From 99610ab358f6a4e3c7edac9b492479229e3d7a4c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:28:06 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/0xxx/CVE-2004-0158.json | 160 ++++++------- 2004/0xxx/CVE-2004-0179.json | 300 +++++++++++------------ 2004/0xxx/CVE-2004-0254.json | 140 +++++------ 2004/0xxx/CVE-2004-0326.json | 150 ++++++------ 2004/1xxx/CVE-2004-1017.json | 280 +++++++++++----------- 2004/1xxx/CVE-2004-1350.json | 210 ++++++++-------- 2004/1xxx/CVE-2004-1659.json | 150 ++++++------ 2004/2xxx/CVE-2004-2189.json | 130 +++++----- 2004/2xxx/CVE-2004-2589.json | 170 ++++++------- 2008/2xxx/CVE-2008-2020.json | 160 ++++++------- 2008/2xxx/CVE-2008-2448.json | 170 ++++++------- 2008/2xxx/CVE-2008-2701.json | 190 +++++++-------- 2008/2xxx/CVE-2008-2703.json | 180 +++++++------- 2008/2xxx/CVE-2008-2728.json | 34 +-- 2008/3xxx/CVE-2008-3086.json | 34 +-- 2008/3xxx/CVE-2008-3500.json | 160 ++++++------- 2008/3xxx/CVE-2008-3670.json | 170 ++++++------- 2008/6xxx/CVE-2008-6256.json | 150 ++++++------ 2008/6xxx/CVE-2008-6357.json | 140 +++++------ 2008/6xxx/CVE-2008-6444.json | 150 ++++++------ 2008/6xxx/CVE-2008-6726.json | 180 +++++++------- 2013/2xxx/CVE-2013-2648.json | 34 +-- 2013/2xxx/CVE-2013-2887.json | 320 ++++++++++++------------- 2017/11xxx/CVE-2017-11169.json | 120 +++++----- 2017/11xxx/CVE-2017-11504.json | 34 +-- 2017/11xxx/CVE-2017-11546.json | 120 +++++----- 2017/11xxx/CVE-2017-11636.json | 150 ++++++------ 2017/11xxx/CVE-2017-11916.json | 132 +++++----- 2017/14xxx/CVE-2017-14047.json | 34 +-- 2017/14xxx/CVE-2017-14326.json | 130 +++++----- 2017/14xxx/CVE-2017-14466.json | 122 +++++----- 2017/14xxx/CVE-2017-14491.json | 370 ++++++++++++++--------------- 2017/14xxx/CVE-2017-14726.json | 170 ++++++------- 2017/14xxx/CVE-2017-14836.json | 130 +++++----- 2017/14xxx/CVE-2017-14943.json | 120 +++++----- 2017/15xxx/CVE-2017-15564.json | 34 +-- 2017/15xxx/CVE-2017-15726.json | 34 +-- 2017/15xxx/CVE-2017-15763.json | 120 +++++----- 2017/15xxx/CVE-2017-15894.json | 128 +++++----- 2017/8xxx/CVE-2017-8155.json | 122 +++++----- 2017/8xxx/CVE-2017-8212.json | 122 +++++----- 2017/8xxx/CVE-2017-8726.json | 142 +++++------ 2017/9xxx/CVE-2017-9522.json | 120 +++++----- 2018/1000xxx/CVE-2018-1000043.json | 124 +++++----- 2018/1000xxx/CVE-2018-1000049.json | 154 ++++++------ 2018/12xxx/CVE-2018-12151.json | 122 +++++----- 2018/12xxx/CVE-2018-12289.json | 34 +-- 2018/12xxx/CVE-2018-12870.json | 140 +++++------ 2018/13xxx/CVE-2018-13520.json | 130 +++++----- 2018/13xxx/CVE-2018-13540.json | 130 +++++----- 2018/13xxx/CVE-2018-13580.json | 130 +++++----- 2018/13xxx/CVE-2018-13641.json | 130 +++++----- 2018/16xxx/CVE-2018-16710.json | 120 +++++----- 2018/16xxx/CVE-2018-16852.json | 170 ++++++------- 2018/4xxx/CVE-2018-4076.json | 34 +-- 2018/4xxx/CVE-2018-4645.json | 34 +-- 56 files changed, 3834 insertions(+), 3834 deletions(-) diff --git a/2004/0xxx/CVE-2004-0158.json b/2004/0xxx/CVE-2004-0158.json index d898b2bb00e..01c6890291b 100644 --- a/2004/0xxx/CVE-2004-0158.json +++ b/2004/0xxx/CVE-2004-0158.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in lbreakout2 allows local users to gain 'games' group privileges via a large HOME environment variable to (1) editor.c, (2) theme.c, (3) manager.c, (4) config.c, (5) game.c, (6) levels.c, or (7) main.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040222 lbreakout2 < 2.4beta-2 local exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107755821705356&w=2" - }, - { - "name" : "DSA-445", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-445" - }, - { - "name" : "http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1.diff.gz", - "refsource" : "CONFIRM", - "url" : "http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1.diff.gz" - }, - { - "name" : "9712", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9712" - }, - { - "name" : "breakout2-home-bo(15229)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15229" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in lbreakout2 allows local users to gain 'games' group privileges via a large HOME environment variable to (1) editor.c, (2) theme.c, (3) manager.c, (4) config.c, (5) game.c, (6) levels.c, or (7) main.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-445", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-445" + }, + { + "name": "breakout2-home-bo(15229)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15229" + }, + { + "name": "20040222 lbreakout2 < 2.4beta-2 local exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107755821705356&w=2" + }, + { + "name": "http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1.diff.gz", + "refsource": "CONFIRM", + "url": "http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1.diff.gz" + }, + { + "name": "9712", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9712" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0179.json b/2004/0xxx/CVE-2004-0179.json index 17297abf282..1d0e9c21bc1 100644 --- a/2004/0xxx/CVE-2004-0179.json +++ b/2004/0xxx/CVE-2004-0179.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0179", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0179", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040416 void.at - neon format string bugs", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108214147022626&w=2" - }, - { - "name" : "DSA-487", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-487" - }, - { - "name" : "FEDORA-2004-1552", - "refsource" : "FEDORA", - "url" : "https://bugzilla.fedora.us/show_bug.cgi?id=1552" - }, - { - "name" : "RHSA-2004:157", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-157.html" - }, - { - "name" : "RHSA-2004:158", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-158.html" - }, - { - "name" : "RHSA-2004:159", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-159.html" - }, - { - "name" : "RHSA-2004:160", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-160.html" - }, - { - "name" : "20040404-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc" - }, - { - "name" : "SuSE-SA:2004:008", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2004-Apr/0003.html" - }, - { - "name" : "SuSE-SA:2004:009", - "refsource" : "SUSE", - "url" : "http://lists.suse.com/archive/suse-security-announce/2004-Apr/0002.html" - }, - { - "name" : "20040416 [OpenPKG-SA-2004.016] OpenPKG Security Advisory (neon)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108213873203477&w=2" - }, - { - "name" : "GLSA-200405-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200405-01.xml" - }, - { - "name" : "GLSA-200405-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200405-04.xml" - }, - { - "name" : "MDKSA-2004:032", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:032" - }, - { - "name" : "10136", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10136" - }, - { - "name" : "5365", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5365" - }, - { - "name" : "oval:org.mitre.oval:def:1065", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1065" - }, - { - "name" : "oval:org.mitre.oval:def:10913", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10913" - }, - { - "name" : "11363", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10136", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10136" + }, + { + "name": "GLSA-200405-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200405-04.xml" + }, + { + "name": "RHSA-2004:157", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-157.html" + }, + { + "name": "20040416 [OpenPKG-SA-2004.016] OpenPKG Security Advisory (neon)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108213873203477&w=2" + }, + { + "name": "GLSA-200405-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200405-01.xml" + }, + { + "name": "RHSA-2004:160", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-160.html" + }, + { + "name": "MDKSA-2004:032", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:032" + }, + { + "name": "DSA-487", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-487" + }, + { + "name": "oval:org.mitre.oval:def:1065", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1065" + }, + { + "name": "oval:org.mitre.oval:def:10913", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10913" + }, + { + "name": "SuSE-SA:2004:009", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2004-Apr/0002.html" + }, + { + "name": "20040404-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc" + }, + { + "name": "RHSA-2004:158", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-158.html" + }, + { + "name": "RHSA-2004:159", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-159.html" + }, + { + "name": "20040416 void.at - neon format string bugs", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108214147022626&w=2" + }, + { + "name": "11363", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11363" + }, + { + "name": "SuSE-SA:2004:008", + "refsource": "SUSE", + "url": "http://lists.suse.com/archive/suse-security-announce/2004-Apr/0003.html" + }, + { + "name": "FEDORA-2004-1552", + "refsource": "FEDORA", + "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1552" + }, + { + "name": "5365", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5365" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0254.json b/2004/0xxx/CVE-2004-0254.json index 50f3520471d..f1f1fcb516e 100644 --- a/2004/0xxx/CVE-2004-0254.json +++ b/2004/0xxx/CVE-2004-0254.