From 9a61b810b8ac37b01798f9fc6daff1ce4489afc1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:39:16 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2003/0xxx/CVE-2003-0116.json | 150 ++++++------- 2003/0xxx/CVE-2003-0156.json | 140 ++++++------ 2003/0xxx/CVE-2003-0560.json | 130 +++++------ 2003/0xxx/CVE-2003-0644.json | 140 ++++++------ 2003/0xxx/CVE-2003-0830.json | 120 +++++------ 2003/1xxx/CVE-2003-1106.json | 140 ++++++------ 2003/1xxx/CVE-2003-1216.json | 170 +++++++-------- 2003/1xxx/CVE-2003-1322.json | 140 ++++++------ 2004/0xxx/CVE-2004-0148.json | 240 ++++++++++----------- 2004/0xxx/CVE-2004-0439.json | 34 +-- 2004/0xxx/CVE-2004-0452.json | 250 +++++++++++----------- 2004/0xxx/CVE-2004-0509.json | 34 +-- 2004/0xxx/CVE-2004-0684.json | 140 ++++++------ 2004/2xxx/CVE-2004-2255.json | 180 ++++++++-------- 2004/2xxx/CVE-2004-2286.json | 140 ++++++------ 2004/2xxx/CVE-2004-2581.json | 170 +++++++-------- 2008/2xxx/CVE-2008-2618.json | 200 ++++++++--------- 2008/2xxx/CVE-2008-2760.json | 170 +++++++-------- 2008/2xxx/CVE-2008-2895.json | 150 ++++++------- 2012/0xxx/CVE-2012-0666.json | 160 +++++++------- 2012/1xxx/CVE-2012-1379.json | 34 +-- 2012/1xxx/CVE-2012-1433.json | 130 +++++------ 2012/1xxx/CVE-2012-1878.json | 140 ++++++------ 2012/5xxx/CVE-2012-5020.json | 34 +-- 2012/5xxx/CVE-2012-5146.json | 150 ++++++------- 2012/5xxx/CVE-2012-5300.json | 150 ++++++------- 2012/5xxx/CVE-2012-5611.json | 380 ++++++++++++++++----------------- 2012/5xxx/CVE-2012-5624.json | 210 +++++++++--------- 2012/5xxx/CVE-2012-5882.json | 150 ++++++------- 2017/3xxx/CVE-2017-3483.json | 150 ++++++------- 2017/3xxx/CVE-2017-3514.json | 178 +++++++-------- 2017/3xxx/CVE-2017-3823.json | 190 ++++++++--------- 2017/7xxx/CVE-2017-7313.json | 120 +++++------ 2017/7xxx/CVE-2017-7338.json | 120 +++++------ 2017/7xxx/CVE-2017-7595.json | 160 +++++++------- 2017/7xxx/CVE-2017-7613.json | 150 ++++++------- 2017/8xxx/CVE-2017-8007.json | 150 ++++++------- 2017/8xxx/CVE-2017-8298.json | 120 +++++------ 2017/8xxx/CVE-2017-8527.json | 140 ++++++------ 2017/8xxx/CVE-2017-8624.json | 142 ++++++------ 2018/10xxx/CVE-2018-10014.json | 34 +-- 2018/10xxx/CVE-2018-10630.json | 132 ++++++------ 2018/10xxx/CVE-2018-10841.json | 170 +++++++-------- 2018/10xxx/CVE-2018-10948.json | 34 +-- 2018/12xxx/CVE-2018-12221.json | 122 +++++------ 2018/12xxx/CVE-2018-12230.json | 120 +++++------ 2018/12xxx/CVE-2018-12918.json | 120 +++++------ 2018/13xxx/CVE-2018-13588.json | 130 +++++------ 2018/13xxx/CVE-2018-13769.json | 130 +++++------ 2018/17xxx/CVE-2018-17127.json | 120 +++++------ 2018/17xxx/CVE-2018-17160.json | 130 +++++------ 2018/17xxx/CVE-2018-17369.json | 120 +++++------ 2018/17xxx/CVE-2018-17452.json | 34 +-- 2018/17xxx/CVE-2018-17840.json | 34 +-- 2018/9xxx/CVE-2018-9748.json | 34 +-- 55 files changed, 3730 insertions(+), 3730 deletions(-) diff --git a/2003/0xxx/CVE-2003-0116.json b/2003/0xxx/CVE-2003-0116.json index efae84fe1c5..6dfa2da56ba 100644 --- a/2003/0xxx/CVE-2003-0116.json +++ b/2003/0xxx/CVE-2003-0116.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka \"Modal Dialog script execution.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021203 Poisonous Style for Dialog window turns the zone off.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/301945" - }, - { - "name" : "MS03-015", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" - }, - { - "name" : "VU#244729", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/244729" - }, - { - "name" : "6306", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6306" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka \"Modal Dialog script execution.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021203 Poisonous Style for Dialog window turns the zone off.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/301945" + }, + { + "name": "VU#244729", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/244729" + }, + { + "name": "MS03-015", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015" + }, + { + "name": "6306", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6306" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0156.json b/2003/0xxx/CVE-2003-0156.json index 04bcd0edaca..eab781a3bfa 100644 --- a/2003/0xxx/CVE-2003-0156.json +++ b/2003/0xxx/CVE-2003-0156.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Cross-Referencing Linux (LXR) allows remote attackers to read arbitrary files via .. (dot dot) sequences in the v parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030311 Cross-Referencing Linux vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104739747222492&w=2" - }, - { - "name" : "DSA-264", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-264" - }, - { - "name" : "7062", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7062" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Cross-Referencing Linux (LXR) allows remote attackers to read arbitrary files via .. (dot dot) sequences in the v parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-264", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-264" + }, + { + "name": "7062", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7062" + }, + { + "name": "20030311 Cross-Referencing Linux vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104739747222492&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0560.json b/2003/0xxx/CVE-2003-0560.json index 5f4381ecc93..e805001cfcf 100644 --- a/2003/0xxx/CVE-2003-0560.json +++ b/2003/0xxx/CVE-2003-0560.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0560", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0560", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030704 VPASP SQL Injection Vulnerability & Exploit CODE", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105733277731084&w=2" - }, - { - "name" : "8159", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8159" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8159", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8159" + }, + { + "name": "20030704 VPASP SQL Injection Vulnerability & Exploit CODE", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105733277731084&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0644.json b/2003/0xxx/CVE-2003-0644.json index c5efb48f781..b8ed5be444e 100644 --- a/2003/0xxx/CVE-2003-0644.json +++ b/2003/0xxx/CVE-2003-0644.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which allows local users to execute arbitrary commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lists.kde.org/?l=kde-announce&m=106296509815092&w=2", - "refsource" : "CONFIRM", - "url" : "http://lists.kde.org/?l=kde-announce&m=106296509815092&w=2" - }, - { - "name" : "[debian-devel-changes] 20030909 Accepted kdbg 1.2.9-1 (i386 source)", - "refsource" : "MLIST", - "url" : "http://lists.debian.org/debian-devel-changes/2003/09/msg00767.html" - }, - { - "name" : "RHSA-2005:416", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-416.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which allows local users to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lists.kde.org/?l=kde-announce&m=106296509815092&w=2", + "refsource": "CONFIRM", + "url": "http://lists.kde.org/?l=kde-announce&m=106296509815092&w=2" + }, + { + "name": "[debian-devel-changes] 20030909 Accepted kdbg 1.2.9-1 (i386 source)", + "refsource": "MLIST", + "url": "http://lists.debian.org/debian-devel-changes/2003/09/msg00767.html" + }, + { + "name": "RHSA-2005:416", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-416.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0830.json b/2003/0xxx/CVE-2003-0830.json index 6113605d44f..e28df3f94e7 100644 --- a/2003/0xxx/CVE-2003-0830.json +++ b/2003/0xxx/CVE-2003-0830.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0830", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in marbles 1.0.2 and earlier allows local users to gain privileges via a long HOME environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0830", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-390", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-390" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in marbles 1.0.2 and earlier allows local users to gain privileges via a long HOME environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-390", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-390" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1106.json b/2003/1xxx/CVE-2003-1106.json index c949f98f808..0da70aacdb4 100644 --- a/2003/1xxx/CVE-2003-1106.json +++ b/2003/1xxx/CVE-2003-1106.