diff --git a/2004/0xxx/CVE-2004-0090.json b/2004/0xxx/CVE-2004-0090.json index 6cbd98e88b9..00e7070ff2b 100644 --- a/2004/0xxx/CVE-2004-0090.json +++ b/2004/0xxx/CVE-2004-0090.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not \"shutdown properly,\" which has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2004-01-26", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html" - }, - { - "name" : "ESB-2004.0072", - "refsource" : "AUSCERT", - "url" : "http://www.auscert.org.au/render.html?it=3791&cid=1" - }, - { - "name" : "9504", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9504" - }, - { - "name" : "10723", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10723/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not \"shutdown properly,\" which has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2004-01-26", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html" + }, + { + "name": "10723", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10723/" + }, + { + "name": "9504", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9504" + }, + { + "name": "ESB-2004.0072", + "refsource": "AUSCERT", + "url": "http://www.auscert.org.au/render.html?it=3791&cid=1" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0650.json b/2004/0xxx/CVE-2004-0650.json index 3accfd36176..6d40b137c21 100644 --- a/2004/0xxx/CVE-2004-0650.json +++ b/2004/0xxx/CVE-2004-0650.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute arbitrary files via a direct call to the UploadServlet URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040630 Cisco Collaboration Server Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20040630-CCS.shtml" - }, - { - "name" : "11979", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11979/" - }, - { - "name" : "VU#718896", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/718896" - }, - { - "name" : "ccs-servletexec-gain-privileges(16553)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16553" - }, - { - "name" : "10639", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10639" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute arbitrary files via a direct call to the UploadServlet URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#718896", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/718896" + }, + { + "name": "20040630 Cisco Collaboration Server Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040630-CCS.shtml" + }, + { + "name": "10639", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10639" + }, + { + "name": "11979", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11979/" + }, + { + "name": "ccs-servletexec-gain-privileges(16553)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16553" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0834.json b/2004/0xxx/CVE-2004-0834.json index d04b95670c0..e1c80aa47e0 100644 --- a/2004/0xxx/CVE-2004-0834.json +++ b/2004/0xxx/CVE-2004-0834.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://speedtouch.sourceforge.net/index.php?/news.en.html", - "refsource" : "CONFIRM", - "url" : "http://speedtouch.sourceforge.net/index.php?/news.en.html" - }, - { - "name" : "http://sourceforge.net/project/showfiles.php?group_id=32758&package_id=28264&release_id=271734", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/showfiles.php?group_id=32758&package_id=28264&release_id=271734" - }, - { - "name" : "http://www.mail-archive.com/speedtouch@ml.free.fr/msg06688.html", - "refsource" : "MISC", - "url" : "http://www.mail-archive.com/speedtouch@ml.free.fr/msg06688.html" - }, - { - "name" : "speedtouch-format-string(17792)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://speedtouch.sourceforge.net/index.php?/news.en.html", + "refsource": "CONFIRM", + "url": "http://speedtouch.sourceforge.net/index.php?/news.en.html" + }, + { + "name": "http://www.mail-archive.com/speedtouch@ml.free.fr/msg06688.html", + "refsource": "MISC", + "url": "http://www.mail-archive.com/speedtouch@ml.free.fr/msg06688.html" + }, + { + "name": "speedtouch-format-string(17792)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17792" + }, + { + "name": "http://sourceforge.net/project/showfiles.php?group_id=32758&package_id=28264&release_id=271734", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/showfiles.php?group_id=32758&package_id=28264&release_id=271734" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0852.json b/2004/0xxx/CVE-2004-0852.json index 8e2b296b138..b06347e2155 100644 --- a/2004/0xxx/CVE-2004-0852.json +++ b/2004/0xxx/CVE-2004-0852.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in htget 0.93 allows remote attackers to execute arbitrary code via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-611", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-611" - }, - { - "name" : "13579", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13579" - }, - { - "name" : "htget-bo(18603)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in htget 0.93 allows remote attackers to execute arbitrary code via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13579", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13579" + }, + { + "name": "DSA-611", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-611" + }, + { + "name": "htget-bo(18603)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18603" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0957.json b/2004/0xxx/CVE-2004-0957.json index a1aed01507e..75198ef7b14 100644 --- a/2004/0xxx/CVE-2004-0957.json +++ b/2004/0xxx/CVE-2004-0957.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a \"_\" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CLA-2005:947", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947" - }, - { - "name" : "DSA-707", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-707" - }, - { - "name" : "MDKSA-2005:070", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:070" - }, - { - "name" : "RHSA-2004:597", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-597.html" - }, - { - "name" : "RHSA-2004:611", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-611.html" - }, - { - "name" : "USN-32-1", - "refsource" : "UBUNTU", - "url" : "https://www.ubuntu.com/usn/usn-32-1/" - }, - { - "name" : "P-018", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-018.shtml" - }, - { - "name" : "mysql-underscore-gain-priv(17783)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a \"_\" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mysql-underscore-gain-priv(17783)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17783" + }, + { + "name": "CLA-2005:947", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947" + }, + { + "name": "RHSA-2004:611", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-611.html" + }, + { + "name": "DSA-707", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-707" + }, + { + "name": "MDKSA-2005:070", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:070" + }, + { + "name": "USN-32-1", + "refsource": "UBUNTU", + "url": "https://www.ubuntu.com/usn/usn-32-1/" + }, + { + "name": "RHSA-2004:597", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-597.html" + }, + { + "name": "P-018", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-018.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1361.json b/2004/1xxx/CVE-2004-1361.json index ae76c1e4e33..eb1c1483ee1 100644 --- a/2004/1xxx/CVE-2004-1361.json +++ b/2004/1xxx/CVE-2004-1361.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041223 Microsoft Windows winhlp32.exe Heap Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110383690219440&w=2" - }, - { - "name" : "http://www.xfocus.net/flashsky/icoExp/", - "refsource" : "MISC", - "url" : "http://www.xfocus.net/flashsky/icoExp/" - }, - { - "name" : "12091", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12091" - }, - { - "name" : "win-winhlp32-bo(18678)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18678" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12091", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12091" + }, + { + "name": "http://www.xfocus.net/flashsky/icoExp/", + "refsource": "MISC", + "url": "http://www.xfocus.net/flashsky/icoExp/" + }, + { + "name": "20041223 Microsoft Windows winhlp32.exe Heap Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110383690219440&w=2" + }, + { + "name": "win-winhlp32-bo(18678)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18678" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1904.json b/2004/1xxx/CVE-2004-1904.json index cefc17656f5..714a3e227ef 100644 --- a/2004/1xxx/CVE-2004-1904.json +++ b/2004/1xxx/CVE-2004-1904.