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040205 Possible Cross Site Scripting in Discuz! Board", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107606726417150&w=2" - }, - { - "name" : "9584", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9584" - }, - { - "name" : "discuzboard-image-tag-xss(15066)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9584", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9584" + }, + { + "name": "discuzboard-image-tag-xss(15066)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15066" + }, + { + "name": "20040205 Possible Cross Site Scripting in Discuz! Board", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107606726417150&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0326.json b/2004/0xxx/CVE-2004-0326.json index dd46743500d..9ab615a100f 100644 --- a/2004/0xxx/CVE-2004-0326.json +++ b/2004/0xxx/CVE-2004-0326.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote attackers to execute arbitrary code via a long GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040222 GateKeeper Pro 4.7 buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107755692400728&w=2" - }, - { - "name" : "20040222 GateKeeper Pro 4.7 buffer overflow", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017703.html" - }, - { - "name" : "9716", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9716" - }, - { - "name" : "gatekeeper-long-get-bo(15277)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote attackers to execute arbitrary code via a long GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040222 GateKeeper Pro 4.7 buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107755692400728&w=2" + }, + { + "name": "9716", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9716" + }, + { + "name": "20040222 GateKeeper Pro 4.7 buffer overflow", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017703.html" + }, + { + "name": "gatekeeper-long-get-bo(15277)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15277" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1017.json b/2004/1xxx/CVE-2004-1017.json index 1c84f4b1930..18802bc32df 100644 --- a/2004/1xxx/CVE-2004-1017.json +++ b/2004/1xxx/CVE-2004-1017.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple \"overflows\" in the io_edgeport driver for Linux kernel 2.4.x have unknown impact and unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-1017", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1017" - }, - { - "name" : "DSA-1070", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1070" - }, - { - "name" : "DSA-1067", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1067" - }, - { - "name" : "DSA-1069", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1069" - }, - { - "name" : "DSA-1082", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2006/dsa-1082" - }, - { - "name" : "FLSA:2336", - "refsource" : "FEDORA", - "url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2336" - }, - { - "name" : "RHSA-2004:689", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-689.html" - }, - { - "name" : "RHSA-2005:016", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-016.html" - }, - { - "name" : "RHSA-2005:017", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-017.html" - }, - { - "name" : "12102", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12102" - }, - { - "name" : "oval:org.mitre.oval:def:9786", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9786" - }, - { - "name" : "19374", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19374" - }, - { - "name" : "20162", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20162" - }, - { - "name" : "20163", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20163" - }, - { - "name" : "20202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20202" - }, - { - "name" : "20338", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20338" - }, - { - "name" : "linux-ioedgeport-bo(18433)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple \"overflows\" in the io_edgeport driver for Linux kernel 2.4.x have unknown impact and unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20163", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20163" + }, + { + "name": "DSA-1082", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1082" + }, + { + "name": "12102", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12102" + }, + { + "name": "RHSA-2005:017", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-017.html" + }, + { + "name": "FLSA:2336", + "refsource": "FEDORA", + "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2336" + }, + { + "name": "DSA-1070", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1070" + }, + { + "name": "RHSA-2004:689", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-689.html" + }, + { + "name": "RHSA-2005:016", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-016.html" + }, + { + "name": "20162", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20162" + }, + { + "name": "DSA-1067", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1067" + }, + { + "name": "DSA-1069", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1069" + }, + { + "name": "oval:org.mitre.oval:def:9786", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9786" + }, + { + "name": "DSA-1017", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2006/dsa-1017" + }, + { + "name": "20202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20202" + }, + { + "name": "linux-ioedgeport-bo(18433)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18433" + }, + { + "name": "19374", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19374" + }, + { + "name": "20338", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20338" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1350.json b/2004/1xxx/CVE-2004-1350.json index 2677f41dfa2..28446ec8163 100644 --- a/2004/1xxx/CVE-2004-1350.json +++ b/2004/1xxx/CVE-2004-1350.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Sun Java System Web Proxy Server (formerly Sun ONE Proxy Server) 3.6 through 3.6 SP4 allow remote attackers to execute arbitrary code via unknown vectors, possibly CONNECT requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.pentest.co.uk/documents/ptl-2004-06.html", - "refsource" : "MISC", - "url" : "http://www.pentest.co.uk/documents/ptl-2004-06.html" - }, - { - "name" : "57606", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57606-1&searchclause=security" - }, - { - "name" : "VU#964401", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/964401" - }, - { - "name" : "P-027", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-027.shtml" - }, - { - "name" : "ESB-2004.0691", - "refsource" : "AUSCERT", - "url" : "http://www.auscert.org.au/render.html?it=4516" - }, - { - "name" : "11566", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11566" - }, - { - "name" : "11304", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=11304" - }, - { - "name" : "1012005", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012005" - }, - { - "name" : "13036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13036/" - }, - { - "name" : "sun-web-proxy-bo(17920)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Sun Java System Web Proxy Server (formerly Sun ONE Proxy Server) 3.6 through 3.6 SP4 allow remote attackers to execute arbitrary code via unknown vectors, possibly CONNECT requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11566", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11566" + }, + { + "name": "1012005", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012005" + }, + { + "name": "http://www.pentest.co.uk/documents/ptl-2004-06.html", + "refsource": "MISC", + "url": "http://www.pentest.co.uk/documents/ptl-2004-06.html" + }, + { + "name": "57606", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57606-1&searchclause=security" + }, + { + "name": "VU#964401", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/964401" + }, + { + "name": "P-027", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-027.shtml" + }, + { + "name": "ESB-2004.0691", + "refsource": "AUSCERT", + "url": "http://www.auscert.org.au/render.html?it=4516" + }, + { + "name": "11304", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=11304" + }, + { + "name": "13036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13036/" + }, + { + "name": "sun-web-proxy-bo(17920)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17920" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1659.json b/2004/1xxx/CVE-2004-1659.json index 174009bc620..e086d8abdb8 100644 --- a/2004/1xxx/CVE-2004-1659.json +++ b/2004/1xxx/CVE-2004-1659.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040902 [hackgen-2004-#001] - Non-critacal Cross-Site Scripting bug in CuteNews", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109415338521881&w=2" - }, - { - "name" : "11097", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11097" - }, - { - "name" : "12432", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12432" - }, - { - "name" : "cutenews-mod-xss(17214)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12432", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12432" + }, + { + "name": "11097", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11097" + }, + { + "name": "20040902 [hackgen-2004-#001] - Non-critacal Cross-Site Scripting bug in CuteNews", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109415338521881&w=2" + }, + { + "name": "cutenews-mod-xss(17214)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17214" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2189.json b/2004/2xxx/CVE-2004-2189.json index d37968ae51b..522b1363f48 100644 --- a/2004/2xxx/CVE-2004-2189.json +++ b/2004/2xxx/CVE-2004-2189.