From 9e4f1403e05b5bc61cfaefb289eaa513428c0bde Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 21:31:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2003/1xxx/CVE-2003-1045.json | 160 +++++------ 2003/1xxx/CVE-2003-1052.json | 140 +++++----- 2003/1xxx/CVE-2003-1378.json | 150 +++++------ 2003/1xxx/CVE-2003-1445.json | 150 +++++------ 2004/0xxx/CVE-2004-0044.json | 150 +++++------ 2004/0xxx/CVE-2004-0077.json | 470 ++++++++++++++++----------------- 2004/0xxx/CVE-2004-0113.json | 270 +++++++++---------- 2004/0xxx/CVE-2004-0347.json | 170 ++++++------ 2004/0xxx/CVE-2004-0366.json | 150 +++++------ 2004/0xxx/CVE-2004-0477.json | 150 +++++------ 2004/0xxx/CVE-2004-0728.json | 130 ++++----- 2004/1xxx/CVE-2004-1012.json | 210 +++++++-------- 2004/1xxx/CVE-2004-1077.json | 140 +++++----- 2004/1xxx/CVE-2004-1135.json | 150 +++++------ 2004/1xxx/CVE-2004-1274.json | 130 ++++----- 2004/1xxx/CVE-2004-1306.json | 150 +++++------ 2004/1xxx/CVE-2004-1492.json | 150 +++++------ 2004/1xxx/CVE-2004-1817.json | 150 +++++------ 2004/1xxx/CVE-2004-1875.json | 290 ++++++++++---------- 2004/2xxx/CVE-2004-2114.json | 140 +++++----- 2004/2xxx/CVE-2004-2121.json | 150 +++++------ 2004/2xxx/CVE-2004-2144.json | 140 +++++----- 2004/2xxx/CVE-2004-2330.json | 150 +++++------ 2004/2xxx/CVE-2004-2343.json | 150 +++++------ 2004/2xxx/CVE-2004-2405.json | 140 +++++----- 2008/2xxx/CVE-2008-2072.json | 170 ++++++------ 2008/2xxx/CVE-2008-2107.json | 430 +++++++++++++++--------------- 2008/2xxx/CVE-2008-2504.json | 150 +++++------ 2008/2xxx/CVE-2008-2671.json | 170 ++++++------ 2008/2xxx/CVE-2008-2715.json | 210 +++++++-------- 2008/2xxx/CVE-2008-2792.json | 150 +++++------ 2008/2xxx/CVE-2008-2921.json | 160 +++++------ 2008/6xxx/CVE-2008-6095.json | 160 +++++------ 2008/6xxx/CVE-2008-6188.json | 160 +++++------ 2008/6xxx/CVE-2008-6240.json | 160 +++++------ 2008/6xxx/CVE-2008-6317.json | 140 +++++----- 2008/6xxx/CVE-2008-6500.json | 140 +++++----- 2008/6xxx/CVE-2008-6623.json | 160 +++++------ 2008/6xxx/CVE-2008-6816.json | 180 ++++++------- 2008/6xxx/CVE-2008-6952.json | 170 ++++++------ 2008/7xxx/CVE-2008-7108.json | 140 +++++----- 2008/7xxx/CVE-2008-7249.json | 140 +++++----- 2012/1xxx/CVE-2012-1978.json | 160 +++++------ 2012/5xxx/CVE-2012-5239.json | 34 +-- 2012/5xxx/CVE-2012-5449.json | 34 +-- 2012/5xxx/CVE-2012-5552.json | 160 +++++------ 2012/5xxx/CVE-2012-5575.json | 260 +++++++++--------- 2012/5xxx/CVE-2012-5638.json | 130 ++++----- 2012/5xxx/CVE-2012-5926.json | 34 +-- 2012/5xxx/CVE-2012-5997.json | 34 +-- 2017/11xxx/CVE-2017-11104.json | 160 +++++------ 2017/11xxx/CVE-2017-11317.json | 140 +++++----- 2017/11xxx/CVE-2017-11453.json | 34 +-- 2017/11xxx/CVE-2017-11475.json | 120 ++++----- 2017/11xxx/CVE-2017-11657.json | 120 ++++----- 2017/11xxx/CVE-2017-11705.json | 130 ++++----- 2017/11xxx/CVE-2017-11735.json | 34 +-- 2017/15xxx/CVE-2017-15241.json | 120 ++++----- 2017/15xxx/CVE-2017-15300.json | 130 ++++----- 2017/15xxx/CVE-2017-15593.json | 180 ++++++------- 2017/15xxx/CVE-2017-15653.json | 130 ++++----- 2017/15xxx/CVE-2017-15769.json | 120 ++++----- 2017/15xxx/CVE-2017-15962.json | 130 ++++----- 2017/3xxx/CVE-2017-3009.json | 130 ++++----- 2017/3xxx/CVE-2017-3037.json | 140 +++++----- 2017/3xxx/CVE-2017-3262.json | 170 ++++++------ 2017/3xxx/CVE-2017-3317.json | 242 ++++++++--------- 2017/3xxx/CVE-2017-3347.json | 180 ++++++------- 2017/8xxx/CVE-2017-8153.json | 122 ++++----- 2017/8xxx/CVE-2017-8278.json | 130 ++++----- 2017/8xxx/CVE-2017-8477.json | 150 +++++------ 2017/8xxx/CVE-2017-8513.json | 130 ++++----- 2017/8xxx/CVE-2017-8810.json | 140 +++++----- 2017/8xxx/CVE-2017-8977.json | 132 ++++----- 2017/8xxx/CVE-2017-8985.json | 122 ++++----- 2018/12xxx/CVE-2018-12008.json | 34 +-- 2018/12xxx/CVE-2018-12067.json | 120 ++++----- 2018/12xxx/CVE-2018-12107.json | 34 +-- 2018/12xxx/CVE-2018-12152.json | 132 ++++----- 2018/12xxx/CVE-2018-12425.json | 34 +-- 2018/12xxx/CVE-2018-12617.json | 170 ++++++------ 2018/12xxx/CVE-2018-12678.json | 130 ++++----- 2018/13xxx/CVE-2018-13120.json | 34 +-- 2018/13xxx/CVE-2018-13212.json | 130 ++++----- 2018/13xxx/CVE-2018-13328.json | 120 ++++----- 2018/13xxx/CVE-2018-13470.json | 130 ++++----- 2018/13xxx/CVE-2018-13509.json | 130 ++++----- 2018/13xxx/CVE-2018-13691.json | 130 ++++----- 2018/13xxx/CVE-2018-13841.json | 34 +-- 2018/16xxx/CVE-2018-16033.json | 130 ++++----- 2018/16xxx/CVE-2018-16035.json | 130 ++++----- 2018/16xxx/CVE-2018-16429.json | 150 +++++------ 2018/16xxx/CVE-2018-16483.json | 120 ++++----- 2018/16xxx/CVE-2018-16884.json | 170 ++++++------ 2018/17xxx/CVE-2018-17204.json | 160 +++++------ 2018/17xxx/CVE-2018-17317.json | 130 ++++----- 2018/17xxx/CVE-2018-17351.json | 34 +-- 2018/17xxx/CVE-2018-17575.json | 120 ++++----- 2018/17xxx/CVE-2018-17630.json | 130 ++++----- 2018/17xxx/CVE-2018-17699.json | 130 ++++----- 100 files changed, 7134 insertions(+), 7134 deletions(-) diff --git a/2003/1xxx/CVE-2003-1045.json b/2003/1xxx/CVE-2003-1045.json index ef59af7a8a5..4c005b57a27 100644 --- a/2003/1xxx/CVE-2003-1045.json +++ b/2003/1xxx/CVE-2003-1045.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user has voted on a restricted bug, which allows remote attackers to read potentially sensitive voting information by modifying the who parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031103 [BUGZILLA] Security Advisory - SQL injection, information leak", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/343185" - }, - { - "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=209376", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=209376" - }, - { - "name" : "CLA-2003:774", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774" - }, - { - "name" : "8953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8953" - }, - { - "name" : "bugzilla-obtain-information(13600)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user has voted on a restricted bug, which allows remote attackers to read potentially sensitive voting information by modifying the who parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031103 [BUGZILLA] Security Advisory - SQL injection, information leak", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/343185" + }, + { + "name": "CLA-2003:774", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774" + }, + { + "name": "bugzilla-obtain-information(13600)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13600" + }, + { + "name": "8953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8953" + }, + { + "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=209376", + "refsource": "CONFIRM", + "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=209376" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1052.json b/2003/1xxx/CVE-2003-1052.json index c7dea05209d..67f0d898497 100644 --- a/2003/1xxx/CVE-2003-1052.json +++ b/2003/1xxx/CVE-2003-1052.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030805 Slight privilege elevation from bin to root in IBM DB2 7.1 - 8.1 all binaries", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/331904" - }, - { - "name" : "8346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8346" - }, - { - "name" : "ibm-db2-gain-privileges(12826)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12826" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-db2-gain-privileges(12826)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12826" + }, + { + "name": "20030805 Slight privilege elevation from bin to root in IBM DB2 7.1 - 8.1 all binaries", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/331904" + }, + { + "name": "8346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8346" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1378.json b/2003/1xxx/CVE-2003-1378.json index ccde15f92bb..a6d57f55a94 100644 --- a/2003/1xxx/CVE-2003-1378.json +++ b/2003/1xxx/CVE-2003-1378.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1378", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030223 O UT LO OK E XPRE SS 6 .00 : broken", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/312910" - }, - { - "name" : "20030224 Re: O UT LO OK E XPRE SS 6 .00 : broken", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/312929" - }, - { - "name" : "outlook-codebase-execute-programs(11411)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11411" - }, - { - "name" : "6923", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030223 O UT LO OK E XPRE SS 6 .00 : broken", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/312910" + }, + { + "name": "outlook-codebase-execute-programs(11411)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11411" + }, + { + "name": "6923", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6923" + }, + { + "name": "20030224 Re: O UT LO OK E XPRE SS 6 .00 : broken", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/312929" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1445.json b/2003/1xxx/CVE-2003-1445.json index b4dc7ef4e2a..df5c201a819 100644 --- a/2003/1xxx/CVE-2003-1445.json +++ b/2003/1xxx/CVE-2003-1445.