From 997c6d68b97468a2895c095515452f454d974c82 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:36:56 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/1xxx/CVE-2002-1592.json | 150 +++++++++++------------ 2002/1xxx/CVE-2002-1819.json | 140 +++++++++++----------- 2003/0xxx/CVE-2003-0155.json | 130 ++++++++++---------- 2003/0xxx/CVE-2003-0524.json | 120 +++++++++---------- 2003/0xxx/CVE-2003-0630.json | 130 ++++++++++---------- 2003/1xxx/CVE-2003-1054.json | 160 ++++++++++++------------- 2003/1xxx/CVE-2003-1085.json | 210 ++++++++++++++++----------------- 2003/1xxx/CVE-2003-1211.json | 160 ++++++++++++------------- 2003/1xxx/CVE-2003-1584.json | 130 ++++++++++---------- 2004/0xxx/CVE-2004-0260.json | 150 +++++++++++------------ 2004/0xxx/CVE-2004-0877.json | 34 +++--- 2004/2xxx/CVE-2004-2026.json | 190 ++++++++++++++--------------- 2004/2xxx/CVE-2004-2048.json | 170 +++++++++++++------------- 2004/2xxx/CVE-2004-2569.json | 190 ++++++++++++++--------------- 2008/2xxx/CVE-2008-2034.json | 140 +++++++++++----------- 2008/2xxx/CVE-2008-2553.json | 200 +++++++++++++++---------------- 2008/2xxx/CVE-2008-2876.json | 180 ++++++++++++++-------------- 2012/0xxx/CVE-2012-0348.json | 34 +++--- 2012/0xxx/CVE-2012-0906.json | 130 ++++++++++---------- 2012/1xxx/CVE-2012-1764.json | 180 ++++++++++++++-------------- 2012/1xxx/CVE-2012-1995.json | 130 ++++++++++---------- 2012/5xxx/CVE-2012-5539.json | 140 +++++++++++----------- 2012/5xxx/CVE-2012-5728.json | 34 +++--- 2017/11xxx/CVE-2017-11288.json | 140 +++++++++++----------- 2017/11xxx/CVE-2017-11769.json | 142 +++++++++++----------- 2017/3xxx/CVE-2017-3223.json | 166 +++++++++++++------------- 2017/3xxx/CVE-2017-3460.json | 152 ++++++++++++------------ 2017/3xxx/CVE-2017-3503.json | 182 ++++++++++++++-------------- 2017/7xxx/CVE-2017-7634.json | 122 +++++++++---------- 2017/7xxx/CVE-2017-7676.json | 142 +++++++++++----------- 2017/7xxx/CVE-2017-7711.json | 34 +++--- 2017/7xxx/CVE-2017-7734.json | 142 +++++++++++----------- 2017/8xxx/CVE-2017-8041.json | 130 ++++++++++---------- 2017/8xxx/CVE-2017-8135.json | 132 ++++++++++----------- 2018/10xxx/CVE-2018-10145.json | 34 +++--- 2018/10xxx/CVE-2018-10360.json | 150 +++++++++++------------ 2018/10xxx/CVE-2018-10559.json | 34 +++--- 2018/10xxx/CVE-2018-10657.json | 130 ++++++++++---------- 2018/10xxx/CVE-2018-10727.json | 34 +++--- 2018/12xxx/CVE-2018-12505.json | 34 +++--- 2018/13xxx/CVE-2018-13011.json | 120 +++++++++---------- 2018/13xxx/CVE-2018-13098.json | 130 ++++++++++---------- 2018/13xxx/CVE-2018-13423.json | 130 ++++++++++---------- 2018/13xxx/CVE-2018-13445.json | 120 +++++++++---------- 2018/13xxx/CVE-2018-13555.json | 130 ++++++++++---------- 2018/17xxx/CVE-2018-17436.json | 120 +++++++++---------- 2018/17xxx/CVE-2018-17539.json | 130 ++++++++++---------- 2018/17xxx/CVE-2018-17785.json | 130 ++++++++++---------- 2018/17xxx/CVE-2018-17881.json | 120 +++++++++---------- 2018/17xxx/CVE-2018-17890.json | 132 ++++++++++----------- 2018/9xxx/CVE-2018-9247.json | 120 +++++++++---------- 2018/9xxx/CVE-2018-9311.json | 140 +++++++++++----------- 2018/9xxx/CVE-2018-9742.json | 34 +++--- 53 files changed, 3344 insertions(+), 3344 deletions(-) diff --git a/2002/1xxx/CVE-2002-1592.json b/2002/1xxx/CVE-2002-1592.json index aaff635e5be..412c6e211aa 100644 --- a/2002/1xxx/CVE-2002-1592.json +++ b/2002/1xxx/CVE-2002-1592.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.apache.org/dist/httpd/CHANGES_2.0", - "refsource" : "CONFIRM", - "url" : "http://www.apache.org/dist/httpd/CHANGES_2.0" - }, - { - "name" : "VU#165803", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/165803" - }, - { - "name" : "5256", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5256" - }, - { - "name" : "apache-aplogrerror-path-disclosure(9623)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9623.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#165803", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/165803" + }, + { + "name": "5256", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5256" + }, + { + "name": "http://www.apache.org/dist/httpd/CHANGES_2.0", + "refsource": "CONFIRM", + "url": "http://www.apache.org/dist/httpd/CHANGES_2.0" + }, + { + "name": "apache-aplogrerror-path-disclosure(9623)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9623.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1819.json b/2002/1xxx/CVE-2002-1819.json index e5424bd8747..d19cfca00bb 100644 --- a/2002/1xxx/CVE-2002-1819.json +++ b/2002/1xxx/CVE-2002-1819.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote attackers to read or execute arbitrary files via a \"..\" (dot dot) in the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021111 Multiple vulnerabilities in Tiny HTTPd", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/299287" - }, - { - "name" : "6158", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6158" - }, - { - "name" : "tinyhttpd-dotdot-directory-traversal(10596)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10596.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote attackers to read or execute arbitrary files via a \"..\" (dot dot) in the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021111 Multiple vulnerabilities in Tiny HTTPd", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/299287" + }, + { + "name": "6158", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6158" + }, + { + "name": "tinyhttpd-dotdot-directory-traversal(10596)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10596.php" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0155.json b/2003/0xxx/CVE-2003-0155.json index 50095c4e550..c93419e235f 100644 --- a/2003/0xxx/CVE-2003-0155.json +++ b/2003/0xxx/CVE-2003-0155.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-265", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-265" - }, - { - "name" : "7163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7163" + }, + { + "name": "DSA-265", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-265" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0524.json b/2003/0xxx/CVE-2003-0524.json index 51e1a85d04e..33f6509b607 100644 --- a/2003/0xxx/CVE-2003-0524.json +++ b/2003/0xxx/CVE-2003-0524.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary files via a symlink attack on the qt_plugins_3.0rc temporary file in the .qt directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030708 Qt temporary files race condition in Knoppix 3.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105769387706906&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary files via a symlink attack on the qt_plugins_3.0rc temporary file in the .qt directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030708 Qt temporary files race condition in Knoppix 3.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105769387706906&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0630.json b/2003/0xxx/CVE-2003-0630.json index 9896671468c..beeef3d0c3b 100644 --- a/2003/0xxx/CVE-2003-0630.json +++ b/2003/0xxx/CVE-2003-0630.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the atari800.svgalib setuid program of the Atari 800 emulator (atari800) before 1.2.2 allow local users to gain privileges via long command line arguments, as demonstrated with the -osa_rom argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-359", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-359" - }, - { - "name" : "20030902 GLSA: atari800 (200309-07)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106252128221901&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the atari800.svgalib setuid program of the Atari 800 emulator (atari800) before 1.2.2 allow local users to gain privileges via long command line arguments, as demonstrated with the -osa_rom argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-359", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-359" + }, + { + "name": "20030902 GLSA: atari800 (200309-07)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106252128221901&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1054.json b/2003/1xxx/CVE-2003-1054.json index 35e3bd59970..c0bac1dec36 100644 --- a/2003/1xxx/CVE-2003-1054.json +++ b/2003/1xxx/CVE-2003-1054.