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in DMXReady Site Chassis Manager allows remote attackers to execute arbitrary SQL commands via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.maxpatrol.com/mp_advisory.asp", - "refsource" : "MISC", - "url" : "http://www.maxpatrol.com/mp_advisory.asp" - }, - { - "name" : "11434", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11434" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in DMXReady Site Chassis Manager allows remote attackers to execute arbitrary SQL commands via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.maxpatrol.com/mp_advisory.asp", + "refsource": "MISC", + "url": "http://www.maxpatrol.com/mp_advisory.asp" + }, + { + "name": "11434", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11434" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2589.json b/2004/2xxx/CVE-2004-2589.json index ac1dd0419c8..54b95362992 100644 --- a/2004/2xxx/CVE-2004-2589.json +++ b/2004/2xxx/CVE-2004-2589.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2589", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gaim before 0.82 allows remote servers to cause a denial of service (application crash) via a long HTTP Content-Length header, which causes Gaim to abort when attempting to allocate memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2589", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gaim.sourceforge.net/security/?id=6", - "refsource" : "CONFIRM", - "url" : "http://gaim.sourceforge.net/security/?id=6" - }, - { - "name" : "11056", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11056" - }, - { - "name" : "9264", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/9264" - }, - { - "name" : "1011083", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011083" - }, - { - "name" : "12383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12383" - }, - { - "name" : "gaim-content-length-dos(17150)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gaim before 0.82 allows remote servers to cause a denial of service (application crash) via a long HTTP Content-Length header, which causes Gaim to abort when attempting to allocate memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "gaim-content-length-dos(17150)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17150" + }, + { + "name": "9264", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/9264" + }, + { + "name": "1011083", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011083" + }, + { + "name": "http://gaim.sourceforge.net/security/?id=6", + "refsource": "CONFIRM", + "url": "http://gaim.sourceforge.net/security/?id=6" + }, + { + "name": "11056", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11056" + }, + { + "name": "12383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12383" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2020.json b/2008/2xxx/CVE-2008-2020.json index 92e82054497..460e4d94e8d 100644 --- a/2008/2xxx/CVE-2008-2020.json +++ b/2008/2xxx/CVE-2008-2020.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080419 Deciphering the PHP-Nuke Capthca", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491127/100/0/threaded" - }, - { - "name" : "http://www.rooksecurity.com/blog/?p=6", - "refsource" : "MISC", - "url" : "http://www.rooksecurity.com/blog/?p=6" - }, - { - "name" : "28877", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28877" - }, - { - "name" : "3834", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3834" - }, - { - "name" : "captcha-imagestring-codebg-weak-security(42152)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080419 Deciphering the PHP-Nuke Capthca", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491127/100/0/threaded" + }, + { + "name": "3834", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3834" + }, + { + "name": "captcha-imagestring-codebg-weak-security(42152)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42152" + }, + { + "name": "28877", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28877" + }, + { + "name": "http://www.rooksecurity.com/blog/?p=6", + "refsource": "MISC", + "url": "http://www.rooksecurity.com/blog/?p=6" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2448.json b/2008/2xxx/CVE-2008-2448.json index 91543769bbc..76a570ed99b 100644 --- a/2008/2xxx/CVE-2008-2448.json +++ b/2008/2xxx/CVE-2008-2448.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2448", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) admin/duzenle.asp and (b) admin_oku.asp; the (2) kid parameter to (c) kategori.asp and (d) admin_kategori.asp; and unspecified parameters to (e) uye.asp and (f) oku.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2448", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5608", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5608" - }, - { - "name" : "29189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29189" - }, - { - "name" : "29192", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29192" - }, - { - "name" : "30233", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30233" - }, - { - "name" : "metoforum-kategori-sql-injection(42398)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42398" - }, - { - "name" : "metoforum-multiple-sql-injection(42390)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42390" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) admin/duzenle.asp and (b) admin_oku.asp; the (2) kid parameter to (c) kategori.asp and (d) admin_kategori.asp; and unspecified parameters to (e) uye.asp and (f) oku.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29192", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29192" + }, + { + "name": "metoforum-multiple-sql-injection(42390)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42390" + }, + { + "name": "29189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29189" + }, + { + "name": "5608", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5608" + }, + { + "name": "metoforum-kategori-sql-injection(42398)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42398" + }, + { + "name": "30233", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30233" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2701.json b/2008/2xxx/CVE-2008-2701.json index eca10486d96..ceeace685d4 100644 --- a/2008/2xxx/CVE-2008-2701.json +++ b/2008/2xxx/CVE-2008-2701.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081204 Joomla Component GameQ", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498903/100/0/threaded" - }, - { - "name" : "20081204 Re: Joomla Component GameQ", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498923/100/0/threaded" - }, - { - "name" : "5752", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5752" - }, - { - "name" : "http://packetstormsecurity.org/0806-exploits/joomlagameq-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0806-exploits/joomlagameq-sql.txt" - }, - { - "name" : "29592", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29592" - }, - { - "name" : "32633", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32633" - }, - { - "name" : "30570", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30570" - }, - { - "name" : "gameq-index-sql-injection(42929)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0806-exploits/joomlagameq-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0806-exploits/joomlagameq-sql.txt" + }, + { + "name": "gameq-index-sql-injection(42929)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42929" + }, + { + "name": "30570", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30570" + }, + { + "name": "5752", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5752" + }, + { + "name": "20081204 Joomla Component GameQ", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498903/100/0/threaded" + }, + { + "name": "32633", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32633" + }, + { + "name": "20081204 Re: Joomla Component GameQ", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498923/100/0/threaded" + }, + { + "name": "29592", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29592" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2703.json b/2008/2xxx/CVE-2008-2703.json index 6949638af60..2796de6962d 100644 --- a/2008/2xxx/CVE-2008-2703.json +++ b/2008/2xxx/CVE-2008-2703.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via \"spoofed server responses\" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080704 Novell GroupWise Messenger Client (GWIM) Remote Stack Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493964/100/0/threaded" - }, - { - "name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5026700.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5026700.html" - }, - { - "name" : "29602", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29602" - }, - { - "name" : "ADV-2008-1764", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1764/references" - }, - { - "name" : "1020209", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020209" - }, - { - "name" : "30576", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30576" - }, - { - "name" : "groupwise-messenger-client-bo(42917)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via \"spoofed server responses\" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29602", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29602" + }, + { + "name": "30576", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30576" + }, + { + "name": "groupwise-messenger-client-bo(42917)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42917" + }, + { + "name": "1020209", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020209" + }, + { + "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5026700.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5026700.html" + }, + { + "name": "20080704 Novell GroupWise Messenger Client (GWIM) Remote Stack Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493964/100/0/threaded" + }, + { + "name": "ADV-2008-1764", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1764/references" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2728.json b/2008/2xxx/CVE-2008-2728.json index 36477eba502..afaa3a936fc 100644 --- a/2008/2xxx/CVE-2008-2728.json +++ b/2008/2xxx/CVE-2008-2728.