diff --git a/2003/1xxx/CVE-2003-1055.json b/2003/1xxx/CVE-2003-1055.json index 74cfe827297..3ce53fc02e0 100644 --- a/2003/1xxx/CVE-2003-1055.json +++ b/2003/1xxx/CVE-2003-1055.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 may allow local users to gain root access via a long hostname in an LDAP lookup." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "52222", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52222-1" - }, - { - "name" : "ESB-2003.0461", - "refsource" : "AUSCERT", - "url" : "http://www.auscert.org.au/render.html?it=3224" - }, - { - "name" : "N-113", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/n-113.shtml" - }, - { - "name" : "7064", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7064" - }, - { - "name" : "1006401", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1006401" - }, - { - "name" : "solaris-nssldapso1-bo(11641)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11641" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 may allow local users to gain root access via a long hostname in an LDAP lookup." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "N-113", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/n-113.shtml" + }, + { + "name": "7064", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7064" + }, + { + "name": "52222", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52222-1" + }, + { + "name": "1006401", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1006401" + }, + { + "name": "solaris-nssldapso1-bo(11641)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11641" + }, + { + "name": "ESB-2003.0461", + "refsource": "AUSCERT", + "url": "http://www.auscert.org.au/render.html?it=3224" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0139.json b/2004/0xxx/CVE-2004-0139.json index 1ebc86953d7..654e5a757ca 100644 --- a/2004/0xxx/CVE-2004-0139.json +++ b/2004/0xxx/CVE-2004-0139.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the bsd.a kernel networking for SGI IRIX 6.5.22 through 6.5.25, and possibly earlier versions, in which \"t_unbind changes t_bind's behavior,\" has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040905-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040905-01-P.asc" - }, - { - "name" : "12682", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12682" - }, - { - "name" : "11276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11276" - }, - { - "name" : "irix-bsda-kernel(17547)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the bsd.a kernel networking for SGI IRIX 6.5.22 through 6.5.25, and possibly earlier versions, in which \"t_unbind changes t_bind's behavior,\" has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "irix-bsda-kernel(17547)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17547" + }, + { + "name": "20040905-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040905-01-P.asc" + }, + { + "name": "12682", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12682" + }, + { + "name": "11276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11276" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0320.json b/2004/0xxx/CVE-2004-0320.json index 89266ce1313..13a07c6b4db 100644 --- a/2004/0xxx/CVE-2004-0320.json +++ b/2004/0xxx/CVE-2004-0320.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in nCipher Hardware Security Modules (HSM) 1.67.x through 1.99.x allows local users to access secrets stored in the module's run-time memory via certain sequences of commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040223 nCipher Advisory #9: Host-side attackers can access secret data", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107755899018249&w=2" - }, - { - "name" : "ncipher-hsm-obtain-info(15281)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15281" - }, - { - "name" : "9717", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9717" - }, - { - "name" : "4055", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in nCipher Hardware Security Modules (HSM) 1.67.x through 1.99.x allows local users to access secrets stored in the module's run-time memory via certain sequences of commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ncipher-hsm-obtain-info(15281)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15281" + }, + { + "name": "9717", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9717" + }, + { + "name": "4055", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4055" + }, + { + "name": "20040223 nCipher Advisory #9: Host-side attackers can access secret data", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107755899018249&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0647.json b/2004/0xxx/CVE-2004-0647.json index bf478e48445..af1c918e2de 100644 --- a/2004/0xxx/CVE-2004-0647.json +++ b/2004/0xxx/CVE-2004-0647.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local users to overwrite arbitrary files via a symlink attack on the chains-$$ temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Shorewall-announce] 20040628 URGENT: Shorewall Security Vulnerability", - "refsource" : "MLIST", - "url" : "http://lists.shorewall.net/pipermail/shorewall-announce/2004-June/000385.html" - }, - { - "name" : "GLSA-200407-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200407-07.xml" - }, - { - "name" : "MDKSA-2004:080", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:080" - }, - { - "name" : "shorewall-symlink(16651)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local users to overwrite arbitrary files via a symlink attack on the chains-$$ temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "shorewall-symlink(16651)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16651" + }, + { + "name": "[Shorewall-announce] 20040628 URGENT: Shorewall Security Vulnerability", + "refsource": "MLIST", + "url": "http://lists.shorewall.net/pipermail/shorewall-announce/2004-June/000385.html" + }, + { + "name": "MDKSA-2004:080", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:080" + }, + { + "name": "GLSA-200407-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200407-07.xml" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0735.json b/2004/0xxx/CVE-2004-0735.json index eaec365b98f..dbce8100eae 100644 --- a/2004/0xxx/CVE-2004-0735.json +++ b/2004/0xxx/CVE-2004-0735.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and earlier, (2) Breakthrough 2.40b and earlier, and (3) Spearhead 2.15 and earlier, when playing on a Local Area Network (LAN), allows remote attackers to execute arbitrary code via vectors such as (1) the getinfo query, (2) the connect packet, and other unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040717 Medal of Honor remote buffer-overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109008314631518&w=2" - }, - { - "name" : "10743", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10743" - }, - { - "name" : "medalofhonor-packet-bo(16715)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16715" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and earlier, (2) Breakthrough 2.40b and earlier, and (3) Spearhead 2.15 and earlier, when playing on a Local Area Network (LAN), allows remote attackers to execute arbitrary code via vectors such as (1) the getinfo query, (2) the connect packet, and other unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040717 Medal of Honor remote buffer-overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109008314631518&w=2" + }, + { + "name": "10743", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10743" + }, + { + "name": "medalofhonor-packet-bo(16715)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16715" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1115.json b/2004/1xxx/CVE-2004-1115.json index 7e6e73b372b..e420f2a2214 100644 --- a/2004/1xxx/CVE-2004-1115.json +++ b/2004/1xxx/CVE-2004-1115.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200411-26", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200411-26.xml" - }, - { - "name" : "seti@home-gain-privileges(18149)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200411-26", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-26.xml" + }, + { + "name": "seti@home-gain-privileges(18149)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18149" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1597.json b/2004/1xxx/CVE-2004-1597.json index 732a7d71b84..69773182eaf 100644 --- a/2004/1xxx/CVE-2004-1597.json +++ b/2004/1xxx/CVE-2004-1597.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote attackers to cause a denial of service (device reboot and possibly data corruption) via a calendar message with a long Location field, which triggers a watchdog while the message is being stored." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041013 [HV-HIGH] RIM Blackberry buffer overflow, DoS, data loss", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109769022430842&w=2" - }, - { - "name" : "20041014 [HV-MED] UPDATE: RIM Blackberry DoS, data loss", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109778267829493&w=2" - }, - { - "name" : "20041012 [HV-HIGH] RIM Blackberry buffer overflow, DoS, data loss", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027487.html" - }, - { - "name" : "http://www.hexview.com/docs/20041012-1.txt", - "refsource" : "MISC", - "url" : "http://www.hexview.com/docs/20041012-1.txt" - }, - { - "name" : "http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/7925/8142/Known_%20Issues_-_HexView_advisory_on_BlackBerry_buffer_overflow,_DoS,_and_data_loss.html?nodeid=737173&vernum=0", - "refsource" : "CONFIRM", - "url" : "http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/7925/8142/Known_%20Issues_-_HexView_advisory_on_BlackBerry_buffer_overflow,_DoS,_and_data_loss.html?nodeid=737173&vernum=0" - }, - { - "name" : "11389", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11389" - }, - { - "name" : "12814", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12814" - }, - { - "name" : "blackberry-calendar-bo(17700)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17700" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote attackers to cause a denial of service (device reboot and possibly data corruption) via a calendar message with a long Location field, which triggers a watchdog while the message is being stored." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041012 [HV-HIGH] RIM Blackberry buffer overflow, DoS, data loss", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027487.html" + }, + { + "name": "12814", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12814" + }, + { + "name": "http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/7925/8142/Known_%20Issues_-_HexView_advisory_on_BlackBerry_buffer_overflow,_DoS,_and_data_loss.html?nodeid=737173&vernum=0", + "refsource": "CONFIRM", + "url": "http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/7925/8142/Known_%20Issues_-_HexView_advisory_on_BlackBerry_buffer_overflow,_DoS,_and_data_loss.html?nodeid=737173&vernum=0" + }, + { + "name": "20041014 [HV-MED] UPDATE: RIM Blackberry DoS, data loss", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109778267829493&w=2" + }, + { + "name": "http://www.hexview.com/docs/20041012-1.txt", + "refsource": "MISC", + "url": "http://www.hexview.com/docs/20041012-1.txt" + }, + { + "name": "20041013 [HV-HIGH] RIM Blackberry buffer overflow, DoS, data loss", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109769022430842&w=2" + }, + { + "name": "11389", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11389" + }, + { + "name": "blackberry-calendar-bo(17700)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17700" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1603.json b/2004/1xxx/CVE-2004-1603.json index 1558b1b68a4..a58e705b999 100644 --- a/2004/1xxx/CVE-2004-1603.json +++ b/2004/1xxx/CVE-2004-1603.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041018 cPanel hardlink backup issue", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109811572123753&w=2" - }, - { - "name" : "20041018 cPanel hardlink chown issue", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109811654104208&w=2" - }, - { - "name" : "11449", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11449" - }, - { - "name" : "11455", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11455" - }, - { - "name" : "12865", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12865" - }, - { - "name" : "cpanel-backup-view-file(17779)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17779" - }, - { - "name" : "cpanel-htaccess-modify-ownership(17780)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cpanel-htaccess-modify-ownership(17780)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17780" + }, + { + "name": "20041018 cPanel hardlink backup issue", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109811572123753&w=2" + }, + { + "name": "cpanel-backup-view-file(17779)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17779" + }, + { + "name": "20041018 cPanel hardlink chown issue", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109811654104208&w=2" + }, + { + "name": "11455", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11455" + }, + { + "name": "12865", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12865" + }, + { + "name": "11449", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11449" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1690.json b/2004/1xxx/CVE-2004-1690.json index 4d28a20ea7d..17f593174ef 100644 --- a/2004/1xxx/CVE-2004-1690.json +++ b/2004/1xxx/CVE-2004-1690.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1690", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me 3.0.0.4 allows remote attackers to execute arbitrary web script or HTML via the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040918 RhinoSoft DNS4ME HTTP Server Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109552436811493&w=2" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00049-09162004", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00049-09162004" - }, - { - "name" : "11213", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11213" - }, - { - "name" : "1011334", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011334" - }, - { - "name" : "12595", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12595" - }, - { - "name" : "dns4me-xss(17425)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me 3.0.0.4 allows remote attackers to execute arbitrary web script or HTML via the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dns4me-xss(17425)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17425" + }, + { + "name": "12595", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12595" + }, + { + "name": "11213", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11213" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00049-09162004", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00049-09162004" + }, + { + "name": "1011334", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011334" + }, + { + "name": "20040918 RhinoSoft DNS4ME HTTP Server Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109552436811493&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2298.json b/2004/2xxx/CVE-2004-2298.json index 26e60d1f577..42db2439ca8 100644 --- a/2004/2xxx/CVE-2004-2298.json +++ b/2004/2xxx/CVE-2004-2298.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10095545.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10095545.htm" - }, - { - "name" : "12234", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/12234" - }, - { - "name" : "13377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13377" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13377" + }, + { + "name": "12234", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/12234" + }, + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10095545.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10095545.htm" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2643.json b/2004/2xxx/CVE-2004-2643.json index 59049e6ec69..cbec5c97ebf 100644 --- a/2004/2xxx/CVE-2004-2643.json +++ b/2004/2xxx/CVE-2004-2643.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Microsoft cabarc allows remote attackers to overwrite files via \"../\" sequences in file names in a CAB archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041012 Microsoft cabarc directory traversal", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109759710121018&w=2" - }, - { - "name" : "20041012 Microsoft cabarc directory traversal", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0341.html" - }, - { - "name" : "http://packetstormsecurity.org/0410-exploits/cabarc.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0410-exploits/cabarc.txt" - }, - { - "name" : "11376", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11376" - }, - { - "name" : "10714", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10714" - }, - { - "name" : "1011626", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011626" - }, - { - "name" : "12816", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12816" - }, - { - "name" : "cabarc-dotdot-directory-traversal(17693)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Microsoft cabarc allows remote attackers to overwrite files via \"../\" sequences in file names in a CAB archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1011626", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011626" + }, + { + "name": "11376", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11376" + }, + { + "name": "10714", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10714" + }, + { + "name": "20041012 Microsoft cabarc directory traversal", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0341.html" + }, + { + "name": "12816", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12816" + }, + { + "name": "cabarc-dotdot-directory-traversal(17693)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17693" + }, + { + "name": "20041012 Microsoft cabarc directory traversal", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109759710121018&w=2" + }, + { + "name": "http://packetstormsecurity.org/0410-exploits/cabarc.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0410-exploits/cabarc.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2335.json b/2008/2xxx/CVE-2008-2335.json index 145df0f1347..17252352b64 100644 --- a/2008/2xxx/CVE-2008-2335.json +++ b/2008/2xxx/CVE-2008-2335.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 1.2.3 is also affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "27519", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/27519" - }, - { - "name" : "20150310 Vastal I-tech phpVID 1.2.3 Multiple XSS (Cross-site Scripting) Security Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2015/Mar/59" - }, - { - "name" : "6422", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6422" - }, - { - "name" : "http://holisticinfosec.org/content/view/65/45/", - "refsource" : "MISC", - "url" : "http://holisticinfosec.org/content/view/65/45/" - }, - { - "name" : "http://packetstormsecurity.com/files/122746/PHP-VID-XSS-SQL-Injection-CRLF-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/122746/PHP-VID-XSS-SQL-Injection-CRLF-Injection.html" - }, - { - "name" : "http://packetstormsecurity.com/files/130755/Vastal-I-tech-phpVID-1.2.3-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/130755/Vastal-I-tech-phpVID-1.2.3-Cross-Site-Scripting.html" - }, - { - "name" : "http://tetraph.com/security/xss-vulnerability/vastal-i-tech-phpvid-1-2-3-multiple-xss-cross-site-scripting-security-vulnerabilities/", - "refsource" : "MISC", - "url" : "http://tetraph.com/security/xss-vulnerability/vastal-i-tech-phpvid-1-2-3-multiple-xss-cross-site-scripting-security-vulnerabilities/" - }, - { - "name" : "29238", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29238" - }, - { - "name" : "45171", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/45171" - }, - { - "name" : "30152", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30152" - }, - { - "name" : "ADV-2008-2552", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2552" - }, - { - "name" : "phpvid-query-xss(42450)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42450" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 