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030416 [VulnWatch] Apache mod_access_referer denial of service issue", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004555.html" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=151905", - "refsource" : "MISC", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=151905" - }, - { - "name" : "http://www.vuxml.org/freebsd/af747389-42ba-11d9-bd37-00065be4b5b6.html", - "refsource" : "CONFIRM", - "url" : "http://www.vuxml.org/freebsd/af747389-42ba-11d9-bd37-00065be4b5b6.html" - }, - { - "name" : "7375", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7375" - }, - { - "name" : "8612", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8612" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vuxml.org/freebsd/af747389-42ba-11d9-bd37-00065be4b5b6.html", + "refsource": "CONFIRM", + "url": "http://www.vuxml.org/freebsd/af747389-42ba-11d9-bd37-00065be4b5b6.html" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=151905", + "refsource": "MISC", + "url": "http://sourceforge.net/project/shownotes.php?release_id=151905" + }, + { + "name": "8612", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8612" + }, + { + "name": "20030416 [VulnWatch] Apache mod_access_referer denial of service issue", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004555.html" + }, + { + "name": "7375", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7375" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1085.json b/2003/1xxx/CVE-2003-1085.json index 4624e70df72..56dbaa6f134 100644 --- a/2003/1xxx/CVE-2003-1085.json +++ b/2003/1xxx/CVE-2003-1085.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ST42.03.0a allows remote attackers to cause a denial of service (unstable service) via a long GET request, possibly caused by a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031123 Thomnson TCM315 Denial of service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/345414" - }, - { - "name" : "http://www.shellsec.net/leer_advisory.php?id=2", - "refsource" : "MISC", - "url" : "http://www.shellsec.net/leer_advisory.php?id=2" - }, - { - "name" : "20031123 Thomnson TCM315 Denial of service", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/014062.html" - }, - { - "name" : "20031124 Thomnson TCM315 Denial of service", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/014068.html" - }, - { - "name" : "20050219 Thomson TCW690 Denial Of Service Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=110880725322192&w=2" - }, - { - "name" : "20050219 Re: [Full-Disclosure] Thomson TCW690 Denial Of Service Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110888093214678&w=2" - }, - { - "name" : "9091", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9091" - }, - { - "name" : "10286", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10286" - }, - { - "name" : "14353", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14353" - }, - { - "name" : "thomson-http-get-dos(13815)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13815" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ST42.03.0a allows remote attackers to cause a denial of service (unstable service) via a long GET request, possibly caused by a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031123 Thomnson TCM315 Denial of service", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/014062.html" + }, + { + "name": "20050219 Thomson TCW690 Denial Of Service Vulnerability", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=110880725322192&w=2" + }, + { + "name": "20031124 Thomnson TCM315 Denial of service", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/014068.html" + }, + { + "name": "14353", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14353" + }, + { + "name": "20050219 Re: [Full-Disclosure] Thomson TCW690 Denial Of Service Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110888093214678&w=2" + }, + { + "name": "thomson-http-get-dos(13815)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13815" + }, + { + "name": "20031123 Thomnson TCM315 Denial of service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/345414" + }, + { + "name": "http://www.shellsec.net/leer_advisory.php?id=2", + "refsource": "MISC", + "url": "http://www.shellsec.net/leer_advisory.php?id=2" + }, + { + "name": "10286", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10286" + }, + { + "name": "9091", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9091" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1211.json b/2003/1xxx/CVE-2003-1211.json index 39731da182e..307a8d49dc1 100644 --- a/2003/1xxx/CVE-2003-1211.json +++ b/2003/1xxx/CVE-2003-1211.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.asp for MaxWebPortal 1.30 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the Search parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030606 Critical Vulnerabilities In Max Web Portal", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-06/0048.html" - }, - { - "name" : "7837", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7837" - }, - { - "name" : "3281", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3281" - }, - { - "name" : "8979", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8979" - }, - { - "name" : "maxwebportal-search-xss(12277)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.asp for MaxWebPortal 1.30 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the Search parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7837", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7837" + }, + { + "name": "maxwebportal-search-xss(12277)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12277" + }, + { + "name": "8979", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8979" + }, + { + "name": "20030606 Critical Vulnerabilities In Max Web Portal", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-06/0048.html" + }, + { + "name": "3281", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3281" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1584.json b/2003/1xxx/CVE-2003-1584.json index a7d1fc08f04..636b890f42f 100644 --- a/2003/1xxx/CVE-2003-1584.json +++ b/2003/1xxx/CVE-2003-1584.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in SurfStats allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030304 Log corruption on multiple webservers, log analyzers,...", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/313867" - }, - { - "name" : "surfstats-domain-name-xss(56649)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56649" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in SurfStats allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030304 Log corruption on multiple webservers, log analyzers,...", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/313867" + }, + { + "name": "surfstats-domain-name-xss(56649)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56649" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0260.json b/2004/0xxx/CVE-2004-0260.json index 97d05472c0f..4d4a008eee0 100644 --- a/2004/0xxx/CVE-2004-0260.json +++ b/2004/0xxx/CVE-2004-0260.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains a backdoor that allows remote attackers to delete arbitrary files via an email address that starts with |||." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040206 CactuSoft CactuShop 5.0 Lite shopping cart software backdoor", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107619501815888&w=2" - }, - { - "name" : "20040206 CactuSoft CactuShop 5.0 Lite shopping cart software backdoor", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016819.html" - }, - { - "name" : "cactushoplite-backdoor(15063)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15063" - }, - { - "name" : "9589", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains a backdoor that allows remote attackers to delete arbitrary files via an email address that starts with |||." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040206 CactuSoft CactuShop 5.0 Lite shopping cart software backdoor", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107619501815888&w=2" + }, + { + "name": "cactushoplite-backdoor(15063)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15063" + }, + { + "name": "9589", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9589" + }, + { + "name": "20040206 CactuSoft CactuShop 5.0 Lite shopping cart software backdoor", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016819.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0877.json b/2004/0xxx/CVE-2004-0877.json index 26155547040..be5ca094e60 100644 --- a/2004/0xxx/CVE-2004-0877.json +++ b/2004/0xxx/CVE-2004-0877.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0877", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0877", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2026.json b/2004/2xxx/CVE-2004-2026.json index f396a4d6542..7d5456d4f1b 100644 --- a/2004/2xxx/CVE-2004-2026.json +++ b/2004/2xxx/CVE-2004-2026.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2026", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040507 Pound <=1.5 Remote Exploit (Format string bug)", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0343.html" - }, - { - "name" : "GLSA-200405-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200405-08.xml" - }, - { - "name" : "http://www.apsis.ch/pound/pound_list/archive/2003/2003-12/1070234315000#1070234315000", - "refsource" : "CONFIRM", - "url" : "http://www.apsis.ch/pound/pound_list/archive/2003/2003-12/1070234315000#1070234315000" - }, - { - "name" : "10267", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10267" - }, - { - "name" : "5746", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5746" - }, - { - "name" : "1010034", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010034" - }, - { - "name" : "11528", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11528" - }, - { - "name" : "pound-logmsg-format-string(16033)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.apsis.ch/pound/pound_list/archive/2003/2003-12/1070234315000#1070234315000", + "refsource": "CONFIRM", + "url": "http://www.apsis.ch/pound/pound_list/archive/2003/2003-12/1070234315000#1070234315000" + }, + { + "name": "1010034", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010034" + }, + { + "name": "11528", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11528" + }, + { + "name": "5746", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5746" + }, + { + "name": "20040507 Pound <=1.5 Remote Exploit (Format string bug)", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0343.html" + }, + { + "name": "pound-logmsg-format-string(16033)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16033" + }, + { + "name": "GLSA-200405-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200405-08.xml" + }, + { + "name": "10267", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10267" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2048.json b/2004/2xxx/CVE-2004-2048.json index 6fa78fb32c2..8afa22339fc 100644 --- a/2004/2xxx/CVE-2004-2048.json +++ b/2004/2xxx/CVE-2004-2048.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier starts a process port 25072 that can be accessed with a default \"jstwo\" password, which allows remote attackers to gain access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040724 eSeSIX Thintune thin client multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109068491801021&w=2" - }, - { - "name" : "10794", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10794" - }, - { - "name" : "8246", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8246" - }, - { - "name" : "1010770", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010770" - }, - { - "name" : "12154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12154" - }, - { - "name" : "thintune-password-gain-access(16790)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16790" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier starts a process port 25072 that can be accessed with a default \"jstwo\" password, which allows remote attackers to gain access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "thintune-password-gain-access(16790)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16790" + }, + { + "name": "10794", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10794" + }, + { + "name": "12154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12154" + }, + { + "name": "1010770", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010770" + }, + { + "name": "20040724 eSeSIX Thintune thin client multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109068491801021&w=2" + }, + { + "name": "8246", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8246" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2569.json b/2004/2xxx/CVE-2004-2569.json index 48f2676c15e..1b1a416fddf 100644 --- a/2004/2xxx/CVE-2004-2569.json +++ b/2004/2xxx/CVE-2004-2569.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2569", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users to overwrite arbitrary files via a symlink attack on the ipmenu.log temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2569", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=244709", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=244709" - }, - { - "name" : "DSA-907", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-907" - }, - { - "name" : "10269", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10269" - }, - { - "name" : "5788", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5788" - }, - { - "name" : "1010064", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010064" - }, - { - "name" : "11526", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11526" - }, - { - "name" : "17682", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17682" - }, - { - "name" : "ipmenu-symlink(16052)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users to overwrite arbitrary files via a symlink attack on the ipmenu.log temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10269", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10269" + }, + { + "name": "17682", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17682" + }, + { + "name": "DSA-907", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-907" + }, + { + "name": "1010064", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010064" + }, + { + "name": "11526", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11526" + }, + { + "name": "5788", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5788" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=244709", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=244709" + }, + { + "name": "ipmenu-symlink(16052)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16052" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2034.json b/2008/2xxx/CVE-2008-2034.json index 695d239f898..715ed714c56 100644 --- a/2008/2xxx/CVE-2008-2034.json +++ b/2008/2xxx/CVE-2008-2034.