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Far Manager 1.70beta1 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long pathname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030211 SECURITY.NNOV: Far buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/311334" - }, - { - "name" : "6822", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6822" - }, - { - "name" : "3281", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3281" - }, - { - "name" : "far-long-path-bo(11293)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11293" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Far Manager 1.70beta1 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "far-long-path-bo(11293)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11293" + }, + { + "name": "3281", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3281" + }, + { + "name": "6822", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6822" + }, + { + "name": "20030211 SECURITY.NNOV: Far buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/311334" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0044.json b/2004/0xxx/CVE-2004-0044.json index 700e6f6635e..f1eb990fd90 100644 --- a/2004/0xxx/CVE-2004-0044.json +++ b/2004/0xxx/CVE-2004-0044.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when \"Allow Only Cisco CallManager Users\" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040108 Cisco Personal Assistant User Password Bypass Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20040108-pa.shtml" - }, - { - "name" : "9384", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9384" - }, - { - "name" : "ciscopersonalassistant-config-file-access(14172)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14172" - }, - { - "name" : "3430", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when \"Allow Only Cisco CallManager Users\" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ciscopersonalassistant-config-file-access(14172)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14172" + }, + { + "name": "20040108 Cisco Personal Assistant User Password Bypass Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040108-pa.shtml" + }, + { + "name": "3430", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3430" + }, + { + "name": "9384", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9384" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0077.json b/2004/0xxx/CVE-2004-0077.json index 58a857dcbee..624929770ec 100644 --- a/2004/0xxx/CVE-2004-0077.json +++ b/2004/0xxx/CVE-2004-0077.json @@ -1,237 +1,237 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040218 Second critical mremap() bug found in all Linux kernels", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107711762014175&w=2" - }, - { - "name" : "20040218 Second critical mremap() bug found in all Linux kernels", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0040.html" - }, - { - "name" : "http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt", - "refsource" : "MISC", - "url" : "http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt" - }, - { - "name" : "CLA-2004:820", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820" - }, - { - "name" : "DSA-438", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-438" - }, - { - "name" : "DSA-439", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-439" - }, - { - "name" : "DSA-440", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-440" - }, - { - "name" : "DSA-441", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-441" - }, - { - "name" : "DSA-442", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-442" - }, - { - "name" : "DSA-444", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-444" - }, - { - "name" : "DSA-450", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-450" - }, - { - "name" : "DSA-453", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-453" - }, - { - "name" : "DSA-454", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-454" - }, - { - "name" : "DSA-456", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-456" - }, - { - "name" : "DSA-466", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-466" - }, - { - "name" : "DSA-470", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-470" - }, - { - "name" : "DSA-514", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-514" - }, - { - "name" : "DSA-475", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-475" - }, - { - "name" : "FEDORA-2004-079", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/updates/FEDORA-2004-079.shtml" - }, - { - "name" : "MDKSA-2004:015", - "refsource" : "MANDRAKE", - "url" : "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:015" - }, - { - "name" : "RHSA-2004:065", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-065.html" - }, - { - "name" : "RHSA-2004:066", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-066.html" - }, - { - "name" : "RHSA-2004:069", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-069.html" - }, - { - "name" : "RHSA-2004:106", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-106.html" - }, - { - "name" : "SSA:2004-049", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734" - }, - { - "name" : "SuSE-SA:2004:005", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html" - }, - { - "name" : "2004-0007", - "refsource" : "TRUSTIX", - "url" : "http://marc.info/?l=bugtraq&m=107712137732553&w=2" - }, - { - "name" : "2004-0008", - "refsource" : "TRUSTIX", - "url" : "http://marc.info/?l=bugtraq&m=107755871932680&w=2" - }, - { - "name" : "GLSA-200403-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200403-02.xml" - }, - { - "name" : "VU#981222", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/981222" - }, - { - "name" : "O-082", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-082.shtml" - }, - { - "name" : "9686", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9686" - }, - { - "name" : "3986", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3986" - }, - { - "name" : "oval:org.mitre.oval:def:825", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A825" - }, - { - "name" : "oval:org.mitre.oval:def:837", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A837" - }, - { - "name" : "linux-mremap-gain-privileges(15244)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15244" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSA:2004-049", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734" + }, + { + "name": "DSA-450", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-450" + }, + { + "name": "DSA-440", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-440" + }, + { + "name": "RHSA-2004:069", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-069.html" + }, + { + "name": "O-082", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-082.shtml" + }, + { + "name": "FEDORA-2004-079", + "refsource": "FEDORA", + "url": "http://fedoranews.org/updates/FEDORA-2004-079.shtml" + }, + { + "name": "DSA-439", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-439" + }, + { + "name": "DSA-475", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-475" + }, + { + "name": "CLA-2004:820", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820" + }, + { + "name": "RHSA-2004:106", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-106.html" + }, + { + "name": "SuSE-SA:2004:005", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html" + }, + { + "name": "DSA-442", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-442" + }, + { + "name": "RHSA-2004:065", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-065.html" + }, + { + "name": "DSA-470", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-470" + }, + { + "name": "MDKSA-2004:015", + "refsource": "MANDRAKE", + "url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:015" + }, + { + "name": "9686", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9686" + }, + { + "name": "DSA-438", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-438" + }, + { + "name": "DSA-514", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-514" + }, + { + "name": "http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt", + "refsource": "MISC", + "url": "http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt" + }, + { + "name": "DSA-456", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-456" + }, + { + "name": "oval:org.mitre.oval:def:837", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A837" + }, + { + "name": "GLSA-200403-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200403-02.xml" + }, + { + "name": "DSA-441", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-441" + }, + { + "name": "20040218 