1.2.3 is also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpvid-query-xss(42450)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42450" + }, + { + "name": "27519", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/27519" + }, + { + "name": "ADV-2008-2552", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2552" + }, + { + "name": "http://tetraph.com/security/xss-vulnerability/vastal-i-tech-phpvid-1-2-3-multiple-xss-cross-site-scripting-security-vulnerabilities/", + "refsource": "MISC", + "url": "http://tetraph.com/security/xss-vulnerability/vastal-i-tech-phpvid-1-2-3-multiple-xss-cross-site-scripting-security-vulnerabilities/" + }, + { + "name": "30152", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30152" + }, + { + "name": "http://packetstormsecurity.com/files/122746/PHP-VID-XSS-SQL-Injection-CRLF-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/122746/PHP-VID-XSS-SQL-Injection-CRLF-Injection.html" + }, + { + "name": "20150310 Vastal I-tech phpVID 1.2.3 Multiple XSS (Cross-site Scripting) Security Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2015/Mar/59" + }, + { + "name": "29238", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29238" + }, + { + "name": "6422", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6422" + }, + { + "name": "http://holisticinfosec.org/content/view/65/45/", + "refsource": "MISC", + "url": "http://holisticinfosec.org/content/view/65/45/" + }, + { + "name": "45171", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/45171" + }, + { + "name": "http://packetstormsecurity.com/files/130755/Vastal-I-tech-phpVID-1.2.3-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/130755/Vastal-I-tech-phpVID-1.2.3-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2517.json b/2008/2xxx/CVE-2008-2517.json index 9b619259591..159847a54f0 100644 --- a/2008/2xxx/CVE-2008-2517.json +++ b/2008/2xxx/CVE-2008-2517.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sarab.sh script in SaraB before 0.2.4 places the dar program's encryption key on the command line, which allows local users to obtain sensitive information by listing the process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?r1=34&r2=36", - "refsource" : "CONFIRM", - "url" : "http://sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?r1=34&r2=36" - }, - { - "name" : "http://sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?view=log", - "refsource" : "CONFIRM", - "url" : "http://sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?view=log" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=601603&group_id=91804", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=601603&group_id=91804" - }, - { - "name" : "29364", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29364" - }, - { - "name" : "ADV-2008-1659", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1659/references" - }, - { - "name" : "30394", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30394" - }, - { - "name" : "sarab-ciphers-information-disclosure(42621)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sarab.sh script in SaraB before 0.2.4 places the dar program's encryption key on the command line, which allows local users to obtain sensitive information by listing the process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sarab-ciphers-information-disclosure(42621)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42621" + }, + { + "name": "http://sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?r1=34&r2=36", + "refsource": "CONFIRM", + "url": "http://sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?r1=34&r2=36" + }, + { + "name": "http://sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?view=log", + "refsource": "CONFIRM", + "url": "http://sarab.svn.sourceforge.net/viewvc/sarab/sarab/sarab.sh?view=log" + }, + { + "name": "ADV-2008-1659", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1659/references" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=601603&group_id=91804", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=601603&group_id=91804" + }, + { + "name": "29364", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29364" + }, + { + "name": "30394", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30394" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2799.json b/2008/2xxx/CVE-2008-2799.json index 48ee2755433..53830bfa7ef 100644 --- a/2008/2xxx/CVE-2008-2799.json +++ b/2008/2xxx/CVE-2008-2799.json @@ -1,332 +1,332 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-2799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080708 rPSA-2008-0216-1 firefox", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494080/100/0/threaded" - }, - { - "name" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15" - }, - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-21.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=356378", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=356378" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=380833", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=380833" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=418128", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=418128" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=431409", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=431409" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2646", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2646" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0216", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0216" - }, - { - "name" : "DSA-1607", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1607" - }, - { - "name" : "DSA-1615", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1615" - }, - { - "name" : "DSA-1621", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1621" - }, - { - "name" : "DSA-1697", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1697" - }, - { - "name" : "FEDORA-2008-6127", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html" - }, - { - "name" : "FEDORA-2008-6193", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html" - }, - { - "name" : "FEDORA-2008-6196", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html" - }, - { - "name" : "FEDORA-2008-6706", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html" - }, - { - "name" : "FEDORA-2008-6737", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html" - }, - { - "name" : "GLSA-200808-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200808-03.xml" - }, - { - "name" : "MDVSA-2008:136", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136" - }, - { - "name" : "MDVSA-2008:155", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155" - }, - { - "name" : "RHSA-2008:0547", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0547.html" - }, - { - "name" : "RHSA-2008:0549", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0549.html" - }, - { - "name" : "RHSA-2008:0569", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0569.html" - }, - { - "name" : "RHSA-2008:0616", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-0616.html" - }, - { - "name" : "SSA:2008-191-03", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152" - }, - { - "name" : "SSA:2008-210-05", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484" - }, - { - "name" : "SSA:2008-191", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911" - }, - { - "name" : "SUSE-SA:2008:034", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html" - }, - { - "name" : "USN-619-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-619-1" - }, - { - "name" : "USN-629-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-629-1" - }, - { - "name" : "30038", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30038" - }, - { - "name" : "oval:org.mitre.oval:def:10743", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10743" - }, - { - "name" : "31076", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31076" - }, - { - "name" : "ADV-2008-1993", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1993/references" - }, - { - "name" : "1020419", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020419" - }, - { - "name" : "30911", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30911" - }, - { - "name" : "30915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30915" - }, - { - "name" : "30878", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30878" - }, - { - "name" : "30898", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30898" - }, - { - "name" : "30903", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30903" - }, - { - "name" : "30949", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30949" - }, - { - "name" : "31005", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31005" - }, - { - "name" : "31008", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31008" - }, - { - "name" : "31069", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31069" - }, - { - "name" : "31023", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31023" - }, - { - "name" : "31183", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31183" - }, - { - "name" : "31195", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31195" - }, - { - "name" : "31220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31220" - }, - { - "name" : "31253", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31253" - }, - { - "name" : "31377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31377" - }, - { - "name" : "31286", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31286" - }, - { - "name" : "31403", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31403" - }, - { - "name" : "31021", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31021" - }, - { - "name" : "33433", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SA:2008:034", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=380833", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=380833" + }, + { + "name": "RHSA-2008:0549", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html" + }, + { + "name": "DSA-1697", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1697" + }