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in wp-download_monitor/download.php in the Download Monitor 2.0.6 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "28975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28975" - }, - { - "name" : "29876", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29876" - }, - { - "name" : "downloadmonitor-id-sql-injection(42094)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42094" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in wp-download_monitor/download.php in the Download Monitor 2.0.6 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28975" + }, + { + "name": "29876", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29876" + }, + { + "name": "downloadmonitor-id-sql-injection(42094)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42094" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2553.json b/2008/2xxx/CVE-2008-2553.json index 985ab4fbf03..9d8ad7edd78 100644 --- a/2008/2xxx/CVE-2008-2553.json +++ b/2008/2xxx/CVE-2008-2553.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to inject arbitrary web script or HTML via the userfield parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://slashcode.cvs.sourceforge.net/slashcode/slash/Slash/Utility/Environment/Environment.pm?r1=1.223&r2=1.225", - "refsource" : "CONFIRM", - "url" : "http://slashcode.cvs.sourceforge.net/slashcode/slash/Slash/Utility/Environment/Environment.pm?r1=1.223&r2=1.225" - }, - { - "name" : "http://www.slashcode.com/article.pl?sid=08/01/04/1950244&tid=4", - "refsource" : "CONFIRM", - "url" : "http://www.slashcode.com/article.pl?sid=08/01/04/1950244&tid=4" - }, - { - "name" : "http://www.slashcode.com/article.pl?sid=08/01/07/2314232", - "refsource" : "CONFIRM", - "url" : "http://www.slashcode.com/article.pl?sid=08/01/07/2314232" - }, - { - "name" : "DSA-1633", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1633" - }, - { - "name" : "29548", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29548" - }, - { - "name" : "1020207", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020207" - }, - { - "name" : "30551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30551" - }, - { - "name" : "31691", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31691" - }, - { - "name" : "slash-userfield-xss(42882)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42882" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to inject arbitrary web script or HTML via the userfield parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.slashcode.com/article.pl?sid=08/01/07/2314232", + "refsource": "CONFIRM", + "url": "http://www.slashcode.com/article.pl?sid=08/01/07/2314232" + }, + { + "name": "slash-userfield-xss(42882)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42882" + }, + { + "name": "31691", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31691" + }, + { + "name": "http://slashcode.cvs.sourceforge.net/slashcode/slash/Slash/Utility/Environment/Environment.pm?r1=1.223&r2=1.225", + "refsource": "CONFIRM", + "url": "http://slashcode.cvs.sourceforge.net/slashcode/slash/Slash/Utility/Environment/Environment.pm?r1=1.223&r2=1.225" + }, + { + "name": "http://www.slashcode.com/article.pl?sid=08/01/04/1950244&tid=4", + "refsource": "CONFIRM", + "url": "http://www.slashcode.com/article.pl?sid=08/01/04/1950244&tid=4" + }, + { + "name": "DSA-1633", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1633" + }, + { + "name": "1020207", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020207" + }, + { + "name": "30551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30551" + }, + { + "name": "29548", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29548" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2876.json b/2008/2xxx/CVE-2008-2876.json index 853854e4fd8..b88993ecfe3 100644 --- a/2008/2xxx/CVE-2008-2876.json +++ b/2008/2xxx/CVE-2008-2876.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in mUnky 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the zone parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080815 munky-bliki lfi", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495503" - }, - { - "name" : "20090125 Re: munky-bliki lfi", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500380/30/0/threaded" - }, - { - "name" : "5933", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5933" - }, - { - "name" : "29934", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29934" - }, - { - "name" : "30705", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30705" - }, - { - "name" : "ADV-2008-1950", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1950/references" - }, - { - "name" : "munky-index-file-include(43360)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43360" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in mUnky 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the zone parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1950", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1950/references" + }, + { + "name": "20090125 Re: munky-bliki lfi", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500380/30/0/threaded" + }, + { + "name": "munky-index-file-include(43360)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43360" + }, + { + "name": "30705", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30705" + }, + { + "name": "5933", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5933" + }, + { + "name": "20080815 munky-bliki lfi", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495503" + }, + { + "name": "29934", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29934" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0348.json b/2012/0xxx/CVE-2012-0348.json index 5e4f1eb8de1..bde663274a1 100644 --- a/2012/0xxx/CVE-2012-0348.json +++ b/2012/0xxx/CVE-2012-0348.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0348", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0348", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0906.json b/2012/0xxx/CVE-2012-0906.json index 8d078821719..be2a83c68c3 100644 --- a/2012/0xxx/CVE-2012-0906.json +++ b/2012/0xxx/CVE-2012-0906.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Moviebase addon for deV!L'z Clanportal (DZCP) 1.5.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a showkat action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18386", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18386" - }, - { - "name" : "clanportal-id-sql-injection(72453)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72453" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Moviebase addon for deV!L'z Clanportal (DZCP) 1.5.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a showkat action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "clanportal-id-sql-injection(72453)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72453" + }, + { + "name": "18386", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18386" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1764.json b/2012/1xxx/CVE-2012-1764.json index 86c83ba79d2..9f82d00bb61 100644 --- a/2012/1xxx/CVE-2012-1764.json +++ b/2012/1xxx/CVE-2012-1764.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1764", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to MCF." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "54545", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54545" - }, - { - "name" : "83969", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83969" - }, - { - "name" : "1027265", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027265" - }, - { - "name" : "49951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49951" - }, - { - "name" : "peoplesoftenterprise-ptmcf-cve20121764(77030)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77030" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to MCF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49951" + }, + { + "name": "54545", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54545" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "83969", + "refsource": "OSVDB", + "url": "http://osvdb.org/83969" + }, + { + "name": "peoplesoftenterprise-ptmcf-cve20121764(77030)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77030" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "1027265", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027265" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1995.json b/2012/1xxx/CVE-2012-1995.json index bf63da32912..6ff17afff94 100644 --- a/2012/1xxx/CVE-2012-1995.json +++ b/2012/1xxx/CVE-2012-1995.