Second critical mremap() bug found in all Linux kernels", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0040.html" + }, + { + "name": "DSA-454", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-454" + }, + { + "name": "linux-mremap-gain-privileges(15244)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15244" + }, + { + "name": "20040218 Second critical mremap() bug found in all Linux kernels", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107711762014175&w=2" + }, + { + "name": "DSA-444", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-444" + }, + { + "name": "RHSA-2004:066", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-066.html" + }, + { + "name": "2004-0008", + "refsource": "TRUSTIX", + "url": "http://marc.info/?l=bugtraq&m=107755871932680&w=2" + }, + { + "name": "oval:org.mitre.oval:def:825", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A825" + }, + { + "name": "DSA-453", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-453" + }, + { + "name": "3986", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3986" + }, + { + "name": "VU#981222", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/981222" + }, + { + "name": "DSA-466", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-466" + }, + { + "name": "2004-0007", + "refsource": "TRUSTIX", + "url": "http://marc.info/?l=bugtraq&m=107712137732553&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0113.json b/2004/0xxx/CVE-2004-0113.json index b7924afb0ce..2478997aee1 100644 --- a/2004/0xxx/CVE-2004-0113.json +++ b/2004/0xxx/CVE-2004-0113.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=27106", - "refsource" : "MISC", - "url" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=27106" - }, - { - "name" : "[apache-cvs] 20040307 cvs commit: httpd-2.0/modules/ssl ssl_engine_io.c", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=apache-cvs&m=107869699329638" - }, - { - "name" : "http://www.apacheweek.com/features/security-20", - "refsource" : "CONFIRM", - "url" : "http://www.apacheweek.com/features/security-20" - }, - { - "name" : "APPLE-SA-2004-05-03", - "refsource" : "APPLE", - "url" : "http://marc.info/?l=bugtraq&m=108369640424244&w=2" - }, - { - "name" : "CLSA-2004:839", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000839" - }, - { - "name" : "GLSA-200403-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200403-04.xml" - }, - { - "name" : "SSRT4717", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=108731648532365&w=2" - }, - { - "name" : "MDKSA-2004:043", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:043" - }, - { - "name" : "RHSA-2004:084", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-084.html" - }, - { - "name" : "RHSA-2004:182", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-182.html" - }, - { - "name" : "2004-0017", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2004/0017" - }, - { - "name" : "20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108034113406858&w=2" - }, - { - "name" : "apache-modssl-plain-dos(15419)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15419" - }, - { - "name" : "9826", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9826" - }, - { - "name" : "4182", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4182" - }, - { - "name" : "oval:org.mitre.oval:def:876", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2004-05-03", + "refsource": "APPLE", + "url": "http://marc.info/?l=bugtraq&m=108369640424244&w=2" + }, + { + "name": "20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108034113406858&w=2" + }, + { + "name": "SSRT4717", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=108731648532365&w=2" + }, + { + "name": "http://www.apacheweek.com/features/security-20", + "refsource": "CONFIRM", + "url": "http://www.apacheweek.com/features/security-20" + }, + { + "name": "oval:org.mitre.oval:def:876", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A876" + }, + { + "name": "RHSA-2004:182", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-182.html" + }, + { + "name": "CLSA-2004:839", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000839" + }, + { + "name": "http://issues.apache.org/bugzilla/show_bug.cgi?id=27106", + "refsource": "MISC", + "url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=27106" + }, + { + "name": "9826", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9826" + }, + { + "name": "2004-0017", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2004/0017" + }, + { + "name": "RHSA-2004:084", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-084.html" + }, + { + "name": "GLSA-200403-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200403-04.xml" + }, + { + "name": "apache-modssl-plain-dos(15419)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15419" + }, + { + "name": "MDKSA-2004:043", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:043" + }, + { + "name": "4182", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4182" + }, + { + "name": "[apache-cvs] 20040307 cvs commit: httpd-2.0/modules/ssl ssl_engine_io.c", + "refsource": "MLIST", + "url": "http://marc.info/?l=apache-cvs&m=107869699329638" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0347.json b/2004/0xxx/CVE-2004-0347.json index a1ea15b7f70..7f7c32d35b0 100644 --- a/2004/0xxx/CVE-2004-0347.json +++ b/2004/0xxx/CVE-2004-0347.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 (build 4797) allows remote authenticated users to execute arbitrary script as other users via the row parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040302 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107826362024112&w=2" - }, - { - "name" : "20040302 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018120.html" - }, - { - "name" : "20040304 NetScreen Advisory 58412: XSS Bug in NetScreen-SA SSL VPN", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107850564102190&w=2" - }, - { - "name" : "VU#114070", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/114070" - }, - { - "name" : "9791", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9791" - }, - { - "name" : "netscreen-delhomepagecgi-xss(15368)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15368" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 (build 4797) allows remote authenticated users to execute arbitrary script as other users via the row parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#114070", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/114070" + }, + { + "name": "netscreen-delhomepagecgi-xss(15368)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15368" + }, + { + "name": "20040304 NetScreen Advisory 58412: XSS Bug in NetScreen-SA SSL VPN", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107850564102190&w=2" + }, + { + "name": "9791", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9791" + }, + { + "name": "20040302 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107826362024112&w=2" + }, + { + "name": "20040302 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018120.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0366.json b/2004/0xxx/CVE-2004-0366.json index 9c2ce835be0..b6213181165 100644 --- a/2004/0xxx/CVE-2004-0366.json +++ b/2004/0xxx/CVE-2004-0366.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0366", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0366", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-469", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-469" - }, - { - "name" : "10266", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10266" - }, - { - "name" : "11237", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11237" - }, - { - "name" : "pam-pgsql-sql-injection(15651)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10266", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10266" + }, + { + "name": "11237", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11237" + }, + { + "name": "pam-pgsql-sql-injection(15651)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15651" + }, + { + "name": "DSA-469", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-469" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0477.json b/2004/0xxx/CVE-2004-0477.json index 34b8492c4d9..a6b93ee86fd 100644 --- a/2004/0xxx/CVE-2004-0477.json +++ b/2004/0xxx/CVE-2004-0477.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router allows remote attackers to bypass authentication via repeated attempts using any username and password. NOTE: this identifier was inadvertently re-used for another issue due to a typo; that issue was assigned CVE-2004-0447. This candidate is ONLY for the ADSL router bypass." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040527 iDEFENSE Security Advisory 05.27.04: 3Com OfficeConnect Remote 812 ADSL Router Authentication Bypass Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=106&type=vulnerabilities&flashstatus=false" - }, - { - "name" : "10426", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10426" - }, - { - "name" : "11716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11716" - }, - { - "name" : "3com-officeconnect-gain-access(16267)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router allows remote attackers to bypass authentication via repeated attempts using any username and password. NOTE: this identifier was inadvertently re-used for another issue due to a typo; that issue was assigned CVE-2004-0447. This candidate is ONLY for the ADSL router bypass." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040527 iDEFENSE Security Advisory 05.27.04: 3Com OfficeConnect Remote 812 ADSL Router Authentication Bypass Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=106&type=vulnerabilities&flashstatus=false" + }, + { + "name": "3com-officeconnect-gain-access(16267)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16267" + }, + { + "name": "10426", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10426" + }, + { + "name": "11716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11716" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0728.json b/2004/0xxx/CVE-2004-0728.json index 8efa2eb4cc0..b4ba0d6e64b 100644 --- a/2004/0xxx/CVE-2004-0728.json +++ b/2004/0xxx/CVE-2004-0728.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040714 [HV-MED] DoS in Microsoft SMS Client", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108983763710315&w=2" - }, - { - "name" : "sms-remote-service-dos(16696)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16696" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040714 [HV-MED] DoS in Microsoft SMS Client", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108983763710315&w=2" + }, + { + "name": "sms-remote-service-dos(16696)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16696" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1012.json b/2004/1xxx/CVE-2004-1012.json index 3552cb1d80c..52795b30349 100644 --- a/2004/1xxx/CVE-2004-1012.json +++ b/2004/1xxx/CVE-2004-1012.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command (\"body[p\") that is treated as a different command (\"body.peek\") and causes an index increment error that leads to an out-of-bounds memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110123023521619&w=2" - }, - { - "name" : "http://security.e-matters.de/advisories/152004.html", - "refsource" : "MISC", - "url" : "http://security.e-matters.de/advisories/152004.html" - }, - { - "name" : "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released", - "refsource" : "MLIST", - "url" : "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143" - }, - { - "name" : "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html", - "refsource" : "CONFIRM", - "url" : "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html" - }, - { - "name" : "DSA-597", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-597" - }, - { - "name" : "GLSA-200411-34", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200411-34.xml" - }, - { - "name" : "MDKSA-2004:139", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139" - }, - { - "name" : "USN-31-1", - "refsource" : "UBUNTU", - "url" : "https://www.ubuntu.com/usn/usn-31-1/" - }, - { - "name" : "cyrus-imap-commands-execute-code(18199)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18199" - }, - { - "name" : "13274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13274/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command (\"body[p\") that is treated as a different command (\"body.peek\") and causes an index increment error that leads to an out-of-bounds memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-597", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-597" + }, + { + "name": "cyrus-imap-commands-execute-code(18199)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18199" + }, + { + "name": "http://security.e-matters.de/advisories/152004.html", + "refsource": "MISC", + "url": "http://security.e-matters.de/advisories/152004.html" + }, + { + "name": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html", + "refsource": "CONFIRM", + "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html" + }, + { + "name": "MDKSA-2004:139", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139" + }, + { + "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110123023521619&w=2" + }, + { + "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released", + "refsource": "MLIST", + "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143" + }, + { + "name": "13274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13274/" + }, + { + "name": "GLSA-200411-34", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml" + }, + { + "name": "USN-31-1", + "refsource": "UBUNTU", + "url": "https://www.ubuntu.com/usn/usn-31-1/" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1077.json b/2004/1xxx/CVE-2004-1077.json index 5cc464dd2d4..0b40aff7657 100644 --- a/2004/1xxx/CVE-2004-1077.json +++ b/2004/1xxx/CVE-2004-1077.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and MetaFrame Presentation Server client for WinCE before 8.33 allows remote servers to create arbitrary shortcuts on the client via a full UNC path in the AppInStartmenu directive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050426 Citrix Program Neighborhood Agent Arbitrary Shortcut Creation Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=237&type=vulnerabilities" - }, - { - "name" : "http://support.citrix.com/kb/entry.jspa?externalID=CTX105650", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/kb/entry.jspa?externalID=CTX105650" - }, - { - "name" : "15108", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15108" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and MetaFrame Presentation Server client for WinCE before 8.33 allows remote servers to create arbitrary shortcuts on the client via a full UNC path in the AppInStartmenu directive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15108", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15108" + }, + { + "name": "http://support.citrix.com/kb/entry.jspa?externalID=CTX105650", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/kb/entry.jspa?externalID=CTX105650" + }, + { + "name": "20050426 Citrix Program Neighborhood Agent Arbitrary Shortcut Creation Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=237&type=vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1135.json b/2004/1xxx/CVE-2004-1135.json index 45b7af7435f..46970931ea9 100644 --- a/2004/1xxx/CVE-2004-1135.json +++ b/2004/1xxx/CVE-2004-1135.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041129 Multiple buffer overlows in WS_FTP Server Version 5.03, 2004.10.14.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110177654524819&w=2" - }, - { - "name" : "20041129 Multiple buffer overlows in WS_FTP Server Version 5.03, 2004.10.14.", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029600.html" - }, - { - "name" : "http://www.securiteam.com/exploits/6D00L2KBPG.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/exploits/6D00L2KBPG.html" - }, - { - "name" : "wsftp-ftp-commands-bo(18296)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wsftp-ftp-commands-bo(18296)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18296" + }, + { + "name": "20041129 Multiple buffer overlows in WS_FTP Server Version 5.03, 2004.10.14.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110177654524819&w=2" + }, + { + "name": "20041129 Multiple buffer overlows in WS_FTP Server Version 5.03, 2004.10.14.", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029600.html" + }, + { + "name": "http://www.securiteam.com/exploits/6D00L2KBPG.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/exploits/6D00L2KBPG.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1274.json b/2004/1xxx/CVE-2004-1274.json index 70ac95e7650..6878863e00d 100644 --- a/2004/1xxx/CVE-2004-1274.json +++ b/2004/1xxx/CVE-2004-1274.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DownloadLoop function in main.c for greed 0.81p allows remote attackers to execute arbitrary code via a GRX file containing a filename with shell metacharacters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tigger.uic.edu/~jlongs2/holes/greed.txt", - "refsource" : "MISC", - "url" : "http://tigger.uic.edu/~jlongs2/holes/greed.txt" - }, - { - "name" : "greed-downloadloop-command-execution(18634)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18634" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DownloadLoop function in main.c for greed 0.81p allows remote attackers to execute arbitrary code via a GRX file containing a filename with shell metacharacters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "greed-downloadloop-command-execution(18634)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18634" + }, + { + "name": "http://tigger.uic.edu/~jlongs2/holes/greed.txt", + "refsource": "MISC", + "url": "http://tigger.uic.edu/~jlongs2/holes/greed.