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "330716", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/default.aspx?kbid=330716" - }, - { - "name" : "VU#155252", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/155252" - }, - { - "name" : "8195", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8195" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "330716", + "refsource": "MSKB", + "url": "http://support.microsoft.com/default.aspx?kbid=330716" + }, + { + "name": "VU#155252", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/155252" + }, + { + "name": "8195", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8195" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1216.json b/2003/1xxx/CVE-2003-1216.json index c13f2364f60..854fadb2393 100644 --- a/2003/1xxx/CVE-2003-1216.json +++ b/2003/1xxx/CVE-2003-1216.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1216", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031127 phpBB 2.06 search.php SQL injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106997132425576&w=2" - }, - { - "name" : "20031128 [Hat-Squad] phpBB search_id injection exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107005608726609&w=2" - }, - { - "name" : "20031220 phpBB v2.06 search_id sql injection exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107196735102970&w=2" - }, - { - "name" : "http://www.phpbb.com/phpBB/viewtopic.php?t=153818", - "refsource" : "CONFIRM", - "url" : "http://www.phpbb.com/phpBB/viewtopic.php?t=153818" - }, - { - "name" : "9122", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9122" - }, - { - "name" : "phpbb-searchphp-sql-injection(13867)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.phpbb.com/phpBB/viewtopic.php?t=153818", + "refsource": "CONFIRM", + "url": "http://www.phpbb.com/phpBB/viewtopic.php?t=153818" + }, + { + "name": "phpbb-searchphp-sql-injection(13867)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13867" + }, + { + "name": "20031220 phpBB v2.06 search_id sql injection exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107196735102970&w=2" + }, + { + "name": "9122", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9122" + }, + { + "name": "20031128 [Hat-Squad] phpBB search_id injection exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107005608726609&w=2" + }, + { + "name": "20031127 phpBB 2.06 search.php SQL injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106997132425576&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1322.json b/2003/1xxx/CVE-2003-1322.json index be7c290aa78..941416cd928 100644 --- a/2003/1xxx/CVE-2003-1322.json +++ b/2003/1xxx/CVE-2003-1322.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030606 Multiple Buffer Overflow Vulnerabilities Found in MERCUR Mail server v.4.2 (SP2) - IMAP protocol", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/324136" - }, - { - "name" : "7842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7842" - }, - { - "name" : "mercur-multiple-bo(12203)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/12203.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mercur-multiple-bo(12203)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/12203.php" + }, + { + "name": "20030606 Multiple Buffer Overflow Vulnerabilities Found in MERCUR Mail server v.4.2 (SP2) - IMAP protocol", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/324136" + }, + { + "name": "7842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7842" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0148.json b/2004/0xxx/CVE-2004-0148.json index 62f4845fda5..757ab06c5f6 100644 --- a/2004/0xxx/CVE-2004-0148.json +++ b/2004/0xxx/CVE-2004-0148.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-457", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-457" - }, - { - "name" : "SSRT4704", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=108999466902690&w=2" - }, - { - "name" : "RHSA-2004:096", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-096.html" - }, - { - "name" : "9832", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9832" - }, - { - "name" : "ADV-2006-1867", - "refsource" : "FRSIRT", - "url" : "http://www.frsirt.com/english/advisories/2006/1867" - }, - { - "name" : "oval:org.mitre.oval:def:1147", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147" - }, - { - "name" : "oval:org.mitre.oval:def:1636", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636" - }, - { - "name" : "oval:org.mitre.oval:def:1637", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637" - }, - { - "name" : "oval:org.mitre.oval:def:648", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648" - }, - { - "name" : "11055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11055" - }, - { - "name" : "20168", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/20168" - }, - { - "name" : "102356", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1" - }, - { - "name" : "wuftpd-restrictedgid-gain-access(15423)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wuftpd-restrictedgid-gain-access(15423)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15423" + }, + { + "name": "oval:org.mitre.oval:def:1637", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637" + }, + { + "name": "102356", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1" + }, + { + "name": "DSA-457", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-457" + }, + { + "name": "oval:org.mitre.oval:def:1147", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147" + }, + { + "name": "11055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11055" + }, + { + "name": "20168", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/20168" + }, + { + "name": "SSRT4704", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=108999466902690&w=2" + }, + { + "name": "9832", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9832" + }, + { + "name": "oval:org.mitre.oval:def:648", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648" + }, + { + "name": "RHSA-2004:096", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-096.html" + }, + { + "name": "oval:org.mitre.oval:def:1636", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636" + }, + { + "name": "ADV-2006-1867", + "refsource": "FRSIRT", + "url": "http://www.frsirt.com/english/advisories/2006/1867" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0439.json b/2004/0xxx/CVE-2004-0439.json index 871ab43ccdf..18a7dd1f25b 100644 --- a/2004/0xxx/CVE-2004-0439.json +++ b/2004/0xxx/CVE-2004-0439.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0439", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0439", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0452.json b/2004/0xxx/CVE-2004-0452.json index 6b3a3014fb8..dfd32166f54 100644 --- a/2004/0xxx/CVE-2004-0452.json +++ b/2004/0xxx/CVE-2004-0452.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-620", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-620" - }, - { - "name" : "FLSA-2006:152845", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/updates/FEDORA--.shtml" - }, - { - "name" : "GLSA-200501-38", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml" - }, - { - "name" : "RHSA-2005:103", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-103.html" - }, - { - "name" : "RHSA-2005:105", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-105.html" - }, - { - "name" : "20060101-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U" - }, - { - "name" : "USN-44-1", - "refsource" : "UBUNTU", - "url" : "https://www.ubuntu.com/usn/usn-44-1/" - }, - { - "name" : "20050111 [OpenPKG-SA-2005.001] OpenPKG Security Advisory (perl)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110547693019788&w=2" - }, - { - "name" : "12072", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12072" - }, - { - "name" : "oval:org.mitre.oval:def:9938", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9938" - }, - { - "name" : "12991", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12991" - }, - { - "name" : "18517", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18517" - }, - { - "name" : "55314", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55314" - }, - { - "name" : "perl-filepathrmtree-insecure-permissions(18650)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:105", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-105.html" + }, + { + "name": "oval:org.mitre.oval:def:9938", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9938" + }, + { + "name": "RHSA-2005:103", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-103.html" + }, + { + "name": "55314", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55314" + }, + { + "name": "DSA-620", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-620" + }, + { + "name": "20060101-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U" + }, + { + "name": "FLSA-2006:152845", + "refsource": "FEDORA", + "url": "http://fedoranews.org/updates/FEDORA--.shtml" + }, + { + "name": "12991", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12991" + }, + { + "name": "20050111 [OpenPKG-SA-2005.001] OpenPKG Security Advisory (perl)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110547693019788&w=2" + }, + { + "name": "USN-44-1", + "refsource": "UBUNTU", + "url": "https://www.ubuntu.com/usn/usn-44-1/" + }, + { + "name": "GLSA-200501-38", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml" + }, + { + "name": "12072", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12072" + }, + { + "name": "18517", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18517" + }, + { + "name": "perl-filepathrmtree-insecure-permissions(18650)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18650" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0509.json b/2004/0xxx/CVE-2004-0509.json index 7435c867df4..548c9b15db9 100644 --- a/2004/0xxx/CVE-2004-0509.json +++ b/2004/0xxx/CVE-2004-0509.