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1904", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to execute arbitrary code via the Internacional property followed by a long string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1904", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040406 Panda ActiveScan 5.0 - Remote Buffer Overflow and A Crash(D.O.S)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108130573130482&w=2" - }, - { - "name" : "http://theinsider.deep-ice.com/texts/advisory53.txt", - "refsource" : "MISC", - "url" : "http://theinsider.deep-ice.com/texts/advisory53.txt" - }, - { - "name" : "10065", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10065" - }, - { - "name" : "11312", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11312" - }, - { - "name" : "panda-activescan-ascontrol-bo(15764)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15764" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to execute arbitrary code via the Internacional property followed by a long string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040406 Panda ActiveScan 5.0 - Remote Buffer Overflow and A Crash(D.O.S)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108130573130482&w=2" + }, + { + "name": "http://theinsider.deep-ice.com/texts/advisory53.txt", + "refsource": "MISC", + "url": "http://theinsider.deep-ice.com/texts/advisory53.txt" + }, + { + "name": "panda-activescan-ascontrol-bo(15764)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15764" + }, + { + "name": "10065", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10065" + }, + { + "name": "11312", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11312" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3101.json b/2008/3xxx/CVE-2008-3101.json index dfe2d8b44d4..78ce3e41f4e 100644 --- a/2008/3xxx/CVE-2008-3101.json +++ b/2008/3xxx/CVE-2008-3101.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3101", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3101", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080901 Multiple Cross Site Scripting (XSS) Vulnerabilities in vtigerCRM 5.0.4, CVE-2008-3101", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495885/100/0/threaded" - }, - { - "name" : "http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html", - "refsource" : "MISC", - "url" : "http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html" - }, - { - "name" : "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload&tx_abdownloads_pi1[uid]=128&tx_abdownloads_pi1[category_uid]=5&cHash=e16be773a5", - "refsource" : "MISC", - "url" : "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload&tx_abdownloads_pi1[uid]=128&tx_abdownloads_pi1[category_uid]=5&cHash=e16be773a5" - }, - { - "name" : "30951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30951" - }, - { - "name" : "ADV-2008-2471", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2471" - }, - { - "name" : "31679", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31679" - }, - { - "name" : "4208", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4208" - }, - { - "name" : "vtigercrm-index-xss(44792)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44792" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30951" + }, + { + "name": "http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html", + "refsource": "MISC", + "url": "http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html" + }, + { + "name": "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload&tx_abdownloads_pi1[uid]=128&tx_abdownloads_pi1[category_uid]=5&cHash=e16be773a5", + "refsource": "MISC", + "url": "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload&tx_abdownloads_pi1[uid]=128&tx_abdownloads_pi1[category_uid]=5&cHash=e16be773a5" + }, + { + "name": "vtigercrm-index-xss(44792)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44792" + }, + { + "name": "4208", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4208" + }, + { + "name": "ADV-2008-2471", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2471" + }, + { + "name": "31679", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31679" + }, + { + "name": "20080901 Multiple Cross Site Scripting (XSS) Vulnerabilities in vtigerCRM 5.0.4, CVE-2008-3101", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495885/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3861.json b/2008/3xxx/CVE-2008-3861.json index 88664c50804..10682ff7d4c 100644 --- a/2008/3xxx/CVE-2008-3861.json +++ b/2008/3xxx/CVE-2008-3861.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in pages.php and (2) the price_max parameter in search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6320", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6320" - }, - { - "name" : "30862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30862" - }, - { - "name" : "31613", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31613" - }, - { - "name" : "4198", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4198" - }, - { - "name" : "phpmyrealty-pages-search-sql-injection(44720)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44720" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in pages.php and (2) the price_max parameter in search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4198", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4198" + }, + { + "name": "phpmyrealty-pages-search-sql-injection(44720)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44720" + }, + { + "name": "31613", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31613" + }, + { + "name": "6320", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6320" + }, + { + "name": "30862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30862" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3923.json b/2008/3xxx/CVE-2008-3923.json index edc22c9ea4c..56a26816fa6 100644 --- a/2008/3xxx/CVE-2008-3923.json +++ b/2008/3xxx/CVE-2008-3923.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in statistics.php in Content Management Made Easy (CMME) 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) year parameters in an hstat_year action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6313", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6313" - }, - { - "name" : "30854", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30854" - }, - { - "name" : "31599", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31599" - }, - { - "name" : "4220", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4220" - }, - { - "name" : "cmme-statistics-xss(44685)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44685" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in statistics.php in Content Management Made Easy (CMME) 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) year parameters in an hstat_year action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31599", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31599" + }, + { + "name": "30854", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30854" + }, + { + "name": "4220", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4220" + }, + { + "name": "6313", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6313" + }, + { + "name": "cmme-statistics-xss(44685)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44685" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4009.json b/2008/4xxx/CVE-2008-4009.json index c14c5d16c4e..81c8889951d 100644 --- a/2008/4xxx/CVE-2008-4009.json +++ b/2008/4xxx/CVE-2008-4009.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.1, when configuring multiple authorizers, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2008-4009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html" - }, - { - "name" : "https://support.bea.com/application_content/product_portlets/securityadvisories/2802.html", - "refsource" : "CONFIRM", - "url" : "https://support.bea.com/application_content/product_portlets/securityadvisories/2802.html" - }, - { - "name" : "ADV-2008-2825", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2825" - }, - { - "name" : "1021056", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021056" - }, - { - "name" : "32304", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32304" - }, - { - "name" : "oracle-weblogic-authorizer-unauth-access(45908)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45908" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.1, when configuring multiple authorizers, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-weblogic-authorizer-unauth-access(45908)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45908" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html" + }, + { + "name": "https://support.bea.com/application_content/product_portlets/securityadvisories/2802.html", + "refsource": "CONFIRM", + "url": "https://support.bea.com/application_content/product_portlets/securityadvisories/2802.html" + }, + { + "name": "1021056", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021056" + }, + { + "name": "32304", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32304" + }, + { + "name": "ADV-2008-2825", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2825" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4114.json b/2008/4xxx/CVE-2008-4114.json index c8fd1b7e44d..ed447689f7a 100644 --- a/2008/4xxx/CVE-2008-4114.json +++ b/2008/4xxx/CVE-2008-4114.