, + { + "name": "31021", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31021" + }, + { + "name": "30898", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30898" + }, + { + "name": "31403", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31403" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0216", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2646", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2646" + }, + { + "name": "30949", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30949" + }, + { + "name": "SSA:2008-191-03", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152" + }, + { + "name": "31069", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31069" + }, + { + "name": "31008", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31008" + }, + { + "name": "31377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31377" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=356378", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=356378" + }, + { + "name": "RHSA-2008:0616", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html" + }, + { + "name": "ADV-2008-1993", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1993/references" + }, + { + "name": "31023", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31023" + }, + { + "name": "MDVSA-2008:155", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155" + }, + { + "name": "30038", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30038" + }, + { + "name": "30915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30915" + }, + { + "name": "DSA-1607", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1607" + }, + { + "name": "GLSA-200808-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200808-03.xml" + }, + { + "name": "31005", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31005" + }, + { + "name": "33433", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33433" + }, + { + "name": "FEDORA-2008-6127", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html" + }, + { + "name": "1020419", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020419" + }, + { + "name": "31253", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31253" + }, + { + "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15" + }, + { + "name": "FEDORA-2008-6737", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html" + }, + { + "name": "31183", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31183" + }, + { + "name": "30903", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30903" + }, + { + "name": "RHSA-2008:0547", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html" + }, + { + "name": "FEDORA-2008-6193", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html" + }, + { + "name": "USN-629-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-629-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=431409", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=431409" + }, + { + "name": "SSA:2008-191", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911" + }, + { + "name": "SSA:2008-210-05", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=418128", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=418128" + }, + { + "name": "DSA-1615", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1615" + }, + { + "name": "FEDORA-2008-6706", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html" + }, + { + "name": "31220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31220" + }, + { + "name": "31195", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31195" + }, + { + "name": "oval:org.mitre.oval:def:10743", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10743" + }, + { + "name": "31076", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31076" + }, + { + "name": "USN-619-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-619-1" + }, + { + "name": "30911", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30911" + }, + { + "name": "RHSA-2008:0569", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-21.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-21.html" + }, + { + "name": "30878", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30878" + }, + { + "name": "DSA-1621", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1621" + }, + { + "name": "20080708 rPSA-2008-0216-1 firefox", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded" + }, + { + "name": "31286", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31286" + }, + { + "name": "FEDORA-2008-6196", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html" + }, + { + "name": "MDVSA-2008:136", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2826.json b/2008/2xxx/CVE-2008-2826.json index 0c83752a6b3..fce6bd5daf3 100644 --- a/2008/2xxx/CVE-2008-2826.json +++ b/2008/2xxx/CVE-2008-2826.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the sctp_getsockopt_local_addrs_old function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service (resource consumption and system outage) via vectors involving a large addr_num field in an sctp_getaddrs_old data structure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=735ce972fbc8a65fb17788debd7bbe7b4383cc62", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=735ce972fbc8a65fb17788debd7bbe7b4383cc62" - }, - { - "name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.9", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.9" - }, - { - "name" : "http://lwn.net/Articles/287350/", - "refsource" : "CONFIRM", - "url" : "http://lwn.net/Articles/287350/" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0207", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0207" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2629", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2629" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.7", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.7" - }, - { - "name" : "DSA-1630", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1630" - }, - { - "name" : "MDVSA-2008:167", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:167" - }, - { - "name" : "MDVSA-2008:174", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:174" - }, - { - "name" : "RHSA-2008:0585", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0585.html" - }, - { - "name" : "SUSE-SA:2008:037", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html" - }, - { - "name" : "SUSE-SA:2008:052", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html" - }, - { - "name" : "USN-625-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-625-1" - }, - { - "name" : "29990", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29990" - }, - { - "name" : "32370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32370" - }, - { - "name" : "ADV-2008-2511", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2511" - }, - { - "name" : "1020514", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020514" - }, - { - "name" : "30901", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30901" - }, - { - "name" : "31107", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31107" - }, - { - "name" : "31202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31202" - }, - { - "name" : "31628", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31628" - }, - { - "name" : "31551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31551" - }, - { - "name" : "linux-kernel-sctpgetsockopt-dos(43559)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the sctp_getsockopt_local_addrs_old function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service (resource consumption and system outage) via vectors involving a large addr_num field in an sctp_getaddrs_old data structure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0207", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0207" + }, + { + "name": "DSA-1630", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1630" + }, + { + "name": "29990", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29990" + }, + { + "name": "MDVSA-2008:167", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:167" + }, + { + "name": "SUSE-SA:2008:052", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.7", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.7" + }, + { + "name": "31551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31551" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=735ce972fbc8a65fb17788debd7bbe7b4383cc62", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=735ce972fbc8a65fb17788debd7bbe7b4383cc62" + }, + { + "name": "30901", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30901" + }, + { + "name": "RHSA-2008:0585", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0585.html" + }, + { + "name": "linux-kernel-sctpgetsockopt-dos(43559)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43559" + }, + { + "name": "MDVSA-2008:174", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:174" + }, + { + "name": "31107", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31107" + }, + { + "name": "SUSE-SA:2008:037", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.9", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.9" + }, + { + "name": "http://lwn.net/Articles/287350/", + "refsource": "CONFIRM", + "url": "http://lwn.net/Articles/287350/" + }, + { + "name": "ADV-2008-2511", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2511" + }, + { + "name": "32370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32370" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2629", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2629" + }, + { + "name": "31628", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31628" + }, + { + "name": "31202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31202" + }, + { + "name": "USN-625-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-625-1" + }, + { + "name": "1020514", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020514" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2846.json b/2008/2xxx/CVE-2008-2846.json index a77742bd93c..ae7f8fd51fc 100644 --- a/2008/2xxx/CVE-2008-2846.json +++ b/2008/2xxx/CVE-2008-2846.