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0509", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0509", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0684.json b/2004/0xxx/CVE-2004-0684.json index 4097017f0a7..aaa53ae293b 100644 --- a/2004/0xxx/CVE-2004-0684.json +++ b/2004/0xxx/CVE-2004-0684.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, with the JunctionRewrite directive enabled, allows remote attackers to cause a denial of service via an HTTP GET request without any parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040708 CYBSEC - Security Advisory: Denial of Service in IBM WebSphere", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108938997528245&w=2" - }, - { - "name" : "http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf", - "refsource" : "MISC", - "url" : "http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf" - }, - { - "name" : "ibm-edge-caching-dos(16607)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, with the JunctionRewrite directive enabled, allows remote attackers to cause a denial of service via an HTTP GET request without any parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-edge-caching-dos(16607)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16607" + }, + { + "name": "20040708 CYBSEC - Security Advisory: Denial of Service in IBM WebSphere", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108938997528245&w=2" + }, + { + "name": "http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf", + "refsource": "MISC", + "url": "http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2255.json b/2004/2xxx/CVE-2004-2255.json index 36184d67ad9..79f39636ba0 100644 --- a/2004/2xxx/CVE-2004-2255.json +++ b/2004/2xxx/CVE-2004-2255.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html" - }, - { - "name" : "http://www.phpmyfaq.de/advisory_2004-05-18.php", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyfaq.de/advisory_2004-05-18.php" - }, - { - "name" : "10374", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10374" - }, - { - "name" : "6300", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6300" - }, - { - "name" : "1010190", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010190" - }, - { - "name" : "11640", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11640" - }, - { - "name" : "phpmyfaq-file-include(16177)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.phpmyfaq.de/advisory_2004-05-18.php", + "refsource": "CONFIRM", + "url": "http://www.phpmyfaq.de/advisory_2004-05-18.php" + }, + { + "name": "10374", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10374" + }, + { + "name": "1010190", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010190" + }, + { + "name": "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html" + }, + { + "name": "phpmyfaq-file-include(16177)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16177" + }, + { + "name": "6300", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6300" + }, + { + "name": "11640", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11640" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2286.json b/2004/2xxx/CVE-2004-2286.json index 84b1cd9224b..a11257cec43 100644 --- a/2004/2xxx/CVE-2004-2286.json +++ b/2004/2xxx/CVE-2004-2286.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040517 RE: [Full-Disclosure] Buffer Overflow in ActivePerl ?", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0878.html" - }, - { - "name" : "10380", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10380" - }, - { - "name" : "perl-duplication-bo(16224)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16224" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "perl-duplication-bo(16224)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16224" + }, + { + "name": "10380", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10380" + }, + { + "name": "20040517 RE: [Full-Disclosure] Buffer Overflow in ActivePerl ?", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0878.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2581.json b/2004/2xxx/CVE-2004-2581.json index d9fca1e1ab6..8d02864df7e 100644 --- a/2004/2xxx/CVE-2004-2581.json +++ b/2004/2xxx/CVE-2004-2581.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Novell iChain 2.3 allows attackers to cause a denial of service via a URL with a \"specific string.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?2972080.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?2972080.htm" - }, - { - "name" : "11061", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11061" - }, - { - "name" : "9268", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/9268" - }, - { - "name" : "1011074", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011074" - }, - { - "name" : "12366", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12366" - }, - { - "name" : "ichain-dos(17134)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Novell iChain 2.3 allows attackers to cause a denial of service via a URL with a \"specific string.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9268", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/9268" + }, + { + "name": "1011074", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011074" + }, + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?2972080.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?2972080.htm" + }, + { + "name": "ichain-dos(17134)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17134" + }, + { + "name": "11061", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11061" + }, + { + "name": "12366", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12366" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2618.json b/2008/2xxx/CVE-2008-2618.json index 3ef8c1d488e..f7d255e083c 100644 --- a/2008/2xxx/CVE-2008-2618.json +++ b/2008/2xxx/CVE-2008-2618.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2615, CVE-2008-2616, CVE-2008-2617, CVE-2008-2620, CVE-2008-2621, and CVE-2008-2622." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "ADV-2008-2115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2115" - }, - { - "name" : "ADV-2008-2109", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2109/references" - }, - { - "name" : "1020497", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020497" - }, - { - "name" : "31113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31113" - }, - { - "name" : "31087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31087" - }, - { - "name" : "oracle-peopletools-privilege-escalation(43820)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43820" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2615, CVE-2008-2616, CVE-2008-2617, CVE-2008-2620, CVE-2008-2621, and CVE-2008-2622." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" + }, + { + "name": "ADV-2008-2115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2115" + }, + { + "name": "oracle-peopletools-privilege-escalation(43820)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43820" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "1020497", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020497" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "ADV-2008-2109", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2109/references" + }, + { + "name": "31087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31087" + }, + { + "name": "31113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31113" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2760.json b/2008/2xxx/CVE-2008-2760.json index e3870c8d80b..807778768de 100644 --- a/2008/2xxx/CVE-2008-2760.json +++ b/2008/2xxx/CVE-2008-2760.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in searchbanners.asp in Xigla Absolute Banner Manager XE 2.