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to \"insufficiently validating the buffer size,\" as demonstrated by a request to the \\PIPE\\lsarpc named pipe, aka \"SMB Validation Denial of Service Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080914 Microsoft Windows WRITE_ANDX SMB command handling Kernel DoS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496354/100/0/threaded" - }, - { - "name" : "6463", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6463" - }, - { - "name" : "http://www.reversemode.com/index.php?option=com_content&task=view&id=54&Itemid=1", - "refsource" : "MISC", - "url" : "http://www.reversemode.com/index.php?option=com_content&task=view&id=54&Itemid=1" - }, - { - "name" : "http://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htm", - "refsource" : "MISC", - "url" : "http://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htm" - }, - { - "name" : "MS09-001", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001" - }, - { - "name" : "TA09-013A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-013A.html" - }, - { - "name" : "31179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31179" - }, - { - "name" : "oval:org.mitre.oval:def:5262", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5262" - }, - { - "name" : "oval:org.mitre.oval:def:6044", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6044" - }, - { - "name" : "ADV-2008-2583", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2583" - }, - { - "name" : "1020887", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020887" - }, - { - "name" : "31883", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31883" - }, - { - "name" : "win-writeandx-dos(45146)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45146" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to \"insufficiently validating the buffer size,\" as demonstrated by a request to the \\PIPE\\lsarpc named pipe, aka \"SMB Validation Denial of Service Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6044", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6044" + }, + { + "name": "6463", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6463" + }, + { + "name": "31179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31179" + }, + { + "name": "MS09-001", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-001" + }, + { + "name": "31883", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31883" + }, + { + "name": "ADV-2008-2583", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2583" + }, + { + "name": "TA09-013A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-013A.html" + }, + { + "name": "win-writeandx-dos(45146)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45146" + }, + { + "name": "1020887", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020887" + }, + { + "name": "oval:org.mitre.oval:def:5262", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5262" + }, + { + "name": "http://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htm", + "refsource": "MISC", + "url": "http://www.vallejo.cc/proyectos/vista_SMB_write_DoS.htm" + }, + { + "name": "http://www.reversemode.com/index.php?option=com_content&task=view&id=54&Itemid=1", + "refsource": "MISC", + "url": "http://www.reversemode.com/index.php?option=com_content&task=view&id=54&Itemid=1" + }, + { + "name": "20080914 Microsoft Windows WRITE_ANDX SMB command handling Kernel DoS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496354/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4310.json b/2008/4xxx/CVE-2008-4310.json index a1be1905fb6..178a15036dc 100644 --- a/2008/4xxx/CVE-2008-4310.json +++ b/2008/4xxx/CVE-2008-4310.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-4310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081204 ruby CVE-2008-4310 (Red Hat specific)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/12/04/2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=470252", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=470252" - }, - { - "name" : "RHSA-2008:0981", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0981.html" - }, - { - "name" : "oval:org.mitre.oval:def:10250", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10250" - }, - { - "name" : "33013", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2008:0981", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0981.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=470252", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=470252" + }, + { + "name": "oval:org.mitre.oval:def:10250", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10250" + }, + { + "name": "[oss-security] 20081204 ruby CVE-2008-4310 (Red Hat specific)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/12/04/2" + }, + { + "name": "33013", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33013" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4573.json b/2008/4xxx/CVE-2008-4573.json index b298841a5f5..5a73bb6e2f5 100644 --- a/2008/4xxx/CVE-2008-4573.json +++ b/2008/4xxx/CVE-2008-4573.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in kategori.asp in MunzurSoft Wep Portal W3 allows remote attackers to execute arbitrary SQL commands via the kat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6725", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6725" - }, - { - "name" : "31713", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31713" - }, - { - "name" : "32238", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32238" - }, - { - "name" : "4420", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4420" - }, - { - "name" : "wepportalw3-kategori-sql-injection(45817)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45817" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in kategori.asp in MunzurSoft Wep Portal W3 allows remote attackers to execute arbitrary SQL commands via the kat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32238", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32238" + }, + { + "name": "6725", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6725" + }, + { + "name": "31713", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31713" + }, + { + "name": "wepportalw3-kategori-sql-injection(45817)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45817" + }, + { + "name": "4420", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4420" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4638.json b/2008/4xxx/CVE-2008-4638.json index 5344d18b01a..96c75ae8ac1 100644 --- a/2008/4xxx/CVE-2008-4638.json +++ b/2008/4xxx/CVE-2008-4638.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "qioadmin in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081022 SECOBJADV-2008-05: Symantec Veritas Storage Foundation Arbitrary File Read Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497675/100/0/threaded" - }, - { - "name" : "http://www.security-objectives.com/advisories/SECOBJSADV-2008-05.txt", - "refsource" : "MISC", - "url" : "http://www.security-objectives.com/advisories/SECOBJSADV-2008-05.txt" - }, - { - "name" : "http://seer.entsupport.symantec.com/docs/310872.htm", - "refsource" : "CONFIRM", - "url" : "http://seer.entsupport.symantec.com/docs/310872.htm" - }, - { - "name" : "http://www.symantec.com/avcenter/security/Content/2008.10.20.html", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/avcenter/security/Content/2008.10.20.html" - }, - { - "name" : "31679", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31679" - }, - { - "name" : "ADV-2008-2875", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2875" - }, - { - "name" : "symantec-vxfs-qioadmin-info-disclosure(46009)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46009" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "qioadmin in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seer.entsupport.symantec.com/docs/310872.htm", + "refsource": "CONFIRM", + "url": "http://seer.entsupport.symantec.com/docs/310872.htm" + }, + { + "name": "20081022 SECOBJADV-2008-05: Symantec Veritas Storage Foundation Arbitrary File Read Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497675/100/0/threaded" + }, + { + "name": "symantec-vxfs-qioadmin-info-disclosure(46009)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46009" + }, + { + "name": "http://www.symantec.com/avcenter/security/Content/2008.10.20.html", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/avcenter/security/Content/2008.10.20.html" + }, + { + "name": "ADV-2008-2875", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2875" + }, + { + "name": "31679", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31679" + }, + { + "name": "http://www.security-objectives.com/advisories/SECOBJSADV-2008-05.txt", + "refsource": "MISC", + "url": "http://www.security-objectives.com/advisories/SECOBJSADV-2008-05.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6059.json b/2008/6xxx/CVE-2008-6059.json index b957e46d63f..e2ba9537df3 100644 --- a/2008/6xxx/CVE-2008-6059.json +++ b/2008/6xxx/CVE-2008-6059.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://trac.webkit.org/changeset/38566/trunk/WebCore/xml/XMLHttpRequest.cpp", - "refsource" : "CONFIRM", - "url" : "http://trac.webkit.org/changeset/38566/trunk/WebCore/xml/XMLHttpRequest.cpp" - }, - { - "name" : "https://bugs.webkit.org/show_bug.cgi?id=10957", - "refsource" : "CONFIRM", - "url" : "https://bugs.webkit.org/show_bug.cgi?id=10957" - }, - { - "name" : "33804", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33804" - }, - { - "name" : "webkit-xmlhttprequest-info-disclosure(48575)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.webkit.org/show_bug.cgi?id=10957", + "refsource": "CONFIRM", + "url": "https://bugs.webkit.org/show_bug.cgi?id=10957" + }, + { + "name": "http://trac.webkit.org/changeset/38566/trunk/WebCore/xml/XMLHttpRequest.cpp", + "refsource": "CONFIRM", + "url": "http://trac.webkit.org/changeset/38566/trunk/WebCore/xml/XMLHttpRequest.cpp" + }, + { + "name": "33804", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33804" + }, + { + "name": "webkit-xmlhttprequest-info-disclosure(48575)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48575" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6098.json b/2008/6xxx/CVE-2008-6098.json index b54abc14087..274d3a739b3 100644 --- a/2008/6xxx/CVE-2008-6098.json +++ b/2008/6xxx/CVE-2008-6098.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to \"approve.