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in BoatScripts Classifieds allows remote attackers to execute arbitrary SQL commands via the type parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5858", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5858" - }, - { - "name" : "29801", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29801" - }, - { - "name" : "30743", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30743" - }, - { - "name" : "boatscripts-index-sql-injection(43182)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in BoatScripts Classifieds allows remote attackers to execute arbitrary SQL commands via the type parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "boatscripts-index-sql-injection(43182)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43182" + }, + { + "name": "30743", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30743" + }, + { + "name": "29801", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29801" + }, + { + "name": "5858", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5858" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3565.json b/2008/3xxx/CVE-2008-3565.json index 61434b142ee..910042a0231 100644 --- a/2008/3xxx/CVE-2008-3565.json +++ b/2008/3xxx/CVE-2008-3565.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/bid/30531/exploit", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/bid/30531/exploit" - }, - { - "name" : "30531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30531" - }, - { - "name" : "31355", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31355" - }, - { - "name" : "mrbs-area-xss(44188)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securityfocus.com/bid/30531/exploit", + "refsource": "MISC", + "url": "http://www.securityfocus.com/bid/30531/exploit" + }, + { + "name": "mrbs-area-xss(44188)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44188" + }, + { + "name": "30531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30531" + }, + { + "name": "31355", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31355" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6058.json b/2008/6xxx/CVE-2008-6058.json index 6855cf18b24..59b56ce6b5a 100644 --- a/2008/6xxx/CVE-2008-6058.json +++ b/2008/6xxx/CVE-2008-6058.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Syslserve 1.058 and earlier, and probably 1.059, allows remote attackers to cause a denial of service (hang) via a crafted UDP Syslog packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.princeofnigeria.org/blogs/index.php/2009/01/15/syslserve-1-058-denial-of-service-vulner", - "refsource" : "MISC", - "url" : "http://www.princeofnigeria.org/blogs/index.php/2009/01/15/syslserve-1-058-denial-of-service-vulner" - }, - { - "name" : "http://www.syslserve.com/changelog.html", - "refsource" : "CONFIRM", - "url" : "http://www.syslserve.com/changelog.html" - }, - { - "name" : "33311", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33311" - }, - { - "name" : "33566", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33566" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Syslserve 1.058 and earlier, and probably 1.059, allows remote attackers to cause a denial of service (hang) via a crafted UDP Syslog packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.princeofnigeria.org/blogs/index.php/2009/01/15/syslserve-1-058-denial-of-service-vulner", + "refsource": "MISC", + "url": "http://www.princeofnigeria.org/blogs/index.php/2009/01/15/syslserve-1-058-denial-of-service-vulner" + }, + { + "name": "http://www.syslserve.com/changelog.html", + "refsource": "CONFIRM", + "url": "http://www.syslserve.com/changelog.html" + }, + { + "name": "33566", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33566" + }, + { + "name": "33311", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33311" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6119.json b/2008/6xxx/CVE-2008-6119.json index 5716fe5e34c..8393cc1c35d 100644 --- a/2008/6xxx/CVE-2008-6119.json +++ b/2008/6xxx/CVE-2008-6119.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Static code injection vulnerability in gooplecms/admin/account/action/editpass.php in Goople CMS 1.7 allows remote attackers to inject arbitrary PHP code into admin/userandpass.php via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "33848", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33848" - }, - { - "name" : "32819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32819" - }, - { - "name" : "gooplecms-editpass-code-execution(46800)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46800" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Static code injection vulnerability in gooplecms/admin/account/action/editpass.php in Goople CMS 1.7 allows remote attackers to inject arbitrary PHP code into admin/userandpass.php via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32819" + }, + { + "name": "gooplecms-editpass-code-execution(46800)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46800" + }, + { + "name": "33848", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33848" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6510.json b/2008/6xxx/CVE-2008-6510.json index 5819106178d..9b71e49fa9f 100644 --- a/2008/6xxx/CVE-2008-6510.json +++ b/2008/6xxx/CVE-2008-6510.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to inject arbitrary web script or HTML via the url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081108 [AK-ADV2008-001] Openfire Jabber-Server: Multiple Vulnerabilities (Authentication Bypass, SQL injection, ...)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498162/100/0/threaded" - }, - { - "name" : "7075", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7075" - }, - { - "name" : "http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt", - "refsource" : "MISC", - "url" : "http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt" - }, - { - "name" : "http://www.igniterealtime.org/issues/browse/JM-629", - "refsource" : "CONFIRM", - "url" : "http://www.igniterealtime.org/issues/browse/JM-629" - }, - { - "name" : "32189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32189" - }, - { - "name" : "ADV-2008-3061", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3061" - }, - { - "name" : "openfire-url-xss(46486)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to inject arbitrary web script or HTML via the url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7075", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7075" + }, + { + "name": "http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt", + "refsource": "MISC", + "url": "http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt" + }, + { + "name": "http://www.igniterealtime.org/issues/browse/JM-629", + "refsource": "CONFIRM", + "url": "http://www.igniterealtime.org/issues/browse/JM-629" + }, + { + "name": "openfire-url-xss(46486)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46486" + }, + { + "name": "32189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32189" + }, + { + "name": "20081108 [AK-ADV2008-001] Openfire Jabber-Server: Multiple Vulnerabilities (Authentication Bypass, SQL injection, ...)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498162/100/0/threaded" + }, + { + "name": "ADV-2008-3061", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3061" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6535.json b/2008/6xxx/CVE-2008-6535.json index f6805067c89..157d968eed6 100644 --- a/2008/6xxx/CVE-2008-6535.json +++ b/2008/6xxx/CVE-2008-6535.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6535", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6535", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7367", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7367" - }, - { - "name" : "50682", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50682" - }, - { - "name" : "33036", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33036" - }, - { - "name" : "paypalestores-settings-security-bypass(47203)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/settings.php in PayPal eStores allows remote attackers to bypass intended access restrictions and change the administrative password via a direct request with a modified NewAdmin parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33036", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33036" + }, + { + "name": "7367", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7367" + }, + { + "name": "paypalestores-settings-security-bypass(47203)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47203" + }, + { + "name": "50682", + "refsource": "OSVDB", + "url": "http://osvdb.org/50682" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7155.json b/2008/7xxx/CVE-2008-7155.json index 96a4c540e7d..49deeffef82 100644 --- a/2008/7xxx/CVE-2008-7155.json +++ b/2008/7xxx/CVE-2008-7155.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/27150.pl", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/27150.pl" - }, - { - "name" : "27150", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27150" - }, - { - "name" : "netrisk-changesubmit-information-disclosure(39465)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetRisk 1.9.7 does not properly restrict access to admin/change_submit.php, which allows remote attackers to change the password of arbitrary users via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27150", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27150" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/27150.pl", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/27150.pl" + }, + { + "name": "netrisk-changesubmit-information-disclosure(39465)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39465" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7248.json b/2008/7xxx/CVE-2008-7248.json index 19688776f67..c96d6cfafcd 100644 --- a/2008/7xxx/CVE-2008-7248.json +++ b/2008/7xxx/CVE-2008-7248.