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1306.json b/2004/1xxx/CVE-2004-1306.json index a2354361322..6fd3a02ce66 100644 --- a/2004/1xxx/CVE-2004-1306.json +++ b/2004/1xxx/CVE-2004-1306.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1306", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041223 Microsoft Windows winhlp32.exe Heap Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110383690219440&w=2" - }, - { - "name" : "http://www.xfocus.net/flashsky/icoExp/", - "refsource" : "MISC", - "url" : "http://www.xfocus.net/flashsky/icoExp/" - }, - { - "name" : "12092", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12092" - }, - { - "name" : "win-winhlp32-bo(18678)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18678" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12092", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12092" + }, + { + "name": "http://www.xfocus.net/flashsky/icoExp/", + "refsource": "MISC", + "url": "http://www.xfocus.net/flashsky/icoExp/" + }, + { + "name": "20041223 Microsoft Windows winhlp32.exe Heap Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110383690219440&w=2" + }, + { + "name": "win-winhlp32-bo(18678)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18678" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1492.json b/2004/1xxx/CVE-2004-1492.json index 083d95fa7d2..0f1f18297e0 100644 --- a/2004/1xxx/CVE-2004-1492.json +++ b/2004/1xxx/CVE-2004-1492.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Master of Orion III 1.2.5 and earlier allows remote attackers to cause a denial of service (game exit) via a data packet that contains a large size specifier, which causes a large memory allocation to fail." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041027 Crashs in Master of Orion III 1.2.5", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109889705116038&w=2" - }, - { - "name" : "11550", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11550" - }, - { - "name" : "13008", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13008" - }, - { - "name" : "master-of-orion-size-dos(17908)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17908" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Master of Orion III 1.2.5 and earlier allows remote attackers to cause a denial of service (game exit) via a data packet that contains a large size specifier, which causes a large memory allocation to fail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041027 Crashs in Master of Orion III 1.2.5", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109889705116038&w=2" + }, + { + "name": "11550", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11550" + }, + { + "name": "13008", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13008" + }, + { + "name": "master-of-orion-size-dos(17908)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17908" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1817.json b/2004/1xxx/CVE-2004-1817.json index 476b3fdc7a2..b39eeff0a1a 100644 --- a/2004/1xxx/CVE-2004-1817.json +++ b/2004/1xxx/CVE-2004-1817.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040315 [waraxe-2004-SA#005 - XSS in Php-Nuke 7.1.0 - part 2]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107937752811633&w=2" - }, - { - "name" : "9879", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9879" - }, - { - "name" : "11135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11135" - }, - { - "name" : "phpnuke-multiple-parameters-xss(15491)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15491" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040315 [waraxe-2004-SA#005 - XSS in Php-Nuke 7.1.0 - part 2]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107937752811633&w=2" + }, + { + "name": "phpnuke-multiple-parameters-xss(15491)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15491" + }, + { + "name": "11135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11135" + }, + { + "name": "9879", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9879" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1875.json b/2004/1xxx/CVE-2004-1875.json index 9757bdbfd72..f007268923b 100644 --- a/2004/1xxx/CVE-2004-1875.json +++ b/2004/1xxx/CVE-2004-1875.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1875", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1875", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040330 Exensive cPanel Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108066561608676&w=2" - }, - { - "name" : "http://www.cirt.net/advisories/cpanel_xss.shtml", - "refsource" : "MISC", - "url" : "http://www.cirt.net/advisories/cpanel_xss.shtml" - }, - { - "name" : "http://www.aria-security.com/forum/showthread.php?t=30", - "refsource" : "MISC", - "url" : "http://www.aria-security.com/forum/showthread.php?t=30" - }, - { - "name" : "10002", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10002" - }, - { - "name" : "21142", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/21142" - }, - { - "name" : "ADV-2006-4658", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/4658" - }, - { - "name" : "4208", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4208" - }, - { - "name" : "4209", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4209" - }, - { - "name" : "4210", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4210" - }, - { - "name" : "4211", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4211" - }, - { - "name" : "4212", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4212" - }, - { - "name" : "4213", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4213" - }, - { - "name" : "4214", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4214" - }, - { - "name" : "4215", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4215" - }, - { - "name" : "4243", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4243" - }, - { - "name" : "11244", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11244" - }, - { - "name" : "22984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22984" - }, - { - "name" : "cpanel-multiple-scripts-xss(15671)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4243", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4243" + }, + { + "name": "20040330 Exensive cPanel Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108066561608676&w=2" + }, + { + "name": "21142", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/21142" + }, + { + "name": "11244", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11244" + }, + { + "name": "4215", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4215" + }, + { + "name": "http://www.cirt.net/advisories/cpanel_xss.shtml", + "refsource": "MISC", + "url": "http://www.cirt.net/advisories/cpanel_xss.shtml" + }, + { + "name": "4210", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4210" + }, + { + "name": "cpanel-multiple-scripts-xss(15671)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15671" + }, + { + "name": "22984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22984" + }, + { + "name": "4211", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4211" + }, + { + "name": "ADV-2006-4658", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/4658" + }, + { + "name": "10002", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10002" + }, + { + "name": "4212", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4212" + }, + { + "name": "4208", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4208" + }, + { + "name": "4213", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4213" + }, + { + "name": "4214", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4214" + }, + { + "name": "4209", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4209" + }, + { + "name": "http://www.aria-security.com/forum/showthread.php?t=30", + "refsource": "MISC", + "url": "http://www.aria-security.com/forum/showthread.php?t=30" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2114.json b/2004/2xxx/CVE-2004-2114.json index e67f9bb9df8..cc1a4e9d259 100644 --- a/2004/2xxx/CVE-2004-2114.json +++ b/2004/2xxx/CVE-2004-2114.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2114", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and earlier allow remote attackers to execute arbitrary code via a GET request with a long ftp:// URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040126 ProxyNow! 