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-6098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugzilla.org/security/2.20.6/", - "refsource" : "CONFIRM", - "url" : "http://www.bugzilla.org/security/2.20.6/" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=449931", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=449931" - }, - { - "name" : "FEDORA-2009-2417", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html" - }, - { - "name" : "FEDORA-2009-2418", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html" - }, - { - "name" : "32178", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32178" - }, - { - "name" : "32501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32501" - }, - { - "name" : "34361", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34361" - }, - { - "name" : "bugzilla-quips-security-bypass(46424)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the action parameter set to \"approve.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=449931", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=449931" + }, + { + "name": "FEDORA-2009-2418", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html" + }, + { + "name": "FEDORA-2009-2417", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html" + }, + { + "name": "bugzilla-quips-security-bypass(46424)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46424" + }, + { + "name": "32178", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32178" + }, + { + "name": "32501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32501" + }, + { + "name": "http://www.bugzilla.org/security/2.20.6/", + "refsource": "CONFIRM", + "url": "http://www.bugzilla.org/security/2.20.6/" + }, + { + "name": "34361", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34361" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6402.json b/2008/6xxx/CVE-2008-6402.json index ca77fe18c5b..d4dd2a4e050 100644 --- a/2008/6xxx/CVE-2008-6402.json +++ b/2008/6xxx/CVE-2008-6402.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mod_dir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6539", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6539" - }, - { - "name" : "31341", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31341" - }, - { - "name" : "sofiwebgui-modstart-file-include(45380)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mod_dir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6539", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6539" + }, + { + "name": "31341", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31341" + }, + { + "name": "sofiwebgui-modstart-file-include(45380)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45380" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6764.json b/2008/6xxx/CVE-2008-6764.json index c6adada2423..05ab1aa839b 100644 --- a/2008/6xxx/CVE-2008-6764.json +++ b/2008/6xxx/CVE-2008-6764.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in login.php in Silentum LoginSys 1.0.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://maximilianosoler.com.ar/vulns/XSS-Silentum_LoginSys.txt", - "refsource" : "MISC", - "url" : "http://maximilianosoler.com.ar/vulns/XSS-Silentum_LoginSys.txt" - }, - { - "name" : "31055", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31055" - }, - { - "name" : "47940", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/47940" - }, - { - "name" : "31801", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31801" - }, - { - "name" : "silentumloginsys-login-xss(44925)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44925" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in login.php in Silentum LoginSys 1.0.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31801", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31801" + }, + { + "name": "31055", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31055" + }, + { + "name": "http://maximilianosoler.com.ar/vulns/XSS-Silentum_LoginSys.txt", + "refsource": "MISC", + "url": "http://maximilianosoler.com.ar/vulns/XSS-Silentum_LoginSys.txt" + }, + { + "name": "silentumloginsys-login-xss(44925)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44925" + }, + { + "name": "47940", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/47940" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7007.json b/2008/7xxx/CVE-2008-7007.json index e683d8eb175..e13273c0ec9 100644 --- a/2008/7xxx/CVE-2008-7007.json +++ b/2008/7xxx/CVE-2008-7007.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and gain administrative access by setting the (1) admin_name and (2) admin_pass cookie values to 1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6457", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6457" - }, - { - "name" : "31174", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31174" - }, - { - "name" : "48155", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/48155" - }, - { - "name" : "31850", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31850" - }, - { - "name" : "freephpvx-adminname-security-bypass(45152)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and gain administrative access by setting the (1) admin_name and (2) admin_pass cookie values to 1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31174", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31174" + }, + { + "name": "6457", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6457" + }, + { + "name": "48155", + "refsource": "OSVDB", + "url": "http://osvdb.org/48155" + }, + { + "name": "31850", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31850" + }, + { + "name": "freephpvx-adminname-security-bypass(45152)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45152" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7116.json b/2008/7xxx/CVE-2008-7116.json index d3e8f792ee3..0fc8aa706e8 100644 --- a/2008/7xxx/CVE-2008-7116.json +++ b/2008/7xxx/CVE-2008-7116.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6339", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6339" - }, - { - "name" : "30945", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30945" - }, - { - "name" : "webid-item-admin-sql-injection(44817)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44817" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webid-item-admin-sql-injection(44817)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44817" + }, + { + "name": "6339", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6339" + }, + { + "name": "30945", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30945" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7279.json b/2008/7xxx/CVE-2008-7279.json index 6c03cf1f382..5840a154c9d 100644 --- a/2008/7xxx/CVE-2008-7279.json +++ b/2008/7xxx/CVE-2008-7279.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.otrs.org/show_bug.cgi?id=3103", - "refsource" : "CONFIRM", - "url" : "http://bugs.otrs.org/show_bug.cgi?id=3103" - }, - { - "name" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807", - "refsource" : "CONFIRM", - "url" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.otrs.org/show_bug.cgi?id=3103", + "refsource": "CONFIRM", + "url": "http://bugs.otrs.org/show_bug.cgi?id=3103" + }, + { + "name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807", + "refsource": "CONFIRM", + "url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2453.json b/2013/2xxx/CVE-2013-2453.json index 4a60d236725..eb6cb4ed6f3 100644 --- a/2013/2xxx/CVE-2013-2453.json +++ b/2013/2xxx/CVE-2013-2453.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2453", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to a missing check for \"package access\" by the MBeanServer Introspector." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2453", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c14aa930b032", - "refsource" : "MISC", - "url" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c14aa930b032" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=975134", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=975134" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2013-0185.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2013-0185.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02907", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137545505800971&w=2" - }, - { - "name" : "HPSBUX02908", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137545592101387&w=2" - }, - { - "name" : "MDVSA-2013:183", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183" - }, - { - "name" : "RHSA-2013:0963", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0963.html" - }, - { - "name" : "RHSA-2013:1060", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1060.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "RHSA-2013:1059", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1059.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "SUSE-SU-2013:1305", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" - }, - { - "name" : "SUSE-SU-2013:1255", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" - }, - { - "name" : "SUSE-SU-2013:1256", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" - }, - { - "name" : "SUSE-SU-2013:1257", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" - }, - { - "name" : "TA13-169A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-169A" - }, - { - "name" : "60644", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60644" - }, - { - "name" : "oval:org.mitre.oval:def:16545", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16545" - }, - { - "name" : "oval:org.mitre.oval:def:19588", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19588" - }, - { - "name" : "oval:org.mitre.oval:def:19611", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19611" - }, - { - "name" : "54154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect integrity via vectors related to JMX. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to a missing check for \"package access\" by the MBeanServer Introspector." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1060", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html" + }, + { + "name": "HPSBUX02908", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137545592101387&w=2" + }, + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" + }, + { + "name": "SUSE-SU-2013:1257", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" + }, + { + "name": "HPSBUX02907", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137545505800971&w=2" + }, + { + "name": "SUSE-SU-2013:1256", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" + }, + { + "name": "54154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54154" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=975134", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975134" + }, + { + "name": "RHSA-2013:1059", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html" + }, + { + "name": "60644", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60644" + }, + { + "name": "oval:org.mitre.oval:def:19588", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19588" + }, + { + "name": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c14aa930b032", + "refsource": "MISC", + "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c14aa930b032" + }, + { + "name": "TA13-169A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-169A" + }, + { + "name": "http://advisories.mageia.org/MGASA-2013-0185.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2013-0185.html" + }, + { + "name": "oval:org.mitre.oval:def:16545", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16545" + }, + { + "name": "RHSA-2013:0963", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0963.html" + }, + { + "name": "SUSE-SU-2013:1255", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "oval:org.mitre.oval:def:19611", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19611" + }, + { + "name": "MDVSA-2013:183", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" + }, + { + "name": "SUSE-SU-2013:1305", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2661.json b/2013/2xxx/CVE-2013-2661.json index 1d58d65984b..d61b4e1ebce 100644 --- a/2013/2xxx/CVE-2013-2661.json +++ b/2013/2xxx/CVE-2013-2661.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2661", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2661", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2943.json b/2013/2xxx/CVE-2013-2943.json index dba3278b847..67fad7bdf71 100644 --- a/2013/2xxx/CVE-2013-2943.json +++ b/2013/2xxx/CVE-2013-2943.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2943", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2943", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2953.json b/2013/2xxx/CVE-2013-2953.json index 5f1a6f8e9a0..28538d41dff 100644 --- a/2013/2xxx/CVE-2013-2953.json +++ b/2013/2xxx/CVE-2013-2953.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2953", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 relies on the MD5 algorithm for signatures in X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof SSL servers via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2013-2953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21637444", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21637444" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 relies on the MD5 algorithm for signatures in X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof SSL servers via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21637444", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21637444" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11113.json b/2017/11xxx/CVE-2017-11113.json index c831894950b..393bd8fefa5 100644 --- a/2017/11xxx/CVE-2017-11113.json +++ b/2017/11xxx/CVE-2017-11113.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1464691" - }, - { - "name" : "GLSA-201804-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201804-13" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201804-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201804-13" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1464691", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1464691" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11348.json b/2017/11xxx/CVE-2017-11348.json index ae078e37f56..1fffee7c561 100644 --- a/2017/11xxx/CVE-2017-11348.json +++ b/2017/11xxx/CVE-2017-11348.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/OctopusDeploy/Issues/issues/3654", - "refsource" : "CONFIRM", - "url" : "https://github.com/OctopusDeploy/Issues/issues/3654" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/OctopusDeploy/Issues/issues/3654", + "refsource": "CONFIRM", + "url": "https://github.com/OctopusDeploy/Issues/issues/3654" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11376.json b/2017/11xxx/CVE-2017-11376.json index a051c489fa4..8f9e6565521 100644 --- a/2017/11xxx/CVE-2017-11376.json +++ b/2017/11xxx/CVE-2017-11376.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11376", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11376", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11498.json b/2017/11xxx/CVE-2017-11498.json index 41d723ca014..12473c46856 100644 --- a/2017/11xxx/CVE-2017-11498.json +++ b/2017/11xxx/CVE-2017-11498.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-001-sentinel-ldk-rte-language-pack-with-invalid-html-files-leads-to-denial-of-service/", - "refsource" : "MISC", - "url" : "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-001-sentinel-ldk-rte-language-pack-with-invalid-html-files-leads-to-denial-of-service/" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01" - }, - { - "name" : "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx", - "refsource" : "MISC", - "url" : "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01" - }, - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf" - }, - { - "name" : "102739", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102739" - }, - { - "name" : "102906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102906" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-093-01" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf" + }, + { + "name": "102906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102906" + }, + { + "name": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx", + "refsource": "MISC", + "url": "https://www.iotvillage.org/slides_dc25/Sergey_Vlad_DEFCON_IOT_Village_Public2017.pptx" + }, + { + "name": "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-001-sentinel-ldk-rte-language-pack-with-invalid-html-files-leads-to-denial-of-service/", + "refsource": "MISC", + "url": "https://ics-cert.kaspersky.com/advisories/2017/07/28/klcert-17-001-sentinel-ldk-rte-language-pack-with-invalid-html-files-leads-to-denial-of-service/" + }, + { + "name": "102739", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102739" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-018-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11598.json b/2017/11xxx/CVE-2017-11598.json index 09f6340fd84..0f767328848 100644 --- a/2017/11xxx/CVE-2017-11598.json +++ b/2017/11xxx/CVE-2017-11598.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11598", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11598", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14228.json b/2017/14xxx/CVE-2017-14228.json index 137d813eda7..9332370ab70 100644 --- a/2017/14xxx/CVE-2017-14228.json +++ b/2017/14xxx/CVE-2017-14228.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14228", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392423", - "refsource" : "MISC", - "url" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392423" - }, - { - "name" : "USN-3694-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3694-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.nasm.us/show_bug.cgi?id=3392423", + "refsource": "MISC", + "url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392423" + }, + { + "name": "USN-3694-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3694-1/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14396.json b/2017/14xxx/CVE-2017-14396.json index ea59f998323..a7e27ea72ca 100644 --- a/2017/14xxx/CVE-2017-14396.json +++ b/2017/14xxx/CVE-2017-14396.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.osticket.com/blog/125", - "refsource" : "CONFIRM", - "url" : "http://www.osticket.com/blog/125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.osticket.com/blog/125", + "refsource": "CONFIRM", + "url": "http://www.osticket.com/blog/125" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14546.json b/2017/14xxx/CVE-2017-14546.json index 2ee40b6bc2a..6955d9c2bed 100644 --- a/2017/14xxx/CVE-2017-14546.json +++ b/2017/14xxx/CVE-2017-14546.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to an \"Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14546", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14546" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to an \"Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14546", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14546" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14900.json b/2017/14xxx/CVE-2017-14900.json index 26d69a57dcf..d5ec9947212 100644 --- a/2017/14xxx/CVE-2017-14900.json +++ b/2017/14xxx/CVE-2017-14900.