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-7248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20091128 CVE request: Ruby on Rails: CSRF circumvention (from 2008)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/11/28/1" - }, - { - "name" : "[oss-security] 20091202 Re: CVE request: Ruby on Rails: CSRF circumvention (from 2008)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/12/02/2" - }, - { - "name" : "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en", - "refsource" : "MISC", - "url" : "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en" - }, - { - "name" : "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/", - "refsource" : "MISC", - "url" : "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/" - }, - { - "name" : "http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html", - "refsource" : "MISC", - "url" : "http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html" - }, - { - "name" : "http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1", - "refsource" : "CONFIRM", - "url" : "http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1" - }, - { - "name" : "SUSE-SR:2010:006", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html" - }, - { - "name" : "36600", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36600" - }, - { - "name" : "38915", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38915" - }, - { - "name" : "ADV-2009-2544", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20091128 CVE request: Ruby on Rails: CSRF circumvention (from 2008)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/11/28/1" + }, + { + "name": "http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html", + "refsource": "MISC", + "url": "http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html" + }, + { + "name": "36600", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36600" + }, + { + "name": "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/", + "refsource": "MISC", + "url": "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/" + }, + { + "name": "http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1", + "refsource": "CONFIRM", + "url": "http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1" + }, + { + "name": "ADV-2009-2544", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2544" + }, + { + "name": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en", + "refsource": "MISC", + "url": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en" + }, + { + "name": "SUSE-SR:2010:006", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html" + }, + { + "name": "[oss-security] 20091202 Re: CVE request: Ruby on Rails: CSRF circumvention (from 2008)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/12/02/2" + }, + { + "name": "38915", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38915" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5107.json b/2012/5xxx/CVE-2012-5107.json index 9ff96945aa2..8d93dd2c617 100644 --- a/2012/5xxx/CVE-2012-5107.json +++ b/2012/5xxx/CVE-2012-5107.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5107", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5107", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5798.json b/2012/5xxx/CVE-2012-5798.json index d6a1b47c7c8..b57569f4d25 100644 --- a/2012/5xxx/CVE-2012-5798.json +++ b/2012/5xxx/CVE-2012-5798.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", - "refsource" : "MISC", - "url" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PayPal Pro PayFlow EC module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", + "refsource": "MISC", + "url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5839.json b/2012/5xxx/CVE-2012-5839.json index f8b11d38213..d5ad9be2d27 100644 --- a/2012/5xxx/CVE-2012-5839.json +++ b/2012/5xxx/CVE-2012-5839.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=804927", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=804927" - }, - { - "name" : "http://www.palemoon.org/releasenotes-ng.shtml", - "refsource" : "CONFIRM", - "url" : "http://www.palemoon.org/releasenotes-ng.shtml" - }, - { - "name" : "MDVSA-2012:173", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" - }, - { - "name" : "RHSA-2012:1482", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1482.html" - }, - { - "name" : "RHSA-2012:1483", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1483.html" - }, - { - "name" : "openSUSE-SU-2012:1583", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" - }, - { - "name" : "openSUSE-SU-2012:1585", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" - }, - { - "name" : "openSUSE-SU-2012:1586", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" - }, - { - "name" : "SUSE-SU-2012:1592", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" - }, - { - "name" : "openSUSE-SU-2013:0175", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" - }, - { - "name" : "USN-1638-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1638-1" - }, - { - "name" : "USN-1638-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1638-3" - }, - { - "name" : "USN-1638-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1638-2" - }, - { - "name" : "USN-1636-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1636-1" - }, - { - "name" : "56637", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56637" - }, - { - "name" : "87607", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87607" - }, - { - "name" : "oval:org.mitre.oval:def:16968", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16968" - }, - { - "name" : "51359", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51359" - }, - { - "name" : "51360", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51360" - }, - { - "name" : "51369", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51369" - }, - { - "name" : "51381", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51381" - }, - { - "name" : "51434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51434" - }, - { - "name" : "51439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51439" - }, - { - "name" : "51440", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51440" - }, - { - "name" : "51370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51370" - }, - { - "name" : "firefox-gfxshapedword-bo(80196)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80196" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1638-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1638-3" + }, + { + "name": "oval:org.mitre.oval:def:16968", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16968" + }, + { + "name": "51370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51370" + }, + { + "name": "USN-1638-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1638-2" + }, + { + "name": "openSUSE-SU-2012:1586", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" + }, + { + "name": "USN-1636-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1636-1" + }, + { + "name": "openSUSE-SU-2013:0175", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" + }, + { + "name": "RHSA-2012:1483", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html" + }, + { + "name": "firefox-gfxshapedword-bo(80196)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80196" + }, + { + "name": "http://www.palemoon.org/releasenotes-ng.shtml", + "refsource": "CONFIRM", + "url": "http://www.palemoon.org/releasenotes-ng.shtml" + }, + { + "name": "RHSA-2012:1482", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html" + }, + { + "name": "51434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51434" + }, + { + "name": "openSUSE-SU-2012:1583", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" + }, + { + "name": "51439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51439" + }, + { + "name": "87607", + "refsource": "OSVDB", + "url": "http://osvdb.org/87607" + }, + { + "name": "51440", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51440" + }, + { + "name": "USN-1638-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1638-1" + }, + { + "name": "SUSE-SU-2012:1592", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" + }, + { + "name": "51359", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51359" + }, + { + "name": "MDVSA-2012:173", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" + }, + { + "name": "openSUSE-SU-2012:1585", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" + }, + { + "name": "51381", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51381" + }, + { + "name": "51369", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51369" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html" + }, + { + "name": "51360", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51360" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=804927", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=804927" + }, + { + "name": "56637", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56637" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11040.json b/2017/11xxx/CVE-2017-11040.json index 4c49175f309..31ba9895825 100644 --- a/2017/11xxx/CVE-2017-11040.json +++ b/2017/11xxx/CVE-2017-11040.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-11040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, when reading from sysfs nodes, one can read more information than it is allowed to." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-11040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100658", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, when reading from sysfs nodes, one can read more information than it is allowed to." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + }, + { + "name": "100658", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100658" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11276.json b/2017/11xxx/CVE-2017-11276.json index 4b0b7670490..e0e0796801a 100644 --- a/2017/11xxx/CVE-2017-11276.json +++ b/2017/11xxx/CVE-2017-11276.