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080611 Xigla Multiple Products - Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=121322052622903&w=2" - }, - { - "name" : "http://bugreport.ir/index.php?/41", - "refsource" : "MISC", - "url" : "http://bugreport.ir/index.php?/41" - }, - { - "name" : "29672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29672" - }, - { - "name" : "30641", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30641" - }, - { - "name" : "3950", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3950" - }, - { - "name" : "absolutebanner-searchbanners-sql-injection(43046)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in searchbanners.asp in Xigla Absolute Banner Manager XE 2.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30641", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30641" + }, + { + "name": "http://bugreport.ir/index.php?/41", + "refsource": "MISC", + "url": "http://bugreport.ir/index.php?/41" + }, + { + "name": "29672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29672" + }, + { + "name": "absolutebanner-searchbanners-sql-injection(43046)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43046" + }, + { + "name": "20080611 Xigla Multiple Products - Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=121322052622903&w=2" + }, + { + "name": "3950", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3950" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2895.json b/2008/2xxx/CVE-2008-2895.json index 5a55f83eab2..d719ab98848 100644 --- a/2008/2xxx/CVE-2008-2895.json +++ b/2008/2xxx/CVE-2008-2895.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in AproxEngine 5.1.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5884", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5884" - }, - { - "name" : "29860", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29860" - }, - { - "name" : "30800", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30800" - }, - { - "name" : "aproxengine-index-file-include(43245)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43245" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in AproxEngine 5.1.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5884", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5884" + }, + { + "name": "29860", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29860" + }, + { + "name": "30800", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30800" + }, + { + "name": "aproxengine-index-file-include(43245)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43245" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0666.json b/2012/0xxx/CVE-2012-0666.json index 681183e50e6..f90076663db 100644 --- a/2012/0xxx/CVE-2012-0666.json +++ b/2012/0xxx/CVE-2012-0666.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0666", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the plugin in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTMovie object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0666", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5261", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5261" - }, - { - "name" : "APPLE-SA-2012-05-15-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00005.html" - }, - { - "name" : "53577", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53577" - }, - { - "name" : "oval:org.mitre.oval:def:16123", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16123" - }, - { - "name" : "1027065", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027065" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the plugin in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTMovie object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027065", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027065" + }, + { + "name": "http://support.apple.com/kb/HT5261", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5261" + }, + { + "name": "oval:org.mitre.oval:def:16123", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16123" + }, + { + "name": "APPLE-SA-2012-05-15-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00005.html" + }, + { + "name": "53577", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53577" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1379.json b/2012/1xxx/CVE-2012-1379.json index fad3a5951c8..7b4ca356347 100644 --- a/2012/1xxx/CVE-2012-1379.json +++ b/2012/1xxx/CVE-2012-1379.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1379", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1379", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1433.json b/2012/1xxx/CVE-2012-1433.json index 756c47baa7d..df169878a35 100644 --- a/2012/1xxx/CVE-2012-1433.json +++ b/2012/1xxx/CVE-2012-1433.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \\4a\\46\\49\\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/522005" - }, - { - "name" : "http://www.ieee-security.org/TC/SP2012/program.html", - "refsource" : "MISC", - "url" : "http://www.ieee-security.org/TC/SP2012/program.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \\4a\\46\\49\\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/522005" + }, + { + "name": "http://www.ieee-security.org/TC/SP2012/program.html", + "refsource": "MISC", + "url": "http://www.ieee-security.org/TC/SP2012/program.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1878.json b/2012/1xxx/CVE-2012-1878.json index 0869db283e6..88440776928 100644 --- a/2012/1xxx/CVE-2012-1878.json +++ b/2012/1xxx/CVE-2012-1878.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka \"OnBeforeDeactivate Event Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-1878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-037", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037" - }, - { - "name" : "TA12-164A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-164A.html" - }, - { - "name" : "oval:org.mitre.oval:def:15632", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka \"OnBeforeDeactivate Event Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-164A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html" + }, + { + "name": "MS12-037", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037" + }, + { + "name": "oval:org.mitre.oval:def:15632", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15632" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5020.json b/2012/5xxx/CVE-2012-5020.json index ce717169ef5..c0981342390 100644 --- a/2012/5xxx/CVE-2012-5020.json +++ b/2012/5xxx/CVE-2012-5020.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5020", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5020", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5146.json b/2012/5xxx/CVE-2012-5146.json index e6c2af2496a..5bc17d5e939 100644 --- a/2012/5xxx/CVE-2012-5146.json +++ b/2012/5xxx/CVE-2012-5146.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5146", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-5146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=165622", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=165622" - }, - { - "name" : "openSUSE-SU-2013:0236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html" - }, - { - "name" : "oval:org.mitre.oval:def:16372", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=165622", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=165622" + }, + { + "name": "oval:org.mitre.oval:def:16372", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16372" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5300.json b/2012/5xxx/CVE-2012-5300.json index 8935cb61e77..782efc1b36c 100644 --- a/2012/5xxx/CVE-2012-5300.json +++ b/2012/5xxx/CVE-2012-5300.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in art_catalogo.php in MyStore Xpress Tienda Virtual 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18306", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18306" - }, - { - "name" : "http://1337day.com/exploits/17328", - "refsource" : "MISC", - "url" : "http://1337day.com/exploits/17328" - }, - { - "name" : "51243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51243" - }, - { - "name" : "tiendavirtual-artcatalogo-sql-injection(72108)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72108" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in art_catalogo.php in MyStore Xpress Tienda Virtual 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51243" + }, + { + "name": "18306", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18306" + }, + { + "name": "tiendavirtual-artcatalogo-sql-injection(72108)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72108" + }, + { + "name": "http://1337day.com/exploits/17328", + "refsource": "MISC", + "url": "http://1337day.com/exploits/17328" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5611.json b/2012/5xxx/CVE-2012-5611.json index 25d918f7a7b..00445cfcacd 100644 --- a/2012/5xxx/CVE-2012-5611.json +++ b/2012/5xxx/CVE-2012-5611.