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-12-04T00:00:00", - "ID" : "CVE-2017-14900", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_GET_CHAIN_RSSI vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_MAC_ADDR contains fewer than 6 bytes, a buffer overrun occurs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer overrun vulnerability in get chain RSSI vendor command" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-12-04T00:00:00", + "ID": "CVE-2017-14900", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2017-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2017-12-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_GET_CHAIN_RSSI vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_MAC_ADDR contains fewer than 6 bytes, a buffer overrun occurs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer overrun vulnerability in get chain RSSI vendor command" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2017-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2017-12-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15329.json b/2017/15xxx/CVE-2017-15329.json index 61719ba9867..d3cc5455300 100644 --- a/2017/15xxx/CVE-2017-15329.json +++ b/2017/15xxx/CVE-2017-15329.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "ID" : "CVE-2017-15329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "UMA", - "version" : { - "version_data" : [ - { - "version_value" : "V200R001C00" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei UMA V200R001C00 has a SQL injection vulnerability in the operation and maintenance module. An attacker logs in to the system as a common user and sends crafted HTTP requests that contain malicious SQL statements to the affected system. Due to a lack of input validation on HTTP requests that contain user-supplied input, successful exploitation may allow the attacker to execute arbitrary SQL queries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "ID": "CVE-2017-15329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "UMA", + "version": { + "version_data": [ + { + "version_value": "V200R001C00" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-01-uma-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-01-uma-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei UMA V200R001C00 has a SQL injection vulnerability in the operation and maintenance module. An attacker logs in to the system as a common user and sends crafted HTTP requests that contain malicious SQL statements to the affected system. Due to a lack of input validation on HTTP requests that contain user-supplied input, successful exploitation may allow the attacker to execute arbitrary SQL queries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-01-uma-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-01-uma-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15529.json b/2017/15xxx/CVE-2017-15529.json index 68e7fade47d..925b78c1cfc 100644 --- a/2017/15xxx/CVE-2017-15529.json +++ b/2017/15xxx/CVE-2017-15529.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@symantec.com", - "DATE_PUBLIC" : "2017-12-13T00:00:00", - "ID" : "CVE-2017-15529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Norton Family Android App", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to 4.4.1.10" - } - ] - } - } - ] - }, - "vendor_name" : "Symantec Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "DATE_PUBLIC": "2017-12-13T00:00:00", + "ID": "CVE-2017-15529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Norton Family Android App", + "version": { + "version_data": [ + { + "version_value": "Prior to 4.4.1.10" + } + ] + } + } + ] + }, + "vendor_name": "Symantec Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00", - "refsource" : "CONFIRM", - "url" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00" - }, - { - "name" : "102119", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Prior to 4.4.1.10, the Norton Family Android App can be susceptible to a Denial of Service (DoS) exploit. A DoS attack is a type of attack whereby the perpetrator attempts to make a particular device unavailable to its intended user by temporarily or indefinitely disrupting services of a specific host within a network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102119", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102119" + }, + { + "name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00", + "refsource": "CONFIRM", + "url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171213_00" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15940.json b/2017/15xxx/CVE-2017-15940.json index b2fb1bfc9e6..e2d8916a2c6 100644 --- a/2017/15xxx/CVE-2017-15940.json +++ b/2017/15xxx/CVE-2017-15940.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/105", - "refsource" : "CONFIRM", - "url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/105" - }, - { - "name" : "102076", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102076" - }, - { - "name" : "1040006", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface packet capture management component in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote authenticated users to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040006", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040006" + }, + { + "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/105", + "refsource": "CONFIRM", + "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/105" + }, + { + "name": "102076", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102076" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15961.json b/2017/15xxx/CVE-2017-15961.json index 32dfb47a32f..9ea7a2cd5dc 100644 --- a/2017/15xxx/CVE-2017-15961.json +++ b/2017/15xxx/CVE-2017-15961.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43098", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43098/" - }, - { - "name" : "https://packetstormsecurity.com/files/144432/iProject-Management-System-1.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/144432/iProject-Management-System-1.0-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43098", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43098/" + }, + { + "name": "https://packetstormsecurity.com/files/144432/iProject-Management-System-1.0-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/144432/iProject-Management-System-1.0-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9313.json b/2017/9xxx/CVE-2017-9313.json index 286d0a7a789..a8516c653a8 100644 --- a/2017/9xxx/CVE-2017-9313.json +++ b/2017/9xxx/CVE-2017-9313.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/bugtraq/2017/Jul/3", - "refsource" : "MISC", - "url" : "http://seclists.org/bugtraq/2017/Jul/3" - }, - { - "name" : "http://www.webmin.com/changes.html", - "refsource" : "MISC", - "url" : "http://www.webmin.com/changes.html" - }, - { - "name" : "https://github.com/webmin/webmin/commit/a330e913ee099cb9c586ce1b9267647fc566c1ab", - "refsource" : "MISC", - "url" : "https://github.com/webmin/webmin/commit/a330e913ee099cb9c586ce1b9267647fc566c1ab" - }, - { - "name" : "https://github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1b", - "refsource" : "MISC", - "url" : "https://github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1b" - }, - { - "name" : "99373", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99373" - }, - { - "name" : "1038814", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/webmin/webmin/commit/a330e913ee099cb9c586ce1b9267647fc566c1ab", + "refsource": "MISC", + "url": "https://github.com/webmin/webmin/commit/a330e913ee099cb9c586ce1b9267647fc566c1ab" + }, + { + "name": "http://seclists.org/bugtraq/2017/Jul/3", + "refsource": "MISC", + "url": "http://seclists.org/bugtraq/2017/Jul/3" + }, + { + "name": "1038814", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038814" + }, + { + "name": "https://github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1b", + "refsource": "MISC", + "url": "https://github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1b" + }, + { + "name": "99373", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99373" + }, + { + "name": "http://www.webmin.com/changes.html", + "refsource": "MISC", + "url": "http://www.webmin.com/changes.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9435.json b/2017/9xxx/CVE-2017-9435.json index 67e6a1c14d4..d5b6137d6c4 100644 --- a/2017/9xxx/CVE-2017-9435.json +++ b/2017/9xxx/CVE-2017-9435.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog" - }, - { - "name" : "https://github.com/Dolibarr/dolibarr/commit/70636cc59ffa1ffbc0ce3dba315d7d9b837aad04", - "refsource" : "CONFIRM", - "url" : "https://github.com/Dolibarr/dolibarr/commit/70636cc59ffa1ffbc0ce3dba315d7d9b837aad04" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Dolibarr/dolibarr/commit/70636cc59ffa1ffbc0ce3dba315d7d9b837aad04", + "refsource": "CONFIRM", + "url": "https://github.com/Dolibarr/dolibarr/commit/70636cc59ffa1ffbc0ce3dba315d7d9b837aad04" + }, + { + "name": "https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog", + "refsource": "CONFIRM", + "url": "https://github.com/Dolibarr/dolibarr/blob/develop/ChangeLog" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9564.json b/2017/9xxx/CVE-2017-9564.json index 3a26447edad..0585df5563f 100644 --- a/2017/9xxx/CVE-2017-9564.json +++ b/2017/9xxx/CVE-2017-9564.