2.x Multiple Overflow Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107515550931508&w=2" - }, - { - "name" : "9500", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9500" - }, - { - "name" : "proxynow-get-bo(14955)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14955" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and earlier allow remote attackers to execute arbitrary code via a GET request with a long ftp:// URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "proxynow-get-bo(14955)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14955" + }, + { + "name": "20040126 ProxyNow! 2.x Multiple Overflow Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107515550931508&w=2" + }, + { + "name": "9500", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9500" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2121.json b/2004/2xxx/CVE-2004-2121.json index 2201f1d8901..97daaacd797 100644 --- a/2004/2xxx/CVE-2004-2121.json +++ b/2004/2xxx/CVE-2004-2121.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2121", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Borland Web Server (BWS) 1.0b3 and earlier allow remote attackers to read and download arbitrary files via (1) multi-dot \"......\" sequences, or (2) \"%5c%2e%2e\" (encoded \"\\..\") sequences, in the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2121", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040124 BWS v1.0b3 Directory Transversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107497413413907&w=2" - }, - { - "name" : "9486", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9486" - }, - { - "name" : "1008840", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008840" - }, - { - "name" : "bws-directory-traversal(14948)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14948" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Borland Web Server (BWS) 1.0b3 and earlier allow remote attackers to read and download arbitrary files via (1) multi-dot \"......\" sequences, or (2) \"%5c%2e%2e\" (encoded \"\\..\") sequences, in the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9486", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9486" + }, + { + "name": "1008840", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008840" + }, + { + "name": "bws-directory-traversal(14948)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14948" + }, + { + "name": "20040124 BWS v1.0b3 Directory Transversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107497413413907&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2144.json b/2004/2xxx/CVE-2004-2144.json index 3777b3ba684..324dcc65e34 100644 --- a/2004/2xxx/CVE-2004-2144.json +++ b/2004/2xxx/CVE-2004-2144.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system access via a direct request to regadmin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1011416", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011416" - }, - { - "name" : "12649", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12649/" - }, - { - "name" : "baal-admin-password-modify(17499)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system access via a direct request to regadmin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "baal-admin-password-modify(17499)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17499" + }, + { + "name": "12649", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12649/" + }, + { + "name": "1011416", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011416" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2330.json b/2004/2xxx/CVE-2004-2330.json index 29e64efe8d9..c3301e8678e 100644 --- a/2004/2xxx/CVE-2004-2330.json +++ b/2004/2xxx/CVE-2004-2330.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2330", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.macromedia.com/devnet/security/security_zone/mpsb04-02.html", - "refsource" : "CONFIRM", - "url" : "http://www.macromedia.com/devnet/security/security_zone/mpsb04-02.html" - }, - { - "name" : "9522", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9522" - }, - { - "name" : "10743", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10743/" - }, - { - "name" : "coldfusion-mx-request-dos(14983)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14983" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-02.html", + "refsource": "CONFIRM", + "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-02.html" + }, + { + "name": "9522", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9522" + }, + { + "name": "coldfusion-mx-request-dos(14983)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14983" + }, + { + "name": "10743", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10743/" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2343.json b/2004/2xxx/CVE-2004-2343.json index f52fc1fba8c..fec7897c62d 100644 --- a/2004/2xxx/CVE-2004-2343.json +++ b/2004/2xxx/CVE-2004-2343.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040131 BUG IN APACHE HTTPD SERVER (current version 2.0.47)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-02/0043.html" - }, - { - "name" : "20040202 Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-02/0064.html" - }, - { - "name" : "20040204 Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-02/0120.html" - }, - { - "name" : "apache-httpd-bypass-restriction(15015)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15015" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040202 Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-02/0064.html" + }, + { + "name": "20040204 Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-02/0120.html" + }, + { + "name": "apache-httpd-bypass-restriction(15015)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15015" + }, + { + "name": "20040131 BUG IN APACHE HTTPD SERVER (current version 2.0.47)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-02/0043.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2405.json b/2004/2xxx/CVE-2004-2405.json index cca1eab3600..58f887fa856 100644 --- a/2004/2xxx/CVE-2004-2405.json +++ b/2004/2xxx/CVE-2004-2405.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and earlier, allows remote attackers to bypass scanning or cause a denial of service (crash or module restart), depending on the product, via a malformed LHA archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.f-secure.com/security/fsc-2004-1.shtml", - "refsource" : "CONFIRM", - "url" : "http://www.f-secure.com/security/fsc-2004-1.shtml" - }, - { - "name" : "11712", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11712" - }, - { - "name" : "fsecure-lha-archive-bo(16258)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16258" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and earlier, allows remote attackers to bypass scanning or cause a denial of service (crash or module restart), depending on the product, via a malformed LHA archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.f-secure.com/security/fsc-2004-1.shtml", + "refsource": "CONFIRM", + "url": "http://www.f-secure.com/security/fsc-2004-1.shtml" + }, + { + "name": "11712", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11712" + }, + { + "name": "fsecure-lha-archive-bo(16258)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16258" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2072.json b/2008/2xxx/CVE-2008-2072.json index 5db1b3a3a57..70a4c3bd135 100644 --- a/2008/2xxx/CVE-2008-2072.json +++ b/2008/2xxx/CVE-2008-2072.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Virtual Design Studio vlbook 1.21 allows remote attackers to inject arbitrary web script or HTML via the l parameter, a different vector than CVE-2006-3260." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080501 vlBook 1.21 (ALL VERSION)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491519/100/0/threaded" - }, - { - "name" : "5529", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5529" - }, - { - "name" : "29006", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29006" - }, - { - "name" : "30046", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30046" - }, - { - "name" : "3854", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3854" - }, - { - "name" : "vlbook-l-xss(42126)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Virtual Design Studio vlbook 1.21 allows remote attackers to inject arbitrary web script or HTML via the l parameter, a different vector than CVE-2006-3260." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3854", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3854" + }, + { + "name": "20080501 vlBook 1.21 (ALL VERSION)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491519/100/0/threaded" + }, + { + "name": "30046", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30046" + }, + { + "name": "5529", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5529" + }, + { + "name": "29006", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29006" + }, + { + "name": "vlbook-l-xss(42126)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42126" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2107.json b/2008/2xxx/CVE-2008-2107.json index 3aad21bdc55..9cb909d0f66 100644 --- a/2008/2xxx/CVE-2008-2107.json +++ b/2008/2xxx/CVE-2008-2107.