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "23075", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/23075" - }, - { - "name" : "20121201 MySQL (Linux) Stack based buffer overrun PoC Zeroday", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2012/Dec/4" - }, - { - "name" : "[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/12/02/3" - }, - { - "name" : "[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/12/02/4" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" - }, - { - "name" : "https://kb.askmonty.org/en/mariadb-5166-release-notes/", - "refsource" : "CONFIRM", - "url" : "https://kb.askmonty.org/en/mariadb-5166-release-notes/" - }, - { - "name" : "https://kb.askmonty.org/en/mariadb-5213-release-notes/", - "refsource" : "CONFIRM", - "url" : "https://kb.askmonty.org/en/mariadb-5213-release-notes/" - }, - { - "name" : "https://kb.askmonty.org/en/mariadb-5311-release-notes/", - "refsource" : "CONFIRM", - "url" : "https://kb.askmonty.org/en/mariadb-5311-release-notes/" - }, - { - "name" : "https://kb.askmonty.org/en/mariadb-5528a-release-notes/", - "refsource" : "CONFIRM", - "url" : "https://kb.askmonty.org/en/mariadb-5528a-release-notes/" - }, - { - "name" : "DSA-2581", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2581" - }, - { - "name" : "GLSA-201308-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "MDVSA-2013:102", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102" - }, - { - "name" : "RHSA-2012:1551", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1551.html" - }, - { - "name" : "RHSA-2013:0180", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0180.html" - }, - { - "name" : "openSUSE-SU-2013:0013", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html" - }, - { - "name" : "openSUSE-SU-2013:0011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html" - }, - { - "name" : "openSUSE-SU-2013:0014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html" - }, - { - "name" : "openSUSE-SU-2013:0135", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html" - }, - { - "name" : "openSUSE-SU-2013:0156", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html" - }, - { - "name" : "SUSE-SU-2013:0262", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html" - }, - { - "name" : "openSUSE-SU-2013:1412", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00010.html" - }, - { - "name" : "USN-1658-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1658-1" - }, - { - "name" : "USN-1703-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1703-1" - }, - { - "name" : "oval:org.mitre.oval:def:16395", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395" - }, - { - "name" : "51443", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51443" - }, - { - "name" : "53372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.askmonty.org/en/mariadb-5528a-release-notes/", + "refsource": "CONFIRM", + "url": "https://kb.askmonty.org/en/mariadb-5528a-release-notes/" + }, + { + "name": "openSUSE-SU-2013:0013", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html" + }, + { + "name": "23075", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/23075" + }, + { + "name": "USN-1703-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1703-1" + }, + { + "name": "MDVSA-2013:102", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102" + }, + { + "name": "openSUSE-SU-2013:0156", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html" + }, + { + "name": "53372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53372" + }, + { + "name": "openSUSE-SU-2013:0135", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html" + }, + { + "name": "openSUSE-SU-2013:0011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" + }, + { + "name": "[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/12/02/3" + }, + { + "name": "https://kb.askmonty.org/en/mariadb-5166-release-notes/", + "refsource": "CONFIRM", + "url": "https://kb.askmonty.org/en/mariadb-5166-release-notes/" + }, + { + "name": "RHSA-2013:0180", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0180.html" + }, + { + "name": "20121201 MySQL (Linux) Stack based buffer overrun PoC Zeroday", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2012/Dec/4" + }, + { + "name": "GLSA-201308-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml" + }, + { + "name": "[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/12/02/4" + }, + { + "name": "RHSA-2012:1551", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1551.html" + }, + { + "name": "DSA-2581", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2581" + }, + { + "name": "SUSE-SU-2013:0262", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html" + }, + { + "name": "openSUSE-SU-2013:0014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html" + }, + { + "name": "51443", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51443" + }, + { + "name": "openSUSE-SU-2013:1412", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00010.html" + }, + { + "name": "https://kb.askmonty.org/en/mariadb-5311-release-notes/", + "refsource": "CONFIRM", + "url": "https://kb.askmonty.org/en/mariadb-5311-release-notes/" + }, + { + "name": "oval:org.mitre.oval:def:16395", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395" + }, + { + "name": "USN-1658-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1658-1" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "https://kb.askmonty.org/en/mariadb-5213-release-notes/", + "refsource": "CONFIRM", + "url": "https://kb.askmonty.org/en/mariadb-5213-release-notes/" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5624.json b/2012/5xxx/CVE-2012-5624.json index 277d5677cbb..4b2c929853e 100644 --- a/2012/5xxx/CVE-2012-5624.json +++ b/2012/5xxx/CVE-2012-5624.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection", - "refsource" : "MLIST", - "url" : "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html" - }, - { - "name" : "[oss-security] 20121204 Re: CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/12/04/8" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=883415", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=883415" - }, - { - "name" : "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71", - "refsource" : "CONFIRM", - "url" : "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71" - }, - { - "name" : "https://codereview.qt-project.org/#change,40034", - "refsource" : "CONFIRM", - "url" : "https://codereview.qt-project.org/#change,40034" - }, - { - "name" : "openSUSE-SU-2013:0143", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html" - }, - { - "name" : "openSUSE-SU-2013:0154", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html" - }, - { - "name" : "openSUSE-SU-2013:0157", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html" - }, - { - "name" : "USN-1723-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1723-1" - }, - { - "name" : "52217", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0157", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html" + }, + { + "name": "USN-1723-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1723-1" + }, + { + "name": "52217", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52217" + }, + { + "name": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71", + "refsource": "CONFIRM", + "url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71" + }, + { + "name": "[oss-security] 20121204 Re: CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/12/04/8" + }, + { + "name": "https://codereview.qt-project.org/#change,40034", + "refsource": "CONFIRM", + "url": "https://codereview.qt-project.org/#change,40034" + }, + { + "name": "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection", + "refsource": "MLIST", + "url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html" + }, + { + "name": "openSUSE-SU-2013:0154", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html" + }, + { + "name": "openSUSE-SU-2013:0143", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=883415", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5882.json b/2012/5xxx/CVE-2012-5882.json index b946c4a7fa1..462a8fb39cf 100644 --- a/2012/5xxx/CVE-2012-5882.json +++ b/2012/5xxx/CVE-2012-5882.