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The community-banks-cb2go/id445828071 app 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The community-banks-cb2go/id445828071 app 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9809.json b/2017/9xxx/CVE-2017-9809.json index b7ea0f8332e..2c58631f511 100644 --- a/2017/9xxx/CVE-2017-9809.json +++ b/2017/9xxx/CVE-2017-9809.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9809", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9809", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0242.json b/2018/0xxx/CVE-2018-0242.json index db99e3e3227..a9d4318b262 100644 --- a/2018/0xxx/CVE-2018-0242.json +++ b/2018/0xxx/CVE-2018-0242.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0242", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Adaptive Security Appliance", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Adaptive Security Appliance" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the WebVPN web-based management interface of Cisco Adaptive Security Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg33985." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Adaptive Security Appliance", + "version": { + "version_data": [ + { + "version_value": "Cisco Adaptive Security Appliance" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn" - }, - { - "name" : "103932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103932" - }, - { - "name" : "1040713", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040713" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the WebVPN web-based management interface of Cisco Adaptive Security Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg33985." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103932" + }, + { + "name": "1040713", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040713" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0679.json b/2018/0xxx/CVE-2018-0679.json index bef7f2f7fc8..cabdb55cae7 100755 --- a/2018/0xxx/CVE-2018-0679.json +++ b/2018/0xxx/CVE-2018-0679.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-0679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions)", - "version" : { - "version_data" : [ - { - "version_value" : "Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions" - } - ] - } - } - ] - }, - "vendor_name" : "FXC Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-0679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions)", + "version": { + "version_data": [ + { + "version_value": "Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions" + } + ] + } + } + ] + }, + "vendor_name": "FXC Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.fxc.jp/news/20171228.html", - "refsource" : "MISC", - "url" : "https://www.fxc.jp/news/20171228.html" - }, - { - "name" : "JVN#68528150", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN68528150/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.fxc.jp/news/20171228.html", + "refsource": "MISC", + "url": "https://www.fxc.jp/news/20171228.html" + }, + { + "name": "JVN#68528150", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN68528150/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0982.json b/2018/0xxx/CVE-2018-0982.json index 3d7cf803286..d3a1c176024 100644 --- a/2018/0xxx/CVE-2018-0982.json +++ b/2018/0xxx/CVE-2018-0982.json @@ -1,121 +1,121 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-0982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "(Server Core installation)" - } - ] - } - }, - { - "product_name" : "Windows 10", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Version 1607 for x64-based Systems" - }, - { - "version_value" : "Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Version 1703 for x64-based Systems" - }, - { - "version_value" : "Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Version 1709 for x64-based Systems" - }, - { - "version_value" : "Version 1803 for 32-bit Systems" - }, - { - "version_value" : "Version 1803 for x64-based Systems" - } - ] - } - }, - { - "product_name" : "Windows 10 Servers", - "version" : { - "version_data" : [ - { - "version_value" : "version 1709 (Server Core Installation)" - }, - { - "version_value" : "version 1803 (Server Core Installation)" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka \"Windows Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-0982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "(Server Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10", + "version": { + "version_data": [ + { + "version_value": "Version 1607 for 32-bit Systems" + }, + { + "version_value": "Version 1607 for x64-based Systems" + }, + { + "version_value": "Version 1703 for 32-bit Systems" + }, + { + "version_value": "Version 1703 for x64-based Systems" + }, + { + "version_value": "Version 1709 for 32-bit Systems" + }, + { + "version_value": "Version 1709 for x64-based Systems" + }, + { + "version_value": "Version 1803 for 32-bit Systems" + }, + { + "version_value": "Version 1803 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Servers", + "version": { + "version_data": [ + { + "version_value": "version 1709 (Server Core Installation)" + }, + { + "version_value": "version 1803 (Server Core Installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44888", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44888/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0982", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0982" - }, - { - "name" : "104382", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104382" - }, - { - "name" : "1041093", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041093" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka \"Windows Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104382", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104382" + }, + { + "name": "44888", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44888/" + }, + { + "name": "1041093", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041093" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0982", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0982" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12454.json b/2018/12xxx/CVE-2018-12454.json index d259b0a48e8..5ea30c31da3 100644 --- a/2018/12xxx/CVE-2018-12454.json +++ b/2018/12xxx/CVE-2018-12454.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be read with a getStorageAt call). Therefore, it allows attackers to always win and get rewards." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@jonghyk.song/attack-on-pseudo-random-number-generator-prng-used-in-1000-guess-an-ethereum-lottery-game-7b76655f953d", - "refsource" : "MISC", - "url" : "https://medium.com/@jonghyk.song/attack-on-pseudo-random-number-generator-prng-used-in-1000-guess-an-ethereum-lottery-game-7b76655f953d" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be read with a getStorageAt call). Therefore, it allows attackers to always win and get rewards." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@jonghyk.song/attack-on-pseudo-random-number-generator-prng-used-in-1000-guess-an-ethereum-lottery-game-7b76655f953d", + "refsource": "MISC", + "url": "https://medium.com/@jonghyk.song/attack-on-pseudo-random-number-generator-prng-used-in-1000-guess-an-ethereum-lottery-game-7b76655f953d" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12539.json b/2018/12xxx/CVE-2018-12539.json index 74c80c471ff..1105a2ab780 100644 --- a/2018/12xxx/CVE-2018-12539.json +++ b/2018/12xxx/CVE-2018-12539.json @@ -1,103 +1,103 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "emo@eclipse.org", - "ID" : "CVE-2018-12539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Eclipse OpenJ9", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "0.8" - } - ] - } - } - ] - }, - "vendor_name" : "The Eclipse Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-419: Unprotected Primary Channel" - } + "CVE_data_meta": { + "ASSIGNER": "security@eclipse.org", + "ID": "CVE-2018-12539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Eclipse OpenJ9", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "0.8" + } + ] + } + } + ] + }, + "vendor_name": "The Eclipse Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=534589", - "refsource" : "CONFIRM", - "url" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=534589" - }, - { - "name" : "RHSA-2018:2568", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2568" - }, - { - "name" : "RHSA-2018:2569", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2569" - }, - { - "name" : "RHSA-2018:2575", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2575" - }, - { - "name" : "RHSA-2018:2576", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2576" - }, - { - "name" : "RHSA-2018:2712", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2712" - }, - { - "name" : "RHSA-2018:2713", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2713" - }, - { - "name" : "105126", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105126" - }, - { - "name" : "1041765", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041765" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-419: Unprotected Primary Channel" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:2713", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2713" + }, + { + "name": "RHSA-2018:2575", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2575" + }, + { + "name": "RHSA-2018:2576", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2576" + }, + { + "name": "RHSA-2018:2568", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2568" + }, + { + "name": "RHSA-2018:2569", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2569" + }, + { + "name": "RHSA-2018:2712", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2712" + }, + { + "name": "1041765", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041765" + }, + { + "name": "105126", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105126" + }, + { + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=534589", + "refsource": "CONFIRM", + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=534589" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12572.json b/2018/12xxx/CVE-2018-12572.json index 50b77572835..20270c657dd 100644 --- a/2018/12xxx/CVE-2018-12572.json +++ b/2018/12xxx/CVE-2018-12572.