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2728", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-2726. Reason: This candidate is a duplicate of CVE-2008-2726. Notes: All CVE users should reference CVE-2008-2726 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-2728", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-2726. Reason: This candidate is a duplicate of CVE-2008-2726. Notes: All CVE users should reference CVE-2008-2726 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3086.json b/2008/3xxx/CVE-2008-3086.json index 121db9d32cc..5367a662fbe 100644 --- a/2008/3xxx/CVE-2008-3086.json +++ b/2008/3xxx/CVE-2008-3086.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3086", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-3086", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3500.json b/2008/3xxx/CVE-2008-3500.json index 1fcfec69e3a..033c1473d72 100644 --- a/2008/3xxx/CVE-2008-3500.json +++ b/2008/3xxx/CVE-2008-3500.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Suggested Terms module 5.x before 5.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via crafted Taxonomy terms." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://drupal.org/node/274919", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/274919" - }, - { - "name" : "29953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29953" - }, - { - "name" : "ADV-2008-1931", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1931/references" - }, - { - "name" : "30846", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30846" - }, - { - "name" : "suggestedterms-taxonomy-xss(43363)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Suggested Terms module 5.x before 5.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via crafted Taxonomy terms." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29953" + }, + { + "name": "http://drupal.org/node/274919", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/274919" + }, + { + "name": "ADV-2008-1931", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1931/references" + }, + { + "name": "30846", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30846" + }, + { + "name": "suggestedterms-taxonomy-xss(43363)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43363" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3670.json b/2008/3xxx/CVE-2008-3670.json index 6d432cb0a4f..37cccf44e94 100644 --- a/2008/3xxx/CVE-2008-3670.json +++ b/2008/3xxx/CVE-2008-3670.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in authordetail.php in Article Friendly Pro allows remote attackers to execute arbitrary SQL commands via the autid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6167", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6167" - }, - { - "name" : "30452", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30452" - }, - { - "name" : "ADV-2008-2255", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2255/references" - }, - { - "name" : "31292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31292" - }, - { - "name" : "4149", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4149" - }, - { - "name" : "articlefriendly-authordetail-sql-injection(44120)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in authordetail.php in Article Friendly Pro allows remote attackers to execute arbitrary SQL commands via the autid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4149", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4149" + }, + { + "name": "articlefriendly-authordetail-sql-injection(44120)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44120" + }, + { + "name": "ADV-2008-2255", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2255/references" + }, + { + "name": "31292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31292" + }, + { + "name": "30452", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30452" + }, + { + "name": "6167", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6167" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6256.json b/2008/6xxx/CVE-2008-6256.json index d89fb36445e..421872e02bf 100644 --- a/2008/6xxx/CVE-2008-6256.json +++ b/2008/6xxx/CVE-2008-6256.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinfo[recurring] parameter, a different vector than CVE-2005-3022." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081117 [waraxe-2008-SA#068] - Sql Injection in vBulletin 3.7.3.pl1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498369/100/0/threaded" - }, - { - "name" : "http://www.waraxe.us/advisory-68.html", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/advisory-68.html" - }, - { - "name" : "32735", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32735" - }, - { - "name" : "vbulletin-admincalendar-sql-injection(46683)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinfo[recurring] parameter, a different vector than CVE-2005-3022." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vbulletin-admincalendar-sql-injection(46683)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46683" + }, + { + "name": "20081117 [waraxe-2008-SA#068] - Sql Injection in vBulletin 3.7.3.pl1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498369/100/0/threaded" + }, + { + "name": "http://www.waraxe.us/advisory-68.html", + "refsource": "MISC", + "url": "http://www.waraxe.us/advisory-68.html" + }, + { + "name": "32735", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32735" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6357.json b/2008/6xxx/CVE-2008-6357.json index 82c4628a52d..749105a2f0d 100644 --- a/2008/6xxx/CVE-2008-6357.json +++ b/2008/6xxx/CVE-2008-6357.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to mycal.mdb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7420", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7420" - }, - { - "name" : "34261", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34261" - }, - { - "name" : "mycal-mycal-information-disclosure(47266)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47266" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to mycal.mdb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7420", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7420" + }, + { + "name": "34261", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34261" + }, + { + "name": "mycal-mycal-information-disclosure(47266)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47266" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6444.json b/2008/6xxx/CVE-2008-6444.json index 07dc01c2cf0..8890fff669d 100644 --- a/2008/6xxx/CVE-2008-6444.json +++ b/2008/6xxx/CVE-2008-6444.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might allow remote attackers to execute arbitrary code via a crafted packet, probably related to an improper length value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080913 Baidu Hi IM software parsing plaintext stack overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496322/100/0/threaded" - }, - { - "name" : "31162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31162" - }, - { - "name" : "51696", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51696" - }, - { - "name" : "baiduhi-cstransfer-bo(45117)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might allow remote attackers to execute arbitrary code via a crafted packet, probably related to an improper length value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080913 Baidu Hi IM software parsing plaintext stack overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496322/100/0/threaded" + }, + { + "name": "31162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31162" + }, + { + "name": "51696", + "refsource": "OSVDB", + "url": "http://osvdb.org/51696" + }, + { + "name": "baiduhi-cstransfer-bo(45117)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45117" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6726.json b/2008/6xxx/CVE-2008-6726.json index 55ea60e9f60..2772f3d09ef 100644 --- a/2008/6xxx/CVE-2008-6726.json +++ b/2008/6xxx/CVE-2008-6726.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in CMScout 2.06, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bit parameter to (1) admin.php and (2) index.php, different vectors than CVE-2008-3415." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7625", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7625" - }, - { - "name" : "http://www.cmscout.co.za/index.php?page=news&id=30", - "refsource" : "CONFIRM", - "url" : "http://www.cmscout.co.za/index.php?page=news&id=30" - }, - { - "name" : "33068", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33068" - }, - { - "name" : "51119", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51119" - }, - { - "name" : "51120", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51120" - }, - { - "name" : "33375", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33375" - }, - { - "name" : "cmscout-admin-index-file-include(47660)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in CMScout 2.06, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bit parameter to (1) admin.php and (2) index.php, different vectors than CVE-2008-3415." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7625", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7625" + }, + { + "name": "cmscout-admin-index-file-include(47660)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47660" + }, + { + "name": "http://www.cmscout.co.za/index.php?page=news&id=30", + "refsource": "CONFIRM", + "url": "http://www.cmscout.co.za/index.php?page=news&id=30" + }, + { + "name": "51120", + "refsource": "OSVDB", + "url": "http://osvdb.org/51120" + }, + { + "name": "33068", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33068" + }, + { + "name": "33375", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33375" + }, + { + "name": "51119", + "refsource": "OSVDB", + "url": "http://osvdb.org/51119" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2648.json b/2013/2xxx/CVE-2013-2648.json index 469254f152a..d0ab6b26b54 100644 --- a/2013/2xxx/CVE-2013-2648.json +++ b/2013/2xxx/CVE-2013-2648.