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", - "refsource" : "CONFIRM", - "url" : "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" - }, - { - "name" : "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", - "refsource" : "CONFIRM", - "url" : "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" - }, - { - "name" : "http://yuilibrary.com/support/20121030-vulnerability/", - "refsource" : "CONFIRM", - "url" : "http://yuilibrary.com/support/20121030-vulnerability/" - }, - { - "name" : "56385", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", + "refsource": "CONFIRM", + "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" + }, + { + "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", + "refsource": "CONFIRM", + "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" + }, + { + "name": "56385", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56385" + }, + { + "name": "http://yuilibrary.com/support/20121030-vulnerability/", + "refsource": "CONFIRM", + "url": "http://yuilibrary.com/support/20121030-vulnerability/" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3483.json b/2017/3xxx/CVE-2017-3483.json index a6601b2f784..36b4ac880a9 100644 --- a/2017/3xxx/CVE-2017-3483.json +++ b/2017/3xxx/CVE-2017-3483.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Enterprise Limits and Collateral Management", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.0.0" - }, - { - "version_affected" : "=", - "version_value" : "12.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are affected are 12.0.0 and 12.1.0. Easily \"exploitable\" vulnerability allows high privileged attacker with logon to the infrastructure where Oracle FLEXCUBE Enterprise Limits and Collateral Management executes to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows high privileged attacker with logon to the infrastructure where Oracle FLEXCUBE Enterprise Limits and Collateral Management executes to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Enterprise Limits and Collateral Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "12.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97846", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97846" - }, - { - "name" : "1038304", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are affected are 12.0.0 and 12.1.0. Easily \"exploitable\" vulnerability allows high privileged attacker with logon to the infrastructure where Oracle FLEXCUBE Enterprise Limits and Collateral Management executes to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows high privileged attacker with logon to the infrastructure where Oracle FLEXCUBE Enterprise Limits and Collateral Management executes to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "1038304", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038304" + }, + { + "name": "97846", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97846" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3514.json b/2017/3xxx/CVE-2017-3514.json index d30332f9007..43182eae3cd 100644 --- a/2017/3xxx/CVE-2017-3514.json +++ b/2017/3xxx/CVE-2017-3514.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "Java SE: 6u141" - }, - { - "version_affected" : "=", - "version_value" : "7u131" - }, - { - "version_affected" : "=", - "version_value" : "8u121" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Java SE: 6u141" + }, + { + "version_affected": "=", + "version_value": "7u131" + }, + { + "version_affected": "=", + "version_value": "8u121" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "GLSA-201705-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201705-03" - }, - { - "name" : "GLSA-201707-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-01" - }, - { - "name" : "97729", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97729" - }, - { - "name" : "1038286", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201705-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201705-03" + }, + { + "name": "97729", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97729" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "1038286", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038286" + }, + { + "name": "GLSA-201707-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3823.json b/2017/3xxx/CVE-2017-3823.json index 6445cc356c1..bb1b9b0dc56 100644 --- a/2017/3xxx/CVE-2017-3823.json +++ b/2017/3xxx/CVE-2017-3823.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3823", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco WebEx browser extensions", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco WebEx browser extensions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-119" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3823", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco WebEx browser extensions", + "version": { + "version_data": [ + { + "version_value": "Cisco WebEx browser extensions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html", - "refsource" : "MISC", - "url" : "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html" - }, - { - "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096" - }, - { - "name" : "https://blog.filippo.io/webex-extension-vulnerability/", - "refsource" : "MISC", - "url" : "https://blog.filippo.io/webex-extension-vulnerability/" - }, - { - "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100" - }, - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex" - }, - { - "name" : "VU#909240", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/909240" - }, - { - "name" : "95737", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95737" - }, - { - "name" : "1037680", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096" + }, + { + "name": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html", + "refsource": "MISC", + "url": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html" + }, + { + "name": "VU#909240", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/909240" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex" + }, + { + "name": "https://blog.filippo.io/webex-extension-vulnerability/", + "refsource": "MISC", + "url": "https://blog.filippo.io/webex-extension-vulnerability/" + }, + { + "name": "95737", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95737" + }, + { + "name": "1037680", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037680" + }, + { + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7313.json b/2017/7xxx/CVE-2017-7313.json index 13b58370bdf..157721029a9 100644 --- a/2017/7xxx/CVE-2017-7313.json +++ b/2017/7xxx/CVE-2017-7313.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, it is possible to read any customer name, master Customer Id, and email address. In other words, anyone can search for users/customers in the system - no authentication is required." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://amswoes.wordpress.com/2017/06/06/cve-2017-7313-how-to-dump-personify-customer-data-with-one-click-23/", - "refsource" : "MISC", - "url" : "https://amswoes.wordpress.com/2017/06/06/cve-2017-7313-how-to-dump-personify-customer-data-with-one-click-23/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, it is possible to read any customer name, master Customer Id, and email address. In other words, anyone can search for users/customers in the system - no authentication is required." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://amswoes.wordpress.com/2017/06/06/cve-2017-7313-how-to-dump-personify-customer-data-with-one-click-23/", + "refsource": "MISC", + "url": "https://amswoes.wordpress.com/2017/06/06/cve-2017-7313-how-to-dump-personify-customer-data-with-one-click-23/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7338.json b/2017/7xxx/CVE-2017-7338.json index f56c0a529c6..01ed454ba39 100644 --- a/2017/7xxx/CVE-2017-7338.json +++ b/2017/7xxx/CVE-2017-7338.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@fortinet.com", - "ID" : "CVE-2017-7338", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fortinet FortiPortal", - "version" : { - "version_data" : [ - { - "version_value" : "FortiPortal versions 4.0.0 and below" - } - ] - } - } - ] - }, - "vendor_name" : "Fortinet, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@fortinet.com", + "ID": "CVE-2017-7338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiPortal", + "version": { + "version_data": [ + { + "version_value": "FortiPortal versions 4.0.0 and below" + } + ] + } + } + ] + }, + "vendor_name": "Fortinet, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fortiguard.com/psirt/FG-IR-17-114", - "refsource" : "CONFIRM", - "url" : "https://fortiguard.com/psirt/FG-IR-17-114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://fortiguard.com/psirt/FG-IR-17-114", + "refsource": "CONFIRM", + "url": "https://fortiguard.com/psirt/FG-IR-17-114" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7595.json b/2017/7xxx/CVE-2017-7595.json index a91b97a6076..c1ae64fa0f9 100644 --- a/2017/7xxx/CVE-2017-7595.json +++ b/2017/7xxx/CVE-2017-7595.