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-12572", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing the data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151590/Avast-Anti-Virus-Local-Credential-Disclosure.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151590/Avast-Anti-Virus-Local-Credential-Disclosure.html" } ] } diff --git a/2018/12xxx/CVE-2018-12745.json b/2018/12xxx/CVE-2018-12745.json index 3952d5bef6b..38481d9f275 100644 --- a/2018/12xxx/CVE-2018-12745.json +++ b/2018/12xxx/CVE-2018-12745.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12745", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12745", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12877.json b/2018/12xxx/CVE-2018-12877.json index bdf9578ba31..36084100352 100644 --- a/2018/12xxx/CVE-2018-12877.json +++ b/2018/12xxx/CVE-2018-12877.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12877", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105441" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + }, + { + "name": "105441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105441" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12982.json b/2018/12xxx/CVE-2018-12982.json index ba0c75d81f0..576ae847587 100644 --- a/2018/12xxx/CVE-2018-12982.json +++ b/2018/12xxx/CVE-2018-12982.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1595689", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1595689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1595689", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595689" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16066.json b/2018/16xxx/CVE-2018-16066.json index 116d8ad93a5..032f1b9e1ca 100644 --- a/2018/16xxx/CVE-2018-16066.json +++ b/2018/16xxx/CVE-2018-16066.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-16066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "69.0.3497.81" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use after free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-16066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "69.0.3497.81" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/847570", - "refsource" : "MISC", - "url" : "https://crbug.com/847570" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4289", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4289" - }, - { - "name" : "GLSA-201811-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-10" - }, - { - "name" : "RHSA-2018:2666", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2666" - }, - { - "name" : "105215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use after free in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105215" + }, + { + "name": "DSA-4289", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4289" + }, + { + "name": "RHSA-2018:2666", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2666" + }, + { + "name": "https://crbug.com/847570", + "refsource": "MISC", + "url": "https://crbug.com/847570" + }, + { + "name": "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201811-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-10" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16846.json b/2018/16xxx/CVE-2018-16846.json index 1f640dd70ea..898c954c61c 100644 --- a/2018/16xxx/CVE-2018-16846.json +++ b/2018/16xxx/CVE-2018-16846.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sfowler@redhat.com", - "ID" : "CVE-2018-16846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ceph", - "version" : { - "version_data" : [ - { - "version_value" : "13.2.4" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-16846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ceph", + "version": { + "version_data": [ + { + "version_value": "13.2.4" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190301 [SECURITY] [DLA 1696-1] ceph security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00002.html" - }, - { - "name" : "https://ceph.com/releases/13-2-4-mimic-released/", - "refsource" : "MISC", - "url" : "https://ceph.com/releases/13-2-4-mimic-released/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16846", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16846" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was found in Ceph versions before 13.2.4 that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16846", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16846" + }, + { + "name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1696-1] ceph security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00002.html" + }, + { + "name": "https://ceph.com/releases/13-2-4-mimic-released/", + "refsource": "MISC", + "url": "https://ceph.com/releases/13-2-4-mimic-released/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16931.json b/2018/16xxx/CVE-2018-16931.json index 82b78ba8031..73dc131c532 100644 --- a/2018/16xxx/CVE-2018-16931.json +++ b/2018/16xxx/CVE-2018-16931.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16931", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16931", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16976.json b/2018/16xxx/CVE-2018-16976.json index 1160ffb80f6..c6b7eaa6a36 100644 --- a/2018/16xxx/CVE-2018-16976.json +++ b/2018/16xxx/CVE-2018-16976.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/908699", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/908699" - }, - { - "name" : "https://github.com/sitaramc/gitolite/commit/dc13dfca8fdae5634bb0865f7e9822d2a268ed59", - "refsource" : "MISC", - "url" : "https://github.com/sitaramc/gitolite/commit/dc13dfca8fdae5634bb0865f7e9822d2a268ed59" - }, - { - "name" : "https://groups.google.com/forum/#!topic/gitolite-announce/WrwDTYdbfRg", - "refsource" : "MISC", - "url" : "https://groups.google.com/forum/#!topic/gitolite-announce/WrwDTYdbfRg" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/sitaramc/gitolite/commit/dc13dfca8fdae5634bb0865f7e9822d2a268ed59", + "refsource": "MISC", + "url": "https://github.com/sitaramc/gitolite/commit/dc13dfca8fdae5634bb0865f7e9822d2a268ed59" + }, + { + "name": "https://bugs.debian.org/908699", + "refsource": "MISC", + "url": "https://bugs.debian.org/908699" + }, + { + "name": "https://groups.google.com/forum/#!topic/gitolite-announce/WrwDTYdbfRg", + "refsource": "MISC", + "url": "https://groups.google.com/forum/#!topic/gitolite-announce/WrwDTYdbfRg" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4094.json b/2018/4xxx/CVE-2018-4094.json index 6796aaaee00..286a4dbfadf 100644 --- a/2018/4xxx/CVE-2018-4094.json +++ b/2018/4xxx/CVE-2018-4094.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the \"Audio\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208462", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208462" - }, - { - "name" : "https://support.apple.com/HT208463", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208463" - }, - { - "name" : "https://support.apple.com/HT208464", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208464" - }, - { - "name" : "https://support.apple.com/HT208465", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208465" - }, - { - "name" : "102782", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102782" - }, - { - "name" : "1040265", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040265" - }, - { - "name" : "1040267", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the \"Audio\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208462", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208462" + }, + { + "name": "https://support.apple.com/HT208465", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208465" + }, + { + "name": "1040265", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040265" + }, + { + "name": "102782", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102782" + }, + { + "name": "https://support.apple.com/HT208464", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208464" + }, + { + "name": "1040267", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040267" + }, + { + "name": "https://support.apple.com/HT208463", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208463" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4284.json b/2018/4xxx/CVE-2018-4284.json index a0e54e19bc8..e9a71b0465b 100644 --- a/2018/4xxx/CVE-2018-4284.json +++ b/2018/4xxx/CVE-2018-4284.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4284", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4284", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4370.json b/2018/4xxx/CVE-2018-4370.json index 1cd50da2575..04d38b4fc96 100644 --- a/2018/4xxx/CVE-2018-4370.json +++ b/2018/4xxx/CVE-2018-4370.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4370", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4370", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file