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2107", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080506 Advisory SE-2008-02: PHP GENERATE_SEED() Weak Random Number Seed Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491683/100/0/threaded" - }, - { - "name" : "20080506 Advisory SE-2008-02: PHP GENERATE_SEED() Weak Random Number Seed Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html" - }, - { - "name" : "http://www.sektioneins.de/advisories/SE-2008-02.txt", - "refsource" : "MISC", - "url" : "http://www.sektioneins.de/advisories/SE-2008-02.txt" - }, - { - "name" : "DSA-1789", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1789" - }, - { - "name" : "FEDORA-2008-3606", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html" - }, - { - "name" : "FEDORA-2008-3864", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html" - }, - { - "name" : "GLSA-200811-05", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200811-05.xml" - }, - { - "name" : "MDVSA-2008:125", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:125" - }, - { - "name" : "MDVSA-2008:126", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:126" - }, - { - "name" : "MDVSA-2008:127", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:127" - }, - { - "name" : "MDVSA-2008:128", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:128" - }, - { - "name" : "MDVSA-2008:129", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:129" - }, - { - "name" : "MDVSA-2008:130", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:130" - }, - { - "name" : "RHSA-2008:0505", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0505.html" - }, - { - "name" : "RHSA-2008:0544", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0544.html" - }, - { - "name" : "RHSA-2008:0545", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0545.html" - }, - { - "name" : "RHSA-2008:0546", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0546.html" - }, - { - "name" : "RHSA-2008:0582", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0582.html" - }, - { - "name" : "SUSE-SR:2008:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html" - }, - { - "name" : "USN-628-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-628-1" - }, - { - "name" : "oval:org.mitre.oval:def:10644", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10644" - }, - { - "name" : "30757", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30757" - }, - { - "name" : "30828", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30828" - }, - { - "name" : "30967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30967" - }, - { - "name" : "31119", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31119" - }, - { - "name" : "31124", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31124" - }, - { - "name" : "31200", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31200" - }, - { - "name" : "35003", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35003" - }, - { - "name" : "32746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32746" - }, - { - "name" : "3859", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3859" - }, - { - "name" : "php-generateseed-weak-security(42226)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42226" - }, - { - "name" : "php-generateseed-security-bypass(42284)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42284" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2008-3606", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html" + }, + { + "name": "32746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32746" + }, + { + "name": "20080506 Advisory SE-2008-02: PHP GENERATE_SEED() Weak Random Number Seed Vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html" + }, + { + "name": "GLSA-200811-05", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200811-05.xml" + }, + { + "name": "RHSA-2008:0546", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html" + }, + { + "name": "FEDORA-2008-3864", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html" + }, + { + "name": "30828", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30828" + }, + { + "name": "MDVSA-2008:128", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:128" + }, + { + "name": "3859", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3859" + }, + { + "name": "RHSA-2008:0582", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0582.html" + }, + { + "name": "USN-628-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-628-1" + }, + { + "name": "RHSA-2008:0545", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0545.html" + }, + { + "name": "php-generateseed-weak-security(42226)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42226" + }, + { + "name": "31124", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31124" + }, + { + "name": "30967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30967" + }, + { + "name": "31119", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31119" + }, + { + "name": "MDVSA-2008:129", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:129" + }, + { + "name": "31200", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31200" + }, + { + "name": "30757", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30757" + }, + { + "name": "RHSA-2008:0544", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0544.html" + }, + { + "name": "SUSE-SR:2008:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html" + }, + { + "name": "35003", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35003" + }, + { + "name": "MDVSA-2008:125", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:125" + }, + { + "name": "RHSA-2008:0505", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0505.html" + }, + { + "name": "MDVSA-2008:130", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:130" + }, + { + "name": "MDVSA-2008:126", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:126" + }, + { + "name": "20080506 Advisory SE-2008-02: PHP GENERATE_SEED() Weak Random Number Seed Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491683/100/0/threaded" + }, + { + "name": "php-generateseed-security-bypass(42284)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42284" + }, + { + "name": "MDVSA-2008:127", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:127" + }, + { + "name": "http://www.sektioneins.de/advisories/SE-2008-02.txt", + "refsource": "MISC", + "url": "http://www.sektioneins.de/advisories/SE-2008-02.txt" + }, + { + "name": "oval:org.mitre.oval:def:10644", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10644" + }, + { + "name": "DSA-1789", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1789" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2504.json b/2008/2xxx/CVE-2008-2504.json index 4de09917b5c..c5417e34171 100644 --- a/2008/2xxx/CVE-2008-2504.json +++ b/2008/2xxx/CVE-2008-2504.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Simpel Side Netbutik 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to netbutik.php and the (2) id parameter to product.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5665", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5665" - }, - { - "name" : "29333", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29333" - }, - { - "name" : "ADV-2008-1658", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1658" - }, - { - "name" : "netbutik-netbutik-product-sql-injection(42572)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42572" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Simpel Side Netbutik 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to netbutik.php and the (2) id parameter to product.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "netbutik-netbutik-product-sql-injection(42572)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42572" + }, + { + "name": "ADV-2008-1658", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1658" + }, + { + "name": "29333", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29333" + }, + { + "name": "5665", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5665" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2671.json b/2008/2xxx/CVE-2008-2671.json index 6214c7ec5cd..baa168eaa79 100644 --- a/2008/2xxx/CVE-2008-2671.json +++ b/2008/2xxx/CVE-2008-2671.