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows local users to obtain sensitive information or modify data via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-1995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02769", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151" - }, - { - "name" : "SSRT100846", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows local users to obtain sensitive information or modify data via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBMU02769", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151" + }, + { + "name": "SSRT100846", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5539.json b/2012/5xxx/CVE-2012-5539.json index b7c26c0461d..8068890b31d 100644 --- a/2012/5xxx/CVE-2012-5539.json +++ b/2012/5xxx/CVE-2012-5539.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/20/4" - }, - { - "name" : "http://drupal.org/node/1796036", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1796036" - }, - { - "name" : "http://drupal.org/node/1795906", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1795906" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1795906", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1795906" + }, + { + "name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4" + }, + { + "name": "http://drupal.org/node/1796036", + "refsource": "MISC", + "url": "http://drupal.org/node/1796036" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5728.json b/2012/5xxx/CVE-2012-5728.json index 444cfdd6c41..f83f38adb80 100644 --- a/2012/5xxx/CVE-2012-5728.json +++ b/2012/5xxx/CVE-2012-5728.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5728", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5728", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11288.json b/2017/11xxx/CVE-2017-11288.json index 62d536aed5f..dffe720a2b2 100644 --- a/2017/11xxx/CVE-2017-11288.json +++ b/2017/11xxx/CVE-2017-11288.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-11288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Connect 9.6.2 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Connect 9.6.2 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Reflected cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-11288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Connect 9.6.2 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Connect 9.6.2 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/connect/apsb17-35.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/connect/apsb17-35.html" - }, - { - "name" : "101838", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101838" - }, - { - "name" : "1039799", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039799" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/connect/apsb17-35.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/connect/apsb17-35.html" + }, + { + "name": "1039799", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039799" + }, + { + "name": "101838", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101838" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11769.json b/2017/11xxx/CVE-2017-11769.json index 59c83b53af1..531d4fb77a0 100644 --- a/2017/11xxx/CVE-2017-11769.json +++ b/2017/11xxx/CVE-2017-11769.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-11769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Windows TRIE", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Windows TRIE component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles loading dll files, aka \"TRIE Remote Code Execution Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-11769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Windows TRIE", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11769", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11769" - }, - { - "name" : "101112", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101112" - }, - { - "name" : "1039535", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039535" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Windows TRIE component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles loading dll files, aka \"TRIE Remote Code Execution Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11769", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11769" + }, + { + "name": "1039535", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039535" + }, + { + "name": "101112", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101112" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3223.json b/2017/3xxx/CVE-2017-3223.json index c3445095b64..efe49a82604 100644 --- a/2017/3xxx/CVE-2017-3223.json +++ b/2017/3xxx/CVE-2017-3223.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2017-3223", - "STATE" : "PUBLIC", - "TITLE" : "Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "IP Camera", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621", - "version_value" : "DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621" - } - ] - } - } - ] - }, - "vendor_name" : "Dahua" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Thanks to Ilya Smith of Positive Technologies for reporting this vulnerability." - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia (/usr/bin/sonia) that provides the web interface and other services for controlling the IP camera remotely. Versions of Sonia included in firmware versions prior to DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621 do not validate input data length for the 'password' field of the web interface. A remote, unauthenticated attacker may submit a crafted POST request to the IP camera's Sonia web interface that may lead to out-of-bounds memory operations and loss of availability or remote code execution. The issue was originally identified by the researcher in firmware version DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-3223", + "STATE": "PUBLIC", + "TITLE": "Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "IP Camera", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621", + "version_value": "DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621" + } + ] + } + } + ] + }, + "vendor_name": "Dahua" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#547255", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/547255" - }, - { - "name" : "99620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99620" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "Dahua has released firmware version DH_IPC-ACK-Themis_Eng_P_V2.400.0000.14.R.20170713.bin to address this issue" - } - ], - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Ilya Smith of Positive Technologies for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia web interface that may be vulnerable to a stack buffer overflow. Dahua IP camera products include an application known as Sonia (/usr/bin/sonia) that provides the web interface and other services for controlling the IP camera remotely. Versions of Sonia included in firmware versions prior to DH_IPC-Consumer-Zi-Themis_Eng_P_V2.408.0000.11.R.20170621 do not validate input data length for the 'password' field of the web interface. A remote, unauthenticated attacker may submit a crafted POST request to the IP camera's Sonia web interface that may lead to out-of-bounds memory operations and loss of availability or remote code execution. The issue was originally identified by the researcher in firmware version DH_IPC-HX1X2X-Themis_EngSpnFrn_N_V2.400.0000.30.R.20160803." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#547255", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/547255" + }, + { + "name": "99620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99620" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Dahua has released firmware version DH_IPC-ACK-Themis_Eng_P_V2.400.0000.14.R.20170713.bin to address this issue" + } + ], + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3460.json b/2017/3xxx/CVE-2017-3460.json index 6c2593d1a94..f5af4382537 100644 --- a/2017/3xxx/CVE-2017-3460.json +++ b/2017/3xxx/CVE-2017-3460.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.7.17 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.7.17 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "RHSA-2017:2886", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2886" - }, - { - "name" : "97826", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97826" - }, - { - "name" : "1038287", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038287", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038287" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "RHSA-2017:2886", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2886" + }, + { + "name": "97826", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97826" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3503.json b/2017/3xxx/CVE-2017-3503.json index 86349321dfa..c0b1bf7513f 100644 --- a/2017/3xxx/CVE-2017-3503.json +++ b/2017/3xxx/CVE-2017-3503.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Primavera P6 Enterprise Project Portfolio Management", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "8.3" - }, - { - "version_affected" : "=", - "version_value" : "8.4" - }, - { - "version_affected" : "=", - "version_value" : "15.1" - }, - { - "version_affected" : "=", - "version_value" : "15.2" - }, - { - "version_affected" : "=", - "version_value" : "16.1" - }, - { - "version_affected" : "=", - "version_value" : "16.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access (Apache Commons BeanUtils)). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. While the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. While the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Primavera P6 Enterprise Project Portfolio Management." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Primavera P6 Enterprise Project Portfolio Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.3" + }, + { + "version_affected": "=", + "version_value": "8.4" + }, + { + "version_affected": "=", + "version_value": "15.1" + }, + { + "version_affected": "=", + "version_value": "15.2" + }, + { + "version_affected": "=", + "version_value": "16.1" + }, + { + "version_affected": "=", + "version_value": "16.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97891", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97891" - }, - { - "name" : "1038289", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access (Apache Commons BeanUtils)). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. While the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. While the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Primavera P6 Enterprise Project Portfolio Management." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97891", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97891" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "1038289", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038289" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7634.json b/2017/7xxx/CVE-2017-7634.json index 2791649c59e..6f1b57dd965 100644 --- a/2017/7xxx/CVE-2017-7634.json +++ b/2017/7xxx/CVE-2017-7634.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@qnapsecurity.com.tw", - "DATE_PUBLIC" : "2018-03-08T00:00:00", - "ID" : "CVE-2017-7634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "QNAP Media Streaming Add-On", - "version" : { - "version_data" : [ - { - "version_value" : "421.1.0.2, 430.1.2.0, and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "QNAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to inject arbitrary web script or HTML. The injected code will only be triggered by a crafted link, not the normal page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "security@qnap.com", + "DATE_PUBLIC": "2018-03-08T00:00:00", + "ID": "CVE-2017-7634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "QNAP Media Streaming Add-On", + "version": { + "version_data": [ + { + "version_value": "421.1.0.2, 430.1.2.0, and earlier" + } + ] + } + } + ] + }, + "vendor_name": "QNAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08", - "refsource" : "CONFIRM", - "url" : "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier allows remote attackers to inject arbitrary web script or HTML. The injected code will only be triggered by a crafted link, not the normal page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08", + "refsource": "CONFIRM", + "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7676.json b/2017/7xxx/CVE-2017-7676.json index 7401aecdf06..ceffbed1c07 100644 --- a/2017/7xxx/CVE-2017-7676.json +++ b/2017/7xxx/CVE-2017-7676.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-7676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Ranger", - "version" : { - "version_data" : [ - { - "version_value" : "0.5.x" - }, - { - "version_value" : "0.6.x" - }, - { - "version_value" : "0.7.0" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt. This can result in unintended behavior." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authorization" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-7676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Ranger", + "version": { + "version_data": [ + { + "version_value": "0.5.x" + }, + { + "version_value": "0.6.x" + }, + { + "version_value": "0.7.0" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger", - "refsource" : "CONFIRM", - "url" : "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger" - }, - { - "name" : "98958", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98958" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt. This can result in unintended behavior." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger", + "refsource": "CONFIRM", + "url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger" + }, + { + "name": "98958", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98958" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7711.json b/2017/7xxx/CVE-2017-7711.json index e5e839f7696..8b658f37427 100644 --- a/2017/7xxx/CVE-2017-7711.json +++ b/2017/7xxx/CVE-2017-7711.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7711", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7711", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7734.json b/2017/7xxx/CVE-2017-7734.json index 404b94ae17a..6f30b968aed 100644 --- a/2017/7xxx/CVE-2017-7734.json +++ b/2017/7xxx/CVE-2017-7734.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@fortinet.com", - "DATE_PUBLIC" : "2017-09-11T00:00:00", - "ID" : "CVE-2017-7734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fortinet FortiOS", - "version" : { - "version_data" : [ - { - "version_value" : "FortiOS versions 5.4.0 through 5.4.4" - } - ] - } - } - ] - }, - "vendor_name" : "Fortinet, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Execute unauthorized code or commands" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@fortinet.com", + "DATE_PUBLIC": "2017-09-11T00:00:00", + "ID": "CVE-2017-7734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiOS", + "version": { + "version_data": [ + { + "version_value": "FortiOS versions 5.4.0 through 5.4.4" + } + ] + } + } + ] + }, + "vendor_name": "Fortinet, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fortiguard.com/advisory/FG-IR-17-127", - "refsource" : "CONFIRM", - "url" : "https://fortiguard.com/advisory/FG-IR-17-127" - }, - { - "name" : "99098", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99098" - }, - { - "name" : "1038705", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038705" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via 'Comments' while saving Config Revisions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038705", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038705" + }, + { + "name": "https://fortiguard.com/advisory/FG-IR-17-127", + "refsource": "CONFIRM", + "url": "https://fortiguard.com/advisory/FG-IR-17-127" + }, + { + "name": "99098", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99098" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8041.json b/2017/8xxx/CVE-2017-8041.json index bc944ee8427..b10b7c8889d 100644 --- a/2017/8xxx/CVE-2017-8041.json +++ b/2017/8xxx/CVE-2017-8041.