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c" - }, - { - "name" : "DSA-3844", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3844" - }, - { - "name" : "GLSA-201709-27", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-27" - }, - { - "name" : "USN-3602-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3602-1/" - }, - { - "name" : "97501", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3844", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3844" + }, + { + "name": "GLSA-201709-27", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-27" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c" + }, + { + "name": "USN-3602-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3602-1/" + }, + { + "name": "97501", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97501" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7613.json b/2017/7xxx/CVE-2017-7613.json index 8eb7ebbad74..7eccb251208 100644 --- a/2017/7xxx/CVE-2017-7613.json +++ b/2017/7xxx/CVE-2017-7613.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190225 [SECURITY] [DLA 1689-1] elfutils security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html" - }, - { - "name" : "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c" - }, - { - "name" : "GLSA-201710-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-10" - }, - { - "name" : "USN-3670-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3670-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3670-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3670-1/" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c" + }, + { + "name": "[debian-lts-announce] 20190225 [SECURITY] [DLA 1689-1] elfutils security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html" + }, + { + "name": "GLSA-201710-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-10" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8007.json b/2017/8xxx/CVE-2017-8007.json index 96e5832e26d..9c98f6b27ae 100644 --- a/2017/8xxx/CVE-2017-8007.json +++ b/2017/8xxx/CVE-2017-8007.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-8007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs", - "version" : { - "version_data" : [ - { - "version_value" : "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-8007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs", + "version": { + "version_data": [ + { + "version_value": "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Sep/51", - "refsource" : "CONFIRM", - "url" : "http://seclists.org/fulldisclosure/2017/Sep/51" - }, - { - "name" : "100957", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100957" - }, - { - "name" : "1039417", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039417" - }, - { - "name" : "1039418", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039418" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100957", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100957" + }, + { + "name": "1039418", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039418" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Sep/51", + "refsource": "CONFIRM", + "url": "http://seclists.org/fulldisclosure/2017/Sep/51" + }, + { + "name": "1039417", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039417" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8298.json b/2017/8xxx/CVE-2017-8298.json index b10cce10665..8882b8d82ac 100644 --- a/2017/8xxx/CVE-2017-8298.json +++ b/2017/8xxx/CVE-2017-8298.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a \"Posts > Add New\" action, and during creation of new tags and users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/cnvs/canvas/issues/331", - "refsource" : "CONFIRM", - "url" : "https://github.com/cnvs/canvas/issues/331" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a \"Posts > Add New\" action, and during creation of new tags and users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/cnvs/canvas/issues/331", + "refsource": "CONFIRM", + "url": "https://github.com/cnvs/canvas/issues/331" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8527.json b/2017/8xxx/CVE-2017-8527.json index de26ca55185..e04263013d1 100644 --- a/2017/8xxx/CVE-2017-8527.json +++ b/2017/8xxx/CVE-2017-8527.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8527", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Graphics", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Graphics Remote Code Execution Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8527", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Graphics", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527" - }, - { - "name" : "98933", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98933" - }, - { - "name" : "1038680", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038680" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Graphics Remote Code Execution Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038680", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038680" + }, + { + "name": "98933", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98933" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8624.json b/2017/8xxx/CVE-2017-8624.json index f3b21010acb..67f7a46094b 100644 --- a/2017/8xxx/CVE-2017-8624.json +++ b/2017/8xxx/CVE-2017-8624.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-8624", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Common Log File System Driver", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CLFS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka \"Windows CLFS Elevation of Privilege Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-8624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Common Log File System Driver", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8624", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8624" - }, - { - "name" : "100061", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100061" - }, - { - "name" : "1039106", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CLFS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka \"Windows CLFS Elevation of Privilege Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039106", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039106" + }, + { + "name": "100061", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100061" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8624", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8624" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10014.json b/2018/10xxx/CVE-2018-10014.json index 2e54de5df95..b938ef1a48d 100644 --- a/2018/10xxx/CVE-2018-10014.json +++ b/2018/10xxx/CVE-2018-10014.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10014", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10014", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10630.json b/2018/10xxx/CVE-2018-10630.json index a39d41cda07..edce8a4aea7 100644 --- a/2018/10xxx/CVE-2018-10630.json +++ b/2018/10xxx/CVE-2018-10630.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-08-09T00:00:00", - "ID" : "CVE-2018-10630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001", - "version" : { - "version_data" : [ - { - "version_value" : "Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control CWE-284" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-08-09T00:00:00", + "ID": "CVE-2018-10630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001", + "version": { + "version_data": [ + { + "version_value": "Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01" - }, - { - "name" : "105051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105051" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10841.json b/2018/10xxx/CVE-2018-10841.json index 4acf7fa66ce..92edbe092ae 100644 --- a/2018/10xxx/CVE-2018-10841.json +++ b/2018/10xxx/CVE-2018-10841.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2018-10841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "glusterfs", - "version" : { - "version_data" : [ - { - "version_value" : "all" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.6/CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-288" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "glusterfs", + "version": { + "version_data": [ + { + "version_value": "all" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10841", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10841" - }, - { - "name" : "https://review.gluster.org/#/c/20328/", - "refsource" : "CONFIRM", - "url" : "https://review.gluster.org/#/c/20328/" - }, - { - "name" : "RHSA-2018:1954", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1954" - }, - { - "name" : "RHSA-2018:1955", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1955" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.6/CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-288" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10841", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10841" + }, + { + "name": "RHSA-2018:1955", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1955" + }, + { + "name": "https://review.gluster.org/#/c/20328/", + "refsource": "CONFIRM", + "url": "https://review.gluster.org/#/c/20328/" + }, + { + "name": "RHSA-2018:1954", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1954" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10948.json b/2018/10xxx/CVE-2018-10948.json index af426c05ead..cc57c9eed22 100644 --- a/2018/10xxx/CVE-2018-10948.json +++ b/2018/10xxx/CVE-2018-10948.