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2648", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2648", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2887.json b/2013/2xxx/CVE-2013-2887.json index b2d92bd9326..633f55b5fe1 100644 --- a/2013/2xxx/CVE-2013-2887.json +++ b/2013/2xxx/CVE-2013-2887.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Google Chrome before 29.0.1547.57 allow attackers to cause a denial of service or possibly have other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://crbug.com/116128", - "refsource" : "CONFIRM", - "url" : "http://crbug.com/116128" - }, - { - "name" : "http://crbug.com/166916", - "refsource" : "CONFIRM", - "url" : "http://crbug.com/166916" - }, - { - "name" : "http://crbug.com/172119", - "refsource" : "CONFIRM", - "url" : "http://crbug.com/172119" - }, - { - "name" : "http://crbug.com/177876", - "refsource" : "CONFIRM", - "url" : "http://crbug.com/177876" - }, - { - "name" : "http://crbug.com/220039", - "refsource" : "CONFIRM", - "url" : "http://crbug.com/220039" - }, - { - "name" : "http://crbug.com/231688", - "refsource" : "CONFIRM", - "url" : "http://crbug.com/231688" - }, - { - "name" : "http://crbug.com/232393", - "refsource" : "CONFIRM", - "url" : "http://crbug.com/232393" - }, - { - "name" : "http://crbug.com/234809", - "refsource" : "CONFIRM", - "url" : "http://crbug.com/234809" - }, - { - "name" : "http://crbug.com/236147", - "refsource" : "CONFIRM", - "url" : "http://crbug.com/236147" - }, - { - "name" : "http://crbug.com/238837", - "refsource" : "CONFIRM", - "url" : "http://crbug.com/238837" - }, - { - "name" : "http://crbug.com/246635", - "refsource" : "CONFIRM", - "url" : "http://crbug.com/246635" - }, - { - "name" : "http://crbug.com/248960", - "refsource" : "CONFIRM", - "url" : "http://crbug.com/248960" - }, - { - "name" : "http://crbug.com/249064", - "refsource" : "CONFIRM", - "url" : "http://crbug.com/249064" - }, - { - "name" : "http://crbug.com/249854", - "refsource" : "CONFIRM", - "url" : "http://crbug.com/249854" - }, - { - "name" : "http://crbug.com/252848", - "refsource" : "CONFIRM", - "url" : "http://crbug.com/252848" - }, - { - "name" : "http://crbug.com/254159", - "refsource" : "CONFIRM", - "url" : "http://crbug.com/254159" - }, - { - "name" : "http://crbug.com/261609", - "refsource" : "CONFIRM", - "url" : "http://crbug.com/261609" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=274602", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=274602" - }, - { - "name" : "DSA-2741", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2741" - }, - { - "name" : "oval:org.mitre.oval:def:17741", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17741" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Google Chrome before 29.0.1547.57 allow attackers to cause a denial of service or possibly have other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://crbug.com/249854", + "refsource": "CONFIRM", + "url": "http://crbug.com/249854" + }, + { + "name": "oval:org.mitre.oval:def:17741", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17741" + }, + { + "name": "http://crbug.com/172119", + "refsource": "CONFIRM", + "url": "http://crbug.com/172119" + }, + { + "name": "http://crbug.com/231688", + "refsource": "CONFIRM", + "url": "http://crbug.com/231688" + }, + { + "name": "http://crbug.com/232393", + "refsource": "CONFIRM", + "url": "http://crbug.com/232393" + }, + { + "name": "http://crbug.com/246635", + "refsource": "CONFIRM", + "url": "http://crbug.com/246635" + }, + { + "name": "http://crbug.com/249064", + "refsource": "CONFIRM", + "url": "http://crbug.com/249064" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html" + }, + { + "name": "http://crbug.com/116128", + "refsource": "CONFIRM", + "url": "http://crbug.com/116128" + }, + { + "name": "http://crbug.com/261609", + "refsource": "CONFIRM", + "url": "http://crbug.com/261609" + }, + { + "name": "http://crbug.com/234809", + "refsource": "CONFIRM", + "url": "http://crbug.com/234809" + }, + { + "name": "http://crbug.com/236147", + "refsource": "CONFIRM", + "url": "http://crbug.com/236147" + }, + { + "name": "http://crbug.com/254159", + "refsource": "CONFIRM", + "url": "http://crbug.com/254159" + }, + { + "name": "http://crbug.com/238837", + "refsource": "CONFIRM", + "url": "http://crbug.com/238837" + }, + { + "name": "http://crbug.com/252848", + "refsource": "CONFIRM", + "url": "http://crbug.com/252848" + }, + { + "name": "http://crbug.com/166916", + "refsource": "CONFIRM", + "url": "http://crbug.com/166916" + }, + { + "name": "http://crbug.com/220039", + "refsource": "CONFIRM", + "url": "http://crbug.com/220039" + }, + { + "name": "http://crbug.com/248960", + "refsource": "CONFIRM", + "url": "http://crbug.com/248960" + }, + { + "name": "http://crbug.com/177876", + "refsource": "CONFIRM", + "url": "http://crbug.com/177876" + }, + { + "name": "DSA-2741", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2741" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=274602", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=274602" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11169.json b/2017/11xxx/CVE-2017-11169.json index ab90bd053f3..aa5abce0537 100644 --- a/2017/11xxx/CVE-2017-11169.json +++ b/2017/11xxx/CVE-2017-11169.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices allows remote authenticated users to obtain root privileges by leveraging a guest/user/normal account to submit a modified privilege parameter to /form2userconfig.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.uniquish.tech/2017/11/privelege-escalation-in-iball-ib.html", - "refsource" : "MISC", - "url" : "http://www.uniquish.tech/2017/11/privelege-escalation-in-iball-ib.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices allows remote authenticated users to obtain root privileges by leveraging a guest/user/normal account to submit a modified privilege parameter to /form2userconfig.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.uniquish.tech/2017/11/privelege-escalation-in-iball-ib.html", + "refsource": "MISC", + "url": "http://www.uniquish.tech/2017/11/privelege-escalation-in-iball-ib.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11504.json b/2017/11xxx/CVE-2017-11504.json index be1e4ff0222..732fc2427f9 100644 --- a/2017/11xxx/CVE-2017-11504.json +++ b/2017/11xxx/CVE-2017-11504.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11504", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11504", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11546.json b/2017/11xxx/CVE-2017-11546.json index d49fc853dd8..256ef3f922f 100644 --- a/2017/11xxx/CVE-2017-11546.json +++ b/2017/11xxx/CVE-2017-11546.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. NOTE: a crash might be relevant when using the --background option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jul/83", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jul/83" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. NOTE: a crash might be relevant when using the --background option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Jul/83", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Jul/83" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11636.json b/2017/11xxx/CVE-2017-11636.json index bce1532de2a..01ff0443fcd 100644 --- a/2017/11xxx/CVE-2017-11636.json +++ b/2017/11xxx/CVE-2017-11636.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" - }, - { - "name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/39961adf974c", - "refsource" : "CONFIRM", - "url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/39961adf974c" - }, - { - "name" : "DSA-4321", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4321" - }, - { - "name" : "99978", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99978" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/39961adf974c", + "refsource": "CONFIRM", + "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/39961adf974c" + }, + { + "name": "DSA-4321", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4321" + }, + { + "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" + }, + { + "name": "99978", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99978" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11916.json b/2017/11xxx/CVE-2017-11916.json index 25cc47bfc11..7fa6ec066d5 100644 --- a/2017/11xxx/CVE-2017-11916.json +++ b/2017/11xxx/CVE-2017-11916.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-12-12T00:00:00", - "ID" : "CVE-2017-11916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11918, and CVE-2017-11930." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-12-12T00:00:00", + "ID": "CVE-2017-11916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11916", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11916" - }, - { - "name" : "102090", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102090" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11918, and CVE-2017-11930." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11916", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11916" + }, + { + "name": "102090", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102090" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14047.json b/2017/14xxx/CVE-2017-14047.json index af6bb5c8523..ae44e024bff 100644 --- a/2017/14xxx/CVE-2017-14047.json +++ b/2017/14xxx/CVE-2017-14047.