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-8041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3", - "version" : { - "version_data" : [ - { - "version_value" : "PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XSS vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-8041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3", + "version": { + "version_data": [ + { + "version_value": "PCF Single Sign-On for PCF:1.3.x versions prior to 1.3.4, 1.4.x versions prior to 1.4.3" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2017-8041", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2017-8041" - }, - { - "name" : "100615", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100615" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100615", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100615" + }, + { + "name": "https://pivotal.io/security/cve-2017-8041", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2017-8041" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8135.json b/2017/8xxx/CVE-2017-8135.json index e1b93eef488..e30f0b3e05f 100644 --- a/2017/8xxx/CVE-2017-8135.json +++ b/2017/8xxx/CVE-2017-8135.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FusionSphere OpenStack", - "version" : { - "version_data" : [ - { - "version_value" : "V100R006C00 and V100R006C10" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FusionSphere OpenStack", + "version": { + "version_data": [ + { + "version_value": "V100R006C00 and V100R006C10" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en" - }, - { - "name" : "102262", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102262" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102262", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102262" + }, + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10145.json b/2018/10xxx/CVE-2018-10145.json index 010a20a5b2b..b995d2da455 100644 --- a/2018/10xxx/CVE-2018-10145.json +++ b/2018/10xxx/CVE-2018-10145.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10145", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-10145", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10360.json b/2018/10xxx/CVE-2018-10360.json index a7fa0332dda..9a8c2152c57 100644 --- a/2018/10xxx/CVE-2018-10360.json +++ b/2018/10xxx/CVE-2018-10360.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22", - "refsource" : "CONFIRM", - "url" : "https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22" - }, - { - "name" : "GLSA-201806-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201806-08" - }, - { - "name" : "USN-3686-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3686-1/" - }, - { - "name" : "USN-3686-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3686-2/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3686-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3686-1/" + }, + { + "name": "https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22", + "refsource": "CONFIRM", + "url": "https://github.com/file/file/commit/a642587a9c9e2dd7feacdf513c3643ce26ad3c22" + }, + { + "name": "USN-3686-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3686-2/" + }, + { + "name": "GLSA-201806-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201806-08" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10559.json b/2018/10xxx/CVE-2018-10559.json index 54d0ba5e613..b6c1c6a5dff 100644 --- a/2018/10xxx/CVE-2018-10559.json +++ b/2018/10xxx/CVE-2018-10559.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10559", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10559", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10657.json b/2018/10xxx/CVE-2018-10657.json index ca10328bb94..00840b3628f 100644 --- a/2018/10xxx/CVE-2018-10657.json +++ b/2018/10xxx/CVE-2018-10657.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/matrix-org/synapse/commit/33f469ba19586bbafa0cf2c7d7c35463bdab87eb", - "refsource" : "CONFIRM", - "url" : "https://github.com/matrix-org/synapse/commit/33f469ba19586bbafa0cf2c7d7c35463bdab87eb" - }, - { - "name" : "https://matrix.org/blog/2018/05/01/security-update-synapse-0-28-1/", - "refsource" : "CONFIRM", - "url" : "https://matrix.org/blog/2018/05/01/security-update-synapse-0-28-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py, as exploited in the wild in April 2018." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://matrix.org/blog/2018/05/01/security-update-synapse-0-28-1/", + "refsource": "CONFIRM", + "url": "https://matrix.org/blog/2018/05/01/security-update-synapse-0-28-1/" + }, + { + "name": "https://github.com/matrix-org/synapse/commit/33f469ba19586bbafa0cf2c7d7c35463bdab87eb", + "refsource": "CONFIRM", + "url": "https://github.com/matrix-org/synapse/commit/33f469ba19586bbafa0cf2c7d7c35463bdab87eb" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10727.json b/2018/10xxx/CVE-2018-10727.json index db135b3f86a..5a9e9280a7d 100644 --- a/2018/10xxx/CVE-2018-10727.json +++ b/2018/10xxx/CVE-2018-10727.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10727", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10727", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12505.json b/2018/12xxx/CVE-2018-12505.json index 81d78fa1586..251861ec93b 100644 --- a/2018/12xxx/CVE-2018-12505.json +++ b/2018/12xxx/CVE-2018-12505.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12505", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12505", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13011.json b/2018/13xxx/CVE-2018-13011.json index e4a654853db..8b50717ab10 100644 --- a/2018/13xxx/CVE-2018-13011.json +++ b/2018/13xxx/CVE-2018-13011.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Validate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/gopro/gpmf-parser/issues/31", - "refsource" : "MISC", - "url" : "https://github.com/gopro/gpmf-parser/issues/31" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Validate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/gopro/gpmf-parser/issues/31", + "refsource": "MISC", + "url": "https://github.com/gopro/gpmf-parser/issues/31" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13098.json b/2018/13xxx/CVE-2018-13098.json index b80382dd87f..87fe36a1727 100644 --- a/2018/13xxx/CVE-2018-13098.json +++ b/2018/13xxx/CVE-2018-13098.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.kernel.org/show_bug.cgi?id=200173", - "refsource" : "MISC", - "url" : "https://bugzilla.kernel.org/show_bug.cgi?id=200173" - }, - { - "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=346886775c5fa6a541c0148bbecc0554ab9d6dad", - "refsource" : "MISC", - "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=346886775c5fa6a541c0148bbecc0554ab9d6dad" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.kernel.org/show_bug.cgi?id=200173", + "refsource": "MISC", + "url": "https://bugzilla.kernel.org/show_bug.cgi?id=200173" + }, + { + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=346886775c5fa6a541c0148bbecc0554ab9d6dad", + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=346886775c5fa6a541c0148bbecc0554ab9d6dad" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13423.json b/2018/13xxx/CVE-2018-13423.json index 6c56ae8d43a..0cb456b5dc9 100644 --- a/2018/13xxx/CVE-2018-13423.json +++ b/2018/13xxx/CVE-2018-13423.