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10948", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10948", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12221.json b/2018/12xxx/CVE-2018-12221.json index 1cdbfc55982..c7034f17e03 100644 --- a/2018/12xxx/CVE-2018-12221.json +++ b/2018/12xxx/CVE-2018-12221.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2019-03-12T00:00:00", - "ID" : "CVE-2018-12221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel(R) Graphics Driver for Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Multiple versions." - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause an integer overflow via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2019-03-12T00:00:00", + "ID": "CVE-2018-12221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Driver for Windows", + "version": { + "version_data": [ + { + "version_value": "Multiple versions." + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause an integer overflow via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12230.json b/2018/12xxx/CVE-2018-12230.json index 07b6eda61d2..b716148f9f0 100644 --- a/2018/12xxx/CVE-2018-12230.json +++ b/2018/12xxx/CVE-2018-12230.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An wrong logical check identified in the transferFrom function of a smart contract implementation for RemiCoin (RMC), an Ethereum ERC20 token, allows the attacker to steal tokens or conduct resultant integer underflow attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.google.com/document/d/1_Q3rglY4FkRCGhFm4V8N1A8HSoq4fYW6bOPlgkuWmZc/edit?usp=sharing", - "refsource" : "MISC", - "url" : "https://docs.google.com/document/d/1_Q3rglY4FkRCGhFm4V8N1A8HSoq4fYW6bOPlgkuWmZc/edit?usp=sharing" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An wrong logical check identified in the transferFrom function of a smart contract implementation for RemiCoin (RMC), an Ethereum ERC20 token, allows the attacker to steal tokens or conduct resultant integer underflow attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://docs.google.com/document/d/1_Q3rglY4FkRCGhFm4V8N1A8HSoq4fYW6bOPlgkuWmZc/edit?usp=sharing", + "refsource": "MISC", + "url": "https://docs.google.com/document/d/1_Q3rglY4FkRCGhFm4V8N1A8HSoq4fYW6bOPlgkuWmZc/edit?usp=sharing" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12918.json b/2018/12xxx/CVE-2018-12918.json index b14b0ad2c7b..9c2afd24674 100644 --- a/2018/12xxx/CVE-2018-12918.json +++ b/2018/12xxx/CVE-2018-12918.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcB_register_fields in bootstrap.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/cloudwu/pbc/issues/121", - "refsource" : "MISC", - "url" : "https://github.com/cloudwu/pbc/issues/121" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcB_register_fields in bootstrap.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/cloudwu/pbc/issues/121", + "refsource": "MISC", + "url": "https://github.com/cloudwu/pbc/issues/121" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13588.json b/2018/13xxx/CVE-2018-13588.json index 7e41cd68a64..f038660d1e6 100644 --- a/2018/13xxx/CVE-2018-13588.json +++ b/2018/13xxx/CVE-2018-13588.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13588", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for Code47 (C47), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Code47", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Code47" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for Code47 (C47), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Code47", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Code47" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13769.json b/2018/13xxx/CVE-2018-13769.json index 1188b0352cc..82143ac5022 100644 --- a/2018/13xxx/CVE-2018-13769.json +++ b/2018/13xxx/CVE-2018-13769.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for JeansToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JeansToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JeansToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for JeansToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JeansToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JeansToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17127.json b/2018/17xxx/CVE-2018-17127.json index 259bebceb80..e9db58131eb 100644 --- a/2018/17xxx/CVE-2018-17127.json +++ b/2018/17xxx/CVE-2018-17127.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/PAGalaxyLab/VulInfo/tree/master/ASUS/GT-AC5300/dos1", - "refsource" : "MISC", - "url" : "https://github.com/PAGalaxyLab/VulInfo/tree/master/ASUS/GT-AC5300/dos1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/PAGalaxyLab/VulInfo/tree/master/ASUS/GT-AC5300/dos1", + "refsource": "MISC", + "url": "https://github.com/PAGalaxyLab/VulInfo/tree/master/ASUS/GT-AC5300/dos1" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17160.json b/2018/17xxx/CVE-2018-17160.json index 04abbd4d938..bdc1c2547a4 100644 --- a/2018/17xxx/CVE-2018-17160.json +++ b/2018/17xxx/CVE-2018-17160.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secteam@freebsd.org", - "ID" : "CVE-2018-17160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FreeBSD", - "version" : { - "version_data" : [ - { - "version_value" : "FreeBSD 11.2 before 11.2-RELEASE-p6" - } - ] - } - } - ] - }, - "vendor_name" : "FreeBSD" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient bounds checking" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "ID": "CVE-2018-17160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "FreeBSD 11.2 before 11.2-RELEASE-p6" + } + ] + } + } + ] + }, + "vendor_name": "FreeBSD" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-18:14", - "refsource" : "FREEBSD", - "url" : "https://security.freebsd.org/advisories/FreeBSD-SA-18:14.bhyve.asc" - }, - { - "name" : "106210", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient bounds checking" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-18:14", + "refsource": "FREEBSD", + "url": "https://security.freebsd.org/advisories/FreeBSD-SA-18:14.bhyve.asc" + }, + { + "name": "106210", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106210" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17369.json b/2018/17xxx/CVE-2018-17369.json index 6f907546f50..53388cae04e 100644 --- a/2018/17xxx/CVE-2018-17369.json +++ b/2018/17xxx/CVE-2018-17369.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in springboot_authority through 2017-03-06. There is stored XSS via the admin/role/edit roleKey, name, or description parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/qzw1210/springboot_authority/issues/4", - "refsource" : "MISC", - "url" : "https://github.com/qzw1210/springboot_authority/issues/4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in springboot_authority through 2017-03-06. There is stored XSS via the admin/role/edit roleKey, name, or description parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/qzw1210/springboot_authority/issues/4", + "refsource": "MISC", + "url": "https://github.com/qzw1210/springboot_authority/issues/4" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17452.json b/2018/17xxx/CVE-2018-17452.json index a8af0946748..d1801cf33aa 100644 --- a/2018/17xxx/CVE-2018-17452.json +++ b/2018/17xxx/CVE-2018-17452.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17452", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17452", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17840.json b/2018/17xxx/CVE-2018-17840.json index f8f98186d12..56293eb50ae 100644 --- a/2018/17xxx/CVE-2018-17840.json +++ b/2018/17xxx/CVE-2018-17840.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17840", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17840", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9748.json b/2018/9xxx/CVE-2018-9748.json index 6d9bf89a9e0..13651acd532 100644 --- a/2018/9xxx/CVE-2018-9748.json +++ b/2018/9xxx/CVE-2018-9748.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9748", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9748", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file