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14047", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14047", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14326.json b/2017/14xxx/CVE-2017-14326.json index d43f93a84b0..9b5bc4ff825 100644 --- a/2017/14xxx/CVE-2017-14326.json +++ b/2017/14xxx/CVE-2017-14326.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/740", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/740" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/740", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/740" + }, + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14466.json b/2017/14xxx/CVE-2017-14466.json index f6083926fc6..4ffc661839a 100644 --- a/2017/14xxx/CVE-2017-14466.json +++ b/2017/14xxx/CVE-2017-14466.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-03-28T00:00:00", - "ID" : "CVE-2017-14466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Allen Bradley", - "version" : { - "version_data" : [ - { - "version_value" : "Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: The filetype 0x03 allows users write access, allowing the ability to overwrite the Master Password value stored in the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-03-28T00:00:00", + "ID": "CVE-2017-14466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Allen Bradley", + "version": { + "version_data": [ + { + "version_value": "Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: The filetype 0x03 allows users write access, allowing the ability to overwrite the Master Password value stored in the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14491.json b/2017/14xxx/CVE-2017-14491.json index 508b2990686..154ef7dc8b0 100644 --- a/2017/14xxx/CVE-2017-14491.json +++ b/2017/14xxx/CVE-2017-14491.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14491", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14491", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42941", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42941/" - }, - { - "name" : "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.", - "refsource" : "MLIST", - "url" : "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html" - }, - { - "name" : "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.", - "refsource" : "MLIST", - "url" : "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html" - }, - { - "name" : "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html", - "refsource" : "MISC", - "url" : "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html" - }, - { - "name" : "http://thekelleys.org.uk/dnsmasq/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "http://thekelleys.org.uk/dnsmasq/CHANGELOG" - }, - { - "name" : "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc", - "refsource" : "CONFIRM", - "url" : "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc" - }, - { - "name" : "https://access.redhat.com/security/vulnerabilities/3199382", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/security/vulnerabilities/3199382" - }, - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" - }, - { - "name" : "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq" - }, - { - "name" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt", - "refsource" : "CONFIRM", - "url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt" - }, - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf" - }, - { - "name" : "DSA-3989", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3989" - }, - { - "name" : "GLSA-201710-27", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-27" - }, - { - "name" : "RHSA-2017:2836", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2836" - }, - { - "name" : "RHSA-2017:2837", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2837" - }, - { - "name" : "RHSA-2017:2838", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2838" - }, - { - "name" : "RHSA-2017:2839", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2839" - }, - { - "name" : "RHSA-2017:2840", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2840" - }, - { - "name" : "RHSA-2017:2841", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2841" - }, - { - "name" : "openSUSE-SU-2017:2633", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html" - }, - { - "name" : "USN-3430-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3430-1" - }, - { - "name" : "USN-3430-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-3430-2" - }, - { - "name" : "VU#973527", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/973527" - }, - { - "name" : "101085", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101085" - }, - { - "name" : "101977", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101977" - }, - { - "name" : "1039474", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039474", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039474" + }, + { + "name": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq", + "refsource": "CONFIRM", + "url": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq" + }, + { + "name": "DSA-3989", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3989" + }, + { + "name": "https://access.redhat.com/security/vulnerabilities/3199382", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/security/vulnerabilities/3199382" + }, + { + "name": "101085", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101085" + }, + { + "name": "USN-3430-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3430-1" + }, + { + "name": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc", + "refsource": "CONFIRM", + "url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc" + }, + { + "name": "101977", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101977" + }, + { + "name": "RHSA-2017:2838", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2838" + }, + { + "name": "VU#973527", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/973527" + }, + { + "name": "GLSA-201710-27", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-27" + }, + { + "name": "RHSA-2017:2840", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2840" + }, + { + "name": "USN-3430-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-3430-2" + }, + { + "name": "RHSA-2017:2839", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2839" + }, + { + "name": "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.", + "refsource": "MLIST", + "url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html" + }, + { + "name": "RHSA-2017:2836", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2836" + }, + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" + }, + { + "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt", + "refsource": "CONFIRM", + "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt" + }, + { + "name": "RHSA-2017:2837", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2837" + }, + { + "name": "42941", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42941/" + }, + { + "name": "http://thekelleys.org.uk/dnsmasq/CHANGELOG", + "refsource": "CONFIRM", + "url": "http://thekelleys.org.uk/dnsmasq/CHANGELOG" + }, + { + "name": "RHSA-2017:2841", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2841" + }, + { + "name": "openSUSE-SU-2017:2633", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html" + }, + { + "name": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html", + "refsource": "MISC", + "url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html" + }, + { + "name": "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.", + "refsource": "MLIST", + "url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14726.json b/2017/14xxx/CVE-2017-14726.json index 6ea41c88ada..d22278da54c 100644 --- a/2017/14xxx/CVE-2017-14726.json +++ b/2017/14xxx/CVE-2017-14726.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://core.trac.wordpress.org/changeset/41395", - "refsource" : "MISC", - "url" : "https://core.trac.wordpress.org/changeset/41395" - }, - { - "name" : "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/", - "refsource" : "MISC", - "url" : "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8914", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8914" - }, - { - "name" : "DSA-3997", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3997" - }, - { - "name" : "100912", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100912" - }, - { - "name" : "1039553", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3997", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3997" + }, + { + "name": "https://core.trac.wordpress.org/changeset/41395", + "refsource": "MISC", + "url": "https://core.trac.wordpress.org/changeset/41395" + }, + { + "name": "100912", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100912" + }, + { + "name": "1039553", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039553" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8914", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8914" + }, + { + "name": "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/", + "refsource": "MISC", + "url": "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14836.json b/2017/14xxx/CVE-2017-14836.json index e729bff9a7f..a24f49904f4 100644 --- a/2017/14xxx/CVE-2017-14836.json +++ b/2017/14xxx/CVE-2017-14836.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2017-14836", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "8.3.1" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the modDate attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5028." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2017-14836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "8.3.1" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-17-880", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-17-880" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the modDate attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5028." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-17-880", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-17-880" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14943.json b/2017/14xxx/CVE-2017-14943.json index 95012d89800..778e281ef9a 100644 --- a/2017/14xxx/CVE-2017-14943.json +++ b/2017/14xxx/CVE-2017-14943.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Trapeze TransitMaster is vulnerable to information disclosure (emails / hashed passwords) via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. NOTE: this software is independently deployed at multiple municipal transit systems; it is not found exclusively on the \"webwatch.(REDACTED).com\" server mentioned in the reference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/TransitMaster%20%3E%20Information%20Disclosure%20-%20CVE-2017-14943", - "refsource" : "MISC", - "url" : "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/TransitMaster%20%3E%20Information%20Disclosure%20-%20CVE-2017-14943" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Trapeze TransitMaster is vulnerable to information disclosure (emails / hashed passwords) via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. NOTE: this software is independently deployed at multiple municipal transit systems; it is not found exclusively on the \"webwatch.(REDACTED).com\" server mentioned in the reference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/TransitMaster%20%3E%20Information%20Disclosure%20-%20CVE-2017-14943", + "refsource": "MISC", + "url": "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/TransitMaster%20%3E%20Information%20Disclosure%20-%20CVE-2017-14943" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15564.json b/2017/15xxx/CVE-2017-15564.json index 5a87f977b6b..f74237e8d89 100644 --- a/2017/15xxx/CVE-2017-15564.json +++ b/2017/15xxx/CVE-2017-15564.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15564", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15564", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15726.json b/2017/15xxx/CVE-2017-15726.json index d065e28a5ad..76d95f4f2ed 100644 --- a/2017/15xxx/CVE-2017-15726.json +++ b/2017/15xxx/CVE-2017-15726.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15726", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15726", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15763.json b/2017/15xxx/CVE-2017-15763.json index db16c1b86eb..4df9dbb0558 100644 --- a/2017/15xxx/CVE-2017-15763.json +++ b/2017/15xxx/CVE-2017-15763.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to \"Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001eca0.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15763", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to \"Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001eca0.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15763", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15763" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15894.json b/2017/15xxx/CVE-2017-15894.json index 49b4f862fbd..60ee2d68f60 100644 --- a/2017/15xxx/CVE-2017-15894.json +++ b/2017/15xxx/CVE-2017-15894.json @@ -1,66 +1,66 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-15894", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Synology DiskStation Manager (DSM)", - "version" : { - "version_data" : [ - { - "version_value" : "6.0.x before 6.0.3-8754-3" - }, - { - "version_value" : "before 5.2-5967-6" - } - ] - } - } - ] - }, - "vendor_name" : "Synology" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Limitation of a Pathname to a Restricted Directory (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-15894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Synology DiskStation Manager (DSM)", + "version": { + "version_data": [ + { + "version_value": "6.0.x before 6.0.3-8754-3" + }, + { + "version_value": "before 5.2-5967-6" + } + ] + } + } + ] + }, + "vendor_name": "Synology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.synology.com/en-global/support/security/Synology_SA_17_70_DSM", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/en-global/support/security/Synology_SA_17_70_DSM" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Limitation of a Pathname to a Restricted Directory (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.synology.com/en-global/support/security/Synology_SA_17_70_DSM", + "refsource": "CONFIRM", + "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_70_DSM" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8155.json b/2017/8xxx/CVE-2017-8155.json index 2af45017baa..03f72216e7e 100644 --- a/2017/8xxx/CVE-2017-8155.json +++ b/2017/8xxx/CVE-2017-8155.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "B2338-168", - "version" : { - "version_data" : [ - { - "version_value" : "V100R001C00" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor units of the CPE, an attacker can deliver commands to the specific port of the outdoor unit and execute them without authentication. Successful exploit could allow the attacker to take control over the outdoor unit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "no authentication" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "B2338-168", + "version": { + "version_data": [ + { + "version_value": "V100R001C00" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-cpe-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-cpe-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor units of the CPE, an attacker can deliver commands to the specific port of the outdoor unit and execute them without authentication. Successful exploit could allow the attacker to take control over the outdoor unit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "no authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-cpe-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-cpe-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8212.json b/2017/8xxx/CVE-2017-8212.json index f78c325535e..0e4d8af7de0 100644 --- a/2017/8xxx/CVE-2017-8212.json +++ b/2017/8xxx/CVE-2017-8212.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "honor 5C,honor 6x", - "version" : { - "version_data" : [ - { - "version_value" : "Versions earlier than NEM-AL10C00B356,Versions earlier than Berlin-L21HNC432B360" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "honor 5C,honor 6x", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than NEM-AL10C00B356,Versions earlier than Berlin-L21HNC432B360" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8726.json b/2017/8xxx/CVE-2017-8726.json index 21c1422b9a0..5ef3638519d 100644 --- a/2017/8xxx/CVE-2017-8726.json +++ b/2017/8xxx/CVE-2017-8726.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-8726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft scripting engines handle objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11794 and CVE-2017-11803." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-8726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8726", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8726" - }, - { - "name" : "101084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101084" - }, - { - "name" : "1039529", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft scripting engines handle objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11794 and CVE-2017-11803." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039529", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039529" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8726", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8726" + }, + { + "name": "101084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101084" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9522.json b/2017/9xxx/CVE-2017-9522.json index 077060cc5c3..f6699f59a66 100644 --- a/2017/9xxx/CVE-2017-9522.json +++ b/2017/9xxx/CVE-2017-9522.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Time Warner firmware on Technicolor TC8717T devices sets the default Wi-Fi passphrase to a combination of the SSID and BSSID, which makes it easier for remote attackers to obtain network access by reading a beacon frame." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-21.default-wifi-credentials.txt", - "refsource" : "MISC", - "url" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-21.default-wifi-credentials.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Time Warner firmware on Technicolor TC8717T devices sets the default Wi-Fi passphrase to a combination of the SSID and BSSID, which makes it easier for remote attackers to obtain network access by reading a beacon frame." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-21.default-wifi-credentials.txt", + "refsource": "MISC", + "url": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-21.default-wifi-credentials.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000043.json b/2018/1000xxx/CVE-2018-1000043.json index dc53a698b44..d302256bd31 100644 --- a/2018/1000xxx/CVE-2018-1000043.json +++ b/2018/1000xxx/CVE-2018-1000043.json @@ -1,64 +1,64 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "1/31/2018 20:22:19", - "ID" : "CVE-2018-1000043", - "REQUESTER" : "medsgerj@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Squert", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.1 through 1.6.7" - } - ] - } - } - ] - }, - "vendor_name" : "Security Onion Solutions" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the txdata parameter, used in tx()/transcript(), or the catdata parameter, used in cat(). This vulnerability appears to have been fixed in 1.7.