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/omeka/Omeka/commit/ba841892116544847d76d3838781c9708cb92221", - "refsource" : "MISC", - "url" : "https://github.com/omeka/Omeka/commit/ba841892116544847d76d3838781c9708cb92221" - }, - { - "name" : "https://github.com/omeka/Omeka/releases/tag/v2.6.1", - "refsource" : "MISC", - "url" : "https://github.com/omeka/Omeka/releases/tag/v2.6.1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/omeka/Omeka/commit/ba841892116544847d76d3838781c9708cb92221", + "refsource": "MISC", + "url": "https://github.com/omeka/Omeka/commit/ba841892116544847d76d3838781c9708cb92221" + }, + { + "name": "https://github.com/omeka/Omeka/releases/tag/v2.6.1", + "refsource": "MISC", + "url": "https://github.com/omeka/Omeka/releases/tag/v2.6.1" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13445.json b/2018/13xxx/CVE-2018-13445.json index f0d5b885531..850800bc42f 100644 --- a/2018/13xxx/CVE-2018-13445.json +++ b/2018/13xxx/CVE-2018-13445.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/admin_manager.php?action=add." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/MichaelWayneLIU/seacms/blob/master/seacms1.md", - "refsource" : "MISC", - "url" : "https://github.com/MichaelWayneLIU/seacms/blob/master/seacms1.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/admin_manager.php?action=add." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/MichaelWayneLIU/seacms/blob/master/seacms1.md", + "refsource": "MISC", + "url": "https://github.com/MichaelWayneLIU/seacms/blob/master/seacms1.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13555.json b/2018/13xxx/CVE-2018-13555.json index a6159526d84..5689dc2e8cc 100644 --- a/2018/13xxx/CVE-2018-13555.json +++ b/2018/13xxx/CVE-2018-13555.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13555", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for JaxBox, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13555", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JaxBox", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JaxBox" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for JaxBox, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JaxBox", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JaxBox" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17436.json b/2018/17xxx/CVE-2018-17436.json index 6d851eea532..72705f8204b 100644 --- a/2018/17xxx/CVE-2018-17436.json +++ b/2018/17xxx/CVE-2018-17436.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17436", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (invalid write access) via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#invalid-write-memory-access-in-decompressc", - "refsource" : "MISC", - "url" : "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#invalid-write-memory-access-in-decompressc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (invalid write access) via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#invalid-write-memory-access-in-decompressc", + "refsource": "MISC", + "url": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#invalid-write-memory-access-in-decompressc" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17539.json b/2018/17xxx/CVE-2018-17539.json index 6fdd17a032a..c8a028785c4 100644 --- a/2018/17xxx/CVE-2018-17539.json +++ b/2018/17xxx/CVE-2018-17539.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path containing 8 or more autonomous system number (ASN) elements." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K17264695", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K17264695" - }, - { - "name" : "106367", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106367" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path containing 8 or more autonomous system number (ASN) elements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K17264695", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K17264695" + }, + { + "name": "106367", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106367" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17785.json b/2018/17xxx/CVE-2018-17785.json index 613a01cd3b5..ad7e0fef1af 100644 --- a/2018/17xxx/CVE-2018-17785.json +++ b/2018/17xxx/CVE-2018-17785.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In blynk-server in Blynk before 0.39.7, Directory Traversal exists via a ../ in a URI that has /static or /static/js at the beginning, as demonstrated by reading the /etc/passwd file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/blynkkk/blynk-server/issues/1256", - "refsource" : "CONFIRM", - "url" : "https://github.com/blynkkk/blynk-server/issues/1256" - }, - { - "name" : "https://github.com/blynkkk/blynk-server/releases/tag/v0.39.7", - "refsource" : "CONFIRM", - "url" : "https://github.com/blynkkk/blynk-server/releases/tag/v0.39.7" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In blynk-server in Blynk before 0.39.7, Directory Traversal exists via a ../ in a URI that has /static or /static/js at the beginning, as demonstrated by reading the /etc/passwd file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/blynkkk/blynk-server/issues/1256", + "refsource": "CONFIRM", + "url": "https://github.com/blynkkk/blynk-server/issues/1256" + }, + { + "name": "https://github.com/blynkkk/blynk-server/releases/tag/v0.39.7", + "refsource": "CONFIRM", + "url": "https://github.com/blynkkk/blynk-server/releases/tag/v0.39.7" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17881.json b/2018/17xxx/CVE-2018-17881.json index 04170ef75ee..0cf3ef306cb 100644 --- a/2018/17xxx/CVE-2018-17881.json +++ b/2018/17xxx/CVE-2018-17881.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://xz.aliyun.com/t/2834#toc-5", - "refsource" : "MISC", - "url" : "https://xz.aliyun.com/t/2834#toc-5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On D-Link DIR-823G 2018-09-19 devices, the GoAhead configuration allows /HNAP1 SetPasswdSettings commands without authentication to trigger an admin password change." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://xz.aliyun.com/t/2834#toc-5", + "refsource": "MISC", + "url": "https://xz.aliyun.com/t/2834#toc-5" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17890.json b/2018/17xxx/CVE-2018-17890.json index 429ab137f4a..0f4427b69d4 100644 --- a/2018/17xxx/CVE-2018-17890.json +++ b/2018/17xxx/CVE-2018-17890.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-10-11T00:00:00", - "ID" : "CVE-2018-17890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NUUO CMS", - "version" : { - "version_data" : [ - { - "version_value" : "All versions 3.1 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "NUUO" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "USE OF OBSOLETE FUNCTION CWE-477" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-10-11T00:00:00", + "ID": "CVE-2018-17890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NUUO CMS", + "version": { + "version_data": [ + { + "version_value": "All versions 3.1 and prior" + } + ] + } + } + ] + }, + "vendor_name": "NUUO" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02" - }, - { - "name" : "105717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105717" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functionality, which could allow arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "USE OF OBSOLETE FUNCTION CWE-477" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105717" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9247.json b/2018/9xxx/CVE-2018-9247.json index 8627f10f767..c5f40f18028 100644 --- a/2018/9xxx/CVE-2018-9247.json +++ b/2018/9xxx/CVE-2018-9247.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The upsql function in \\Lib\\Lib\\Action\\Admin\\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a