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-11276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Digital Editions", - "version" : { - "version_data" : [ - { - "version_value" : "4.5.4 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "Adobe Systems Incorporated" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-11276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Digital Editions", + "version": { + "version_data": [ + { + "version_value": "4.5.4 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "Adobe Systems Incorporated" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html" - }, - { - "name" : "100244", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100244" - }, - { - "name" : "1039100", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039100" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039100", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039100" + }, + { + "name": "100244", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100244" + }, + { + "name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-27.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11388.json b/2017/11xxx/CVE-2017-11388.json index d9d749135fd..b2382e34389 100644 --- a/2017/11xxx/CVE-2017-11388.json +++ b/2017/11xxx/CVE-2017-11388.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2017-11388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2017-11388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-498", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-498" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-499", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-499" - }, - { - "name" : "https://success.trendmicro.com/solution/1117722", - "refsource" : "MISC", - "url" : "https://success.trendmicro.com/solution/1117722" - }, - { - "name" : "100078", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100078" - }, - { - "name" : "1039049", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when RestfulServiceUtility.NET.dll doesn't properly validate user provided strings before constructing SQL queries. Formerly ZDI-CAN-4639 and ZDI-CAN-4638." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100078", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100078" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-499", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-499" + }, + { + "name": "1039049", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039049" + }, + { + "name": "https://success.trendmicro.com/solution/1117722", + "refsource": "MISC", + "url": "https://success.trendmicro.com/solution/1117722" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-498", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-498" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11491.json b/2017/11xxx/CVE-2017-11491.json index d52f948bb7b..13e86c90878 100644 --- a/2017/11xxx/CVE-2017-11491.json +++ b/2017/11xxx/CVE-2017-11491.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11491", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-11491", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14679.json b/2017/14xxx/CVE-2017-14679.json index 4b47e28373a..afb60f1ba29 100644 --- a/2017/14xxx/CVE-2017-14679.json +++ b/2017/14xxx/CVE-2017-14679.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14679", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-14679", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14994.json b/2017/14xxx/CVE-2017-14994.json index ba790a07445..8c10745c946 100644 --- a/2017/14xxx/CVE-2017-14994.json +++ b/2017/14xxx/CVE-2017-14994.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" - }, - { - "name" : "https://nandynarwhals.org/CVE-2017-14994/", - "refsource" : "MISC", - "url" : "https://nandynarwhals.org/CVE-2017-14994/" - }, - { - "name" : "http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264", - "refsource" : "CONFIRM", - "url" : "http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264" - }, - { - "name" : "https://sourceforge.net/p/graphicsmagick/bugs/512/", - "refsource" : "CONFIRM", - "url" : "https://sourceforge.net/p/graphicsmagick/bugs/512/" - }, - { - "name" : "DSA-4321", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4321" - }, - { - "name" : "101182", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101182" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/graphicsmagick/bugs/512/", + "refsource": "CONFIRM", + "url": "https://sourceforge.net/p/graphicsmagick/bugs/512/" + }, + { + "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264", + "refsource": "CONFIRM", + "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264" + }, + { + "name": "101182", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101182" + }, + { + "name": "DSA-4321", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4321" + }, + { + "name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" + }, + { + "name": "https://nandynarwhals.org/CVE-2017-14994/", + "refsource": "MISC", + "url": "https://nandynarwhals.org/CVE-2017-14994/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15719.json b/2017/15xxx/CVE-2017-15719.json index a0da8631a4a..8f1ee0ed264 100644 --- a/2017/15xxx/CVE-2017-15719.json +++ b/2017/15xxx/CVE-2017-15719.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-02-25T00:00:00", - "ID" : "CVE-2017-15719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Wicket jQuery UI", - "version" : { - "version_data" : [ - { - "version_value" : "<= 6.28.0" - }, - { - "version_value" : "<= 7.9.1" - }, - { - "version_value" : "<= 8.0.0-M8" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XSS" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-02-25T00:00:00", + "ID": "CVE-2017-15719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Wicket jQuery UI", + "version": { + "version_data": [ + { + "version_value": "<= 6.28.0" + }, + { + "version_value": "<= 7.9.1" + }, + { + "version_value": "<= 8.0.0-M8" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openmeetings.apache.org/security.html#_toc_cve-2017-15719_-_wicket_jquery_ui_xss_in_wysiwyg_e", - "refsource" : "CONFIRM", - "url" : "http://openmeetings.apache.org/security.html#_toc_cve-2017-15719_-_wicket_jquery_ui_xss_in_wysiwyg_e" - }, - { - "name" : "https://github.com/sebfz1/wicket-jquery-ui/wiki#cve-2017-15719---xss-in-wysiwyg-editor", - "refsource" : "CONFIRM", - "url" : "https://github.com/sebfz1/wicket-jquery-ui/wiki#cve-2017-15719---xss-in-wysiwyg-editor" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/sebfz1/wicket-jquery-ui/wiki#cve-2017-15719---xss-in-wysiwyg-editor", + "refsource": "CONFIRM", + "url": "https://github.com/sebfz1/wicket-jquery-ui/wiki#cve-2017-15719---xss-in-wysiwyg-editor" + }, + { + "name": "http://openmeetings.apache.org/security.html#_toc_cve-2017-15719_-_wicket_jquery_ui_xss_in_wysiwyg_e", + "refsource": "CONFIRM", + "url": "http://openmeetings.apache.org/security.html#_toc_cve-2017-15719_-_wicket_jquery_ui_xss_in_wysiwyg_e" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3307.json b/2017/3xxx/CVE-2017-3307.json index 7f98b9d03f6..5b0dc80b836 100644 --- a/2017/3xxx/CVE-2017-3307.json +++ b/2017/3xxx/CVE-2017-3307.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Enterprise Monitor", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "3.1.6.8003 and earlier" - }, - { - "version_affected" : "=", - "version_value" : "3.2.1182 and earlier" - }, - { - "version_affected" : "=", - "version_value" : "3.3.2.1162 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier, 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Enterprise Monitor", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "3.1.6.8003 and earlier" + }, + { + "version_affected": "=", + "version_value": "3.2.1182 and earlier" + }, + { + "version_affected": "=", + "version_value": "3.3.2.1162 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97844", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97844" - }, - { - "name" : "1038287", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier, 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97844", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97844" + }, + { + "name": "1038287", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038287" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8442.json b/2017/8xxx/CVE-2017-8442.json index a85ad5343d3..a4172e67795 100644 --- a/2017/8xxx/CVE-2017-8442.json +++ b/2017/8xxx/CVE-2017-8442.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@elastic.co", - "ID" : "CVE-2017-8442", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Elasticsearch X-Pack Security", - "version" : { - "version_data" : [ - { - "version_value" : "5.0.0 to 5.4.3" - } - ] - } - } - ] - }, - "vendor_name" : "Elastic" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated Elasticsearch user to improperly view these details." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')" - } + "CVE_data_meta": { + "ASSIGNER": "security@elastic.co", + "ID": "CVE-2017-8442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Elasticsearch X-Pack Security", + "version": { + "version_data": [ + { + "version_value": "5.0.0 to 5.4.3" + } + ] + } + } + ] + }, + "vendor_name": "Elastic" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.elastic.co/community/security", - "refsource" : "CONFIRM", - "url" : "https://www.elastic.co/community/security" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated Elasticsearch user to improperly view these details." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.elastic.co/community/security", + "refsource": "CONFIRM", + "url": "https://www.elastic.co/community/security" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8597.json b/2017/8xxx/CVE-2017-8597.json index 06ce27d4ec5..70dce7b1a1c 100644 --- a/2017/8xxx/CVE-2017-8597.json +++ b/2017/8xxx/CVE-2017-8597.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-09-12T00:00:00", - "ID" : "CVE-2017-8597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 Version 1703" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8643 and CVE-2017-8648." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-09-12T00:00:00", + "ID": "CVE-2017-8597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 Version 1703" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8597", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8597" - }, - { - "name" : "100745", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100745" - }, - { - "name" : "1039326", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8643 and CVE-2017-8648." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100745", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100745" + }, + { + "name": "1039326", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039326" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8597", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8597" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8632.json b/2017/8xxx/CVE-2017-8632.json index f9dec5d8d34..db22d7fbe0b 100644 --- a/2017/8xxx/CVE-2017-8632.json +++ b/2017/8xxx/CVE-2017-8632.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-09-12T00:00:00", - "ID" : "CVE-2017-8632", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-09-12T00:00:00", + "ID": "CVE-2017-8632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1 Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632" - }, - { - "name" : "100734", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100734" - }, - { - "name" : "1039315", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039315" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8632" + }, + { + "name": "100734", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100734" + }, + { + "name": "1039315", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039315" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8909.json b/2017/8xxx/CVE-2017-8909.json index 2ee359f701a..01d1e006dab 100644 --- a/2017/8xxx/CVE-2017-8909.json +++ b/2017/8xxx/CVE-2017-8909.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8909", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8909", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8928.json b/2017/8xxx/CVE-2017-8928.json index 40d46b7839b..33e50f1e8cd 100644 --- a/2017/8xxx/CVE-2017-8928.json +++ b/2017/8xxx/CVE-2017-8928.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mailcow 0.14, as used in \"mailcow: dockerized\" and other products, has CSRF." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42004", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42004/" - }, - { - "name" : "https://github.com/mailcow/mailcow-dockerized/pull/268/commits/3c937f75ba5853ada175542d5c4849fb95eb64cd", - "refsource" : "CONFIRM", - "url" : "https://github.com/mailcow/mailcow-dockerized/pull/268/commits/3c937f75ba5853ada175542d5c4849fb95eb64cd" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mailcow 0.14, as used in \"mailcow: dockerized\" and other products, has CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42004", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42004/" + }, + { + "name": "https://github.com/mailcow/mailcow-dockerized/pull/268/commits/3c937f75ba5853ada175542d5c4849fb95eb64cd", + "refsource": "CONFIRM", + "url": "https://github.com/mailcow/mailcow-dockerized/pull/268/commits/3c937f75ba5853ada175542d5c4849fb95eb64cd" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12148.json b/2018/12xxx/CVE-2018-12148.json index 9962e983229..7fba10bb17e 100644 --- a/2018/12xxx/CVE-2018-12148.json +++ b/2018/12xxx/CVE-2018-12148.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2018-09-11T00:00:00", - "ID" : "CVE-2018-12148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel(R) Driver & Support Assistant", - "version" : { - "version_data" : [ - { - "version_value" : "Versions before 3.5.0.1." - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2018-09-11T00:00:00", + "ID": "CVE-2018-12148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel(R) Driver & Support Assistant", + "version": { + "version_data": [ + { + "version_value": "Versions before 3.5.0.1." + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00165.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00165.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00165.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00165.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12657.json b/2018/12xxx/CVE-2018-12657.json index ab2a211d6c6..9df37395fa7 100644 --- a/2018/12xxx/CVE-2018-12657.json +++ b/2018/12xxx/CVE-2018-12657.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/master_file/rda_cmc.php?keywords= URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/slims/slims8_akasia/issues/101", - "refsource" : "MISC", - "url" : "https://github.com/slims/slims8_akasia/issues/101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/master_file/rda_cmc.php?keywords= URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/slims/slims8_akasia/issues/101", + "refsource": "MISC", + "url": "https://github.com/slims/slims8_akasia/issues/101" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13320.json b/2018/13xxx/CVE-2018-13320.json index a7e71100bdc..2857a1f07da 100644 --- a/2018/13xxx/CVE-2018-13320.json +++ b/2018/13xxx/CVE-2018-13320.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13320", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13320", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d", - "refsource" : "MISC", - "url" : "https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d", + "refsource": "MISC", + "url": "https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13755.json b/2018/13xxx/CVE-2018-13755.json index 9d1d78a8053..b41f48ef170 100644 --- a/2018/13xxx/CVE-2018-13755.json +++ b/2018/13xxx/CVE-2018-13755.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for OTAKUToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/OTAKUToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/OTAKUToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for OTAKUToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/OTAKUToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/OTAKUToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13762.json b/2018/13xxx/CVE-2018-13762.json index 2a9b7d61a23..c2e68f9c90c 100644 --- a/2018/13xxx/CVE-2018-13762.json +++ b/2018/13xxx/CVE-2018-13762.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for Yumerium, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Yumerium", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Yumerium" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for Yumerium, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Yumerium", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Yumerium" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16542.json b/2018/16xxx/CVE-2018-16542.json index f67da9cce42..fb6c8e8f01c 100644 --- a/2018/16xxx/CVE-2018-16542.json +++ b/2018/16xxx/CVE-2018-16542.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html" - }, - { - "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b575e1ec42cc86f6a58c603f2a88fcc2af699cc8", - "refsource" : "MISC", - "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b575e1ec42cc86f6a58c603f2a88fcc2af699cc8" - }, - { - "name" : "http://seclists.org/oss-sec/2018/q3/182", - "refsource" : "MISC", - "url" : "http://seclists.org/oss-sec/2018/q3/182" - }, - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=699668", - "refsource" : "MISC", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=699668" - }, - { - "name" : "DSA-4288", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4288" - }, - { - "name" : "GLSA-201811-12", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-12" - }, - { - "name" : "RHSA-2018:2918", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2918" - }, - { - "name" : "USN-3768-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3768-1/" - }, - { - "name" : "105337", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105337" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:2918", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2918" + }, + { + "name": "GLSA-201811-12", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-12" + }, + { + "name": "USN-3768-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3768-1/" + }, + { + "name": "105337", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105337" + }, + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=699668", + "refsource": "MISC", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=699668" + }, + { + "name": "DSA-4288", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4288" + }, + { + "name": "[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html" + }, + { + "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b575e1ec42cc86f6a58c603f2a88fcc2af699cc8", + "refsource": "MISC", + "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b575e1ec42cc86f6a58c603f2a88fcc2af699cc8" + }, + { + "name": "http://seclists.org/oss-sec/2018/q3/182", + "refsource": "MISC", + "url": "http://seclists.org/oss-sec/2018/q3/182" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16566.json b/2018/16xxx/CVE-2018-16566.json index f18c4d50ee9..201db825d8f 100644 --- a/2018/16xxx/CVE-2018-16566.json +++ b/2018/16xxx/CVE-2018-16566.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16566", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16566", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16691.json b/2018/16xxx/CVE-2018-16691.json index fe02964e814..91cdfde49ce 100644 --- a/2018/16xxx/CVE-2018-16691.json +++ b/2018/16xxx/CVE-2018-16691.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16691", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16691", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17011.json b/2018/17xxx/CVE-2018-17011.json index b8c3ca93961..913d744e2a5 100644 --- a/2018/17xxx/CVE-2018-17011.json +++ b/2018/17xxx/CVE-2018-17011.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info para sun." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_07/README.md", - "refsource" : "MISC", - "url" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_07/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for hosts_info para sun." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_07/README.md", + "refsource": "MISC", + "url": "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_07/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17472.json b/2018/17xxx/CVE-2018-17472.json index 3413128f2f0..c47a58b5a05 100644 --- a/2018/17xxx/CVE-2018-17472.json +++ b/2018/17xxx/CVE-2018-17472.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-17472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : " 70.0.3538.67" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the