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "1/31/2018 20:22:19", + "ID": "CVE-2018-1000043", + "REQUESTER": "medsgerj@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.securityonion.net/2018/01/security-advisory-for-squert.html", - "refsource" : "CONFIRM", - "url" : "http://blog.securityonion.net/2018/01/security-advisory-for-squert.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the txdata parameter, used in tx()/transcript(), or the catdata parameter, used in cat(). This vulnerability appears to have been fixed in 1.7.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.securityonion.net/2018/01/security-advisory-for-squert.html", + "refsource": "CONFIRM", + "url": "http://blog.securityonion.net/2018/01/security-advisory-for-squert.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000049.json b/2018/1000xxx/CVE-2018-1000049.json index 3f7142a75a7..654f8930c44 100644 --- a/2018/1000xxx/CVE-2018-1000049.json +++ b/2018/1000xxx/CVE-2018-1000049.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "1/20/2018 9:34:40", - "ID" : "CVE-2018-1000049", - "REQUESTER" : "reversebrain@protonmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Claymore Dual Miner", - "version" : { - "version_data" : [ - { - "version_value" : "7.3 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "nanopool" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "1/20/2018 9:34:40", + "ID": "CVE-2018-1000049", + "REQUESTER": "reversebrain@protonmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44638", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44638/" - }, - { - "name" : "45044", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45044/" - }, - { - "name" : "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/", - "refsource" : "MISC", - "url" : "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/" - }, - { - "name" : "https://twitter.com/ReverseBrain/status/951850534985662464", - "refsource" : "MISC", - "url" : "https://twitter.com/ReverseBrain/status/951850534985662464" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://twitter.com/ReverseBrain/status/951850534985662464", + "refsource": "MISC", + "url": "https://twitter.com/ReverseBrain/status/951850534985662464" + }, + { + "name": "45044", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45044/" + }, + { + "name": "44638", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44638/" + }, + { + "name": "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/", + "refsource": "MISC", + "url": "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12151.json b/2018/12xxx/CVE-2018-12151.json index d992b1425e2..2122498bbb3 100644 --- a/2018/12xxx/CVE-2018-12151.json +++ b/2018/12xxx/CVE-2018-12151.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2018-09-11T00:00:00", - "ID" : "CVE-2018-12151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel(R) Extreme Tuning Utility", - "version" : { - "version_data" : [ - { - "version_value" : "Versions before 6.4.1.2." - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially cause a buffer overflow potentially leading to a denial of service via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2018-09-11T00:00:00", + "ID": "CVE-2018-12151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel(R) Extreme Tuning Utility", + "version": { + "version_data": [ + { + "version_value": "Versions before 6.4.1.2." + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially cause a buffer overflow potentially leading to a denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12289.json b/2018/12xxx/CVE-2018-12289.json index 0d2033f8275..772cef39c19 100644 --- a/2018/12xxx/CVE-2018-12289.json +++ b/2018/12xxx/CVE-2018-12289.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12289", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12289", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12870.json b/2018/12xxx/CVE-2018-12870.json index 8909d07136a..d4467cc2b4d 100644 --- a/2018/12xxx/CVE-2018-12870.json +++ b/2018/12xxx/CVE-2018-12870.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105439" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "105439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105439" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13520.json b/2018/13xxx/CVE-2018-13520.json index e954e3e63d3..6fc2b18b1d9 100644 --- a/2018/13xxx/CVE-2018-13520.json +++ b/2018/13xxx/CVE-2018-13520.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13520", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for TopscoinAdvanced, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13520", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TopscoinAdvanced", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TopscoinAdvanced" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for TopscoinAdvanced, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TopscoinAdvanced", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TopscoinAdvanced" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13540.json b/2018/13xxx/CVE-2018-13540.json index 143867ee541..c95c2abeb95 100644 --- a/2018/13xxx/CVE-2018-13540.json +++ b/2018/13xxx/CVE-2018-13540.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GSI", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GSI" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GSI", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GSI" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13580.json b/2018/13xxx/CVE-2018-13580.json index 1c8d54eca4b..06fa49ce023 100644 --- a/2018/13xxx/CVE-2018-13580.json +++ b/2018/13xxx/CVE-2018-13580.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PVE", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PVE" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PVE", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PVE" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13641.json b/2018/13xxx/CVE-2018-13641.json index 2ae53f76759..fb95904b364 100644 --- a/2018/13xxx/CVE-2018-13641.json +++ b/2018/13xxx/CVE-2018-13641.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for MVGcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MVGcoin", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MVGcoin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for MVGcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MVGcoin", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MVGcoin" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16710.json b/2018/16xxx/CVE-2018-16710.json index ae1c2a846db..a8e53486a6d 100644 --- a/2018/16xxx/CVE-2018-16710.json +++ b/2018/16xxx/CVE-2018-16710.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16710", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with \"blind port forwarding ... Putting OctoPrint onto the public internet is a terrible idea, and I really can't emphasize that enough.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16710", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/foosel/OctoPrint/issues/2814", - "refsource" : "MISC", - "url" : "https://github.com/foosel/OctoPrint/issues/2814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with \"blind port forwarding ... Putting OctoPrint onto the public internet is a terrible idea, and I really can't emphasize that enough.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/foosel/OctoPrint/issues/2814", + "refsource": "MISC", + "url": "https://github.com/foosel/OctoPrint/issues/2814" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16852.json b/2018/16xxx/CVE-2018-16852.json index e7ee3eb5383..97a9ea180df 100644 --- a/2018/16xxx/CVE-2018-16852.json +++ b/2018/16xxx/CVE-2018-16852.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sfowler@redhat.com", - "ID" : "CVE-2018-16852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "samba", - "version" : { - "version_data" : [ - { - "version_value" : "4.9.3" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-476" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-16852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "samba", + "version": { + "version_data": [ + { + "version_value": "4.9.3" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16852", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16852" - }, - { - "name" : "https://www.samba.org/samba/security/CVE-2018-16852.html", - "refsource" : "CONFIRM", - "url" : "https://www.samba.org/samba/security/CVE-2018-16852.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181127-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181127-0001/" - }, - { - "name" : "106024", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.samba.org/samba/security/CVE-2018-16852.html", + "refsource": "CONFIRM", + "url": "https://www.samba.org/samba/security/CVE-2018-16852.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16852", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16852" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20181127-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181127-0001/" + }, + { + "name": "106024", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106024" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4076.json b/2018/4xxx/CVE-2018-4076.json index f6c3057ec5c..9daccbd208d 100644 --- a/2018/4xxx/CVE-2018-4076.json +++ b/2018/4xxx/CVE-2018-4076.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4076", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4076", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4645.json b/2018/4xxx/CVE-2018-4645.json index ed03f25b177..e9ced8a78ec 100644 --- a/2018/4xxx/CVE-2018-4645.json +++ b/2018/4xxx/CVE-2018-4645.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4645", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4645", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file