552", + "refsource": "MISC", + "url": "https://github.com/civetweb/civetweb/commit/8fd069f6dedb064339f1091069ac96f3f8bdb552" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12701.json b/2018/12xxx/CVE-2018-12701.json index 1fe8e772fb5..50a31c265c4 100644 --- a/2018/12xxx/CVE-2018-12701.json +++ b/2018/12xxx/CVE-2018-12701.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12701", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12701", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12710.json b/2018/12xxx/CVE-2018-12710.json index 3b81d5dad1c..1ef9b88f0d5 100644 --- a/2018/12xxx/CVE-2018-12710.json +++ b/2018/12xxx/CVE-2018-12710.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only \"User\" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain \"Admin\" rights due to the admin password being displayed in XML." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45306", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45306/" - }, - { - "name" : "20180827 CVE-2018-12710", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Aug/45" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only \"User\" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain \"Admin\" rights due to the admin password being displayed in XML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180827 CVE-2018-12710", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Aug/45" + }, + { + "name": "45306", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45306/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12945.json b/2018/12xxx/CVE-2018-12945.json index 7169fb4d71c..6936ce9b340 100644 --- a/2018/12xxx/CVE-2018-12945.json +++ b/2018/12xxx/CVE-2018-12945.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12945", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12945", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13171.json b/2018/13xxx/CVE-2018-13171.json index 29ed1081c3a..4d9b8657b9f 100644 --- a/2018/13xxx/CVE-2018-13171.json +++ b/2018/13xxx/CVE-2018-13171.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for LadaToken (LDT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/LadaToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/LadaToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for LadaToken (LDT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/LadaToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/LadaToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13238.json b/2018/13xxx/CVE-2018-13238.json index 72a095b3f09..30e24e18889 100644 --- a/2018/13xxx/CVE-2018-13238.json +++ b/2018/13xxx/CVE-2018-13238.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13238", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13238", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13488.json b/2018/13xxx/CVE-2018-13488.json index 6da56c5a803..1344dff589e 100644 --- a/2018/13xxx/CVE-2018-13488.json +++ b/2018/13xxx/CVE-2018-13488.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for Crypto Alley Shares (CAST), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CAST", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CAST" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for Crypto Alley Shares (CAST), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CAST", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CAST" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13972.json b/2018/13xxx/CVE-2018-13972.json index 7179a09df2f..10ddda5104a 100644 --- a/2018/13xxx/CVE-2018-13972.json +++ b/2018/13xxx/CVE-2018-13972.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13972", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13972", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16727.json b/2018/16xxx/CVE-2018-16727.json index 74e2a33965e..f3a7073b69f 100644 --- a/2018/16xxx/CVE-2018-16727.json +++ b/2018/16xxx/CVE-2018-16727.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16727", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/smiffy6969/razorCMS/issues/51", - "refsource" : "MISC", - "url" : "https://github.com/smiffy6969/razorCMS/issues/51" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/smiffy6969/razorCMS/issues/51", + "refsource": "MISC", + "url": "https://github.com/smiffy6969/razorCMS/issues/51" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17052.json b/2018/17xxx/CVE-2018-17052.json index 3f3afbf8a66..6b9cd7b9bb8 100644 --- a/2018/17xxx/CVE-2018-17052.json +++ b/2018/17xxx/CVE-2018-17052.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17052", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17052", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17138.json b/2018/17xxx/CVE-2018-17138.json index f9e07000ee2..7281ce48dd3 100644 --- a/2018/17xxx/CVE-2018-17138.json +++ b/2018/17xxx/CVE-2018-17138.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45305", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45305/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45305", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45305/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17426.json b/2018/17xxx/CVE-2018-17426.json index 49f91475424..267ea8d490e 100644 --- a/2018/17xxx/CVE-2018-17426.json +++ b/2018/17xxx/CVE-2018-17426.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WUZHI CMS 4.1.0 has stored XSS via the \"Extension module\" \"SMS in station\" field under the index.php?m=core URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wuzhicms/wuzhicms/issues/154", - "refsource" : "MISC", - "url" : "https://github.com/wuzhicms/wuzhicms/issues/154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WUZHI CMS 4.1.0 has stored XSS via the \"Extension module\" \"SMS in station\" field under the index.php?m=core URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wuzhicms/wuzhicms/issues/154", + "refsource": "MISC", + "url": "https://github.com/wuzhicms/wuzhicms/issues/154" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17477.json b/2018/17xxx/CVE-2018-17477.json index 2346fa6c418..b8fca460798 100644 --- a/2018/17xxx/CVE-2018-17477.json +++ b/2018/17xxx/CVE-2018-17477.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-17477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : " 70.0.3538.67" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect security UI" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-17477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": " 70.0.3538.67" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/863703", - "refsource" : "MISC", - "url" : "https://crbug.com/863703" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4330", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4330" - }, - { - "name" : "GLSA-201811-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-10" - }, - { - "name" : "RHSA-2018:3004", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3004" - }, - { - "name" : "105666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105666" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect dialog placement in Extensions in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of extension popups via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect security UI" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4330", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4330" + }, + { + "name": "RHSA-2018:3004", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3004" + }, + { + "name": "GLSA-201811-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-10" + }, + { + "name": "https://crbug.com/863703", + "refsource": "MISC", + "url": "https://crbug.com/863703" + }, + { + "name": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" + }, + { + "name": "105666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105666" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17726.json b/2018/17xxx/CVE-2018-17726.json index 1682ceaf180..31a6d5987ef 100644 --- a/2018/17xxx/CVE-2018-17726.json +++ b/2018/17xxx/CVE-2018-17726.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17726", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17726", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17981.json b/2018/17xxx/CVE-2018-17981.json index bf02d6f0de1..8f3d169dd9e 100644 --- a/2018/17xxx/CVE-2018-17981.json +++ b/2018/17xxx/CVE-2018-17981.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17981", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17981", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file