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080610 [web-app] DCFM Blog 0.9.4 (comments) Remote SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493220/100/0/threaded" - }, - { - "name" : "5772", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5772" - }, - { - "name" : "http://chroot.org/exploits/chroot_uu_008", - "refsource" : "MISC", - "url" : "http://chroot.org/exploits/chroot_uu_008" - }, - { - "name" : "29627", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29627" - }, - { - "name" : "3939", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3939" - }, - { - "name" : "dcfmblog-comments-sql-injection(42976)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3939", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3939" + }, + { + "name": "5772", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5772" + }, + { + "name": "20080610 [web-app] DCFM Blog 0.9.4 (comments) Remote SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493220/100/0/threaded" + }, + { + "name": "http://chroot.org/exploits/chroot_uu_008", + "refsource": "MISC", + "url": "http://chroot.org/exploits/chroot_uu_008" + }, + { + "name": "dcfmblog-comments-sql-injection(42976)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42976" + }, + { + "name": "29627", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29627" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2715.json b/2008/2xxx/CVE-2008-2715.json index 25cf4478e5d..95a9b503129 100644 --- a/2008/2xxx/CVE-2008-2715.json +++ b/2008/2xxx/CVE-2008-2715.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2715", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2715", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/linux/950/#security", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/linux/950/#security" - }, - { - "name" : "http://www.opera.com/docs/changelogs/windows/950/#security", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/windows/950/#security" - }, - { - "name" : "http://www.opera.com/support/search/view/883/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/search/view/883/" - }, - { - "name" : "SUSE-SA:2008:029", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00005.html" - }, - { - "name" : "29684", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29684" - }, - { - "name" : "ADV-2008-1812", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1812" - }, - { - "name" : "1020291", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020291" - }, - { - "name" : "30636", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30636" - }, - { - "name" : "30682", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30682" - }, - { - "name" : "opera-html-canvas-info-disclosure(43032)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43032" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29684", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29684" + }, + { + "name": "ADV-2008-1812", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1812" + }, + { + "name": "http://www.opera.com/docs/changelogs/windows/950/#security", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/windows/950/#security" + }, + { + "name": "http://www.opera.com/support/search/view/883/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/search/view/883/" + }, + { + "name": "SUSE-SA:2008:029", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00005.html" + }, + { + "name": "opera-html-canvas-info-disclosure(43032)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43032" + }, + { + "name": "http://www.opera.com/docs/changelogs/linux/950/#security", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/linux/950/#security" + }, + { + "name": "1020291", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020291" + }, + { + "name": "30682", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30682" + }, + { + "name": "30636", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30636" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2792.json b/2008/2xxx/CVE-2008-2792.json index b8330322828..3dcb4886d87 100644 --- a/2008/2xxx/CVE-2008-2792.json +++ b/2008/2xxx/CVE-2008-2792.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in eroCMS 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the site parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5846", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5846" - }, - { - "name" : "29781", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29781" - }, - { - "name" : "30723", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30723" - }, - { - "name" : "erocms-index-sql-injection(43157)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in eroCMS 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the site parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29781", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29781" + }, + { + "name": "5846", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5846" + }, + { + "name": "30723", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30723" + }, + { + "name": "erocms-index-sql-injection(43157)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43157" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2921.json b/2008/2xxx/CVE-2008-2921.json index 99fe77c6ae4..e17ace2d755 100644 --- a/2008/2xxx/CVE-2008-2921.json +++ b/2008/2xxx/CVE-2008-2921.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in EZTechhelp EZCMS 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5819", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5819" - }, - { - "name" : "http://ezcms.eztechhelp.com/index.php?page=3&nid=27", - "refsource" : "CONFIRM", - "url" : "http://ezcms.eztechhelp.com/index.php?page=3&nid=27" - }, - { - "name" : "29737", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29737" - }, - { - "name" : "30674", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30674" - }, - { - "name" : "ezcms-page-sql-injection(43086)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in EZTechhelp EZCMS 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30674", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30674" + }, + { + "name": "29737", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29737" + }, + { + "name": "http://ezcms.eztechhelp.com/index.php?page=3&nid=27", + "refsource": "CONFIRM", + "url": "http://ezcms.eztechhelp.com/index.php?page=3&nid=27" + }, + { + "name": "ezcms-page-sql-injection(43086)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43086" + }, + { + "name": "5819", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5819" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6095.json b/2008/6xxx/CVE-2008-6095.json index 3df1a9591f5..93b923081cc 100644 --- a/2008/6xxx/CVE-2008-6095.json +++ b/2008/6xxx/CVE-2008-6095.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.opennms.org/show_bug.cgi?id=2760", - "refsource" : "MISC", - "url" : "http://bugzilla.opennms.org/show_bug.cgi?id=2760" - }, - { - "name" : "http://www.opennms.org/documentation/ReleaseNotesUnStable.html", - "refsource" : "CONFIRM", - "url" : "http://www.opennms.org/documentation/ReleaseNotesUnStable.html" - }, - { - "name" : "31539", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31539" - }, - { - "name" : "32101", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32101" - }, - { - "name" : "opennms-viewname-xss(45616)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.opennms.org/show_bug.cgi?id=2760", + "refsource": "MISC", + "url": "http://bugzilla.opennms.org/show_bug.cgi?id=2760" + }, + { + "name": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html", + "refsource": "CONFIRM", + "url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html" + }, + { + "name": "opennms-viewname-xss(45616)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616" + }, + { + "name": "31539", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31539" + }, + { + "name": "32101", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32101" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6188.json b/2008/6xxx/CVE-2008-6188.json index b21289c5076..bb13be333d4 100644 --- a/2008/6xxx/CVE-2008-6188.json +++ b/2008/6xxx/CVE-2008-6188.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6188", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6188", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6708", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6708" - }, - { - "name" : "http://gforge.org/tracker/index.php?func=detail&aid=5554&group_id=1&atid=105", - "refsource" : "CONFIRM", - "url" : "http://gforge.org/tracker/index.php?func=detail&aid=5554&group_id=1&atid=105" - }, - { - "name" : "31674", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31674" - }, - { - "name" : "32217", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32217" - }, - { - "name" : "gforge-skilledit-sql-injection(48851)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://gforge.org/tracker/index.php?func=detail&aid=5554&group_id=1&atid=105", + "refsource": "CONFIRM", + "url": "http://gforge.org/tracker/index.php?func=detail&aid=5554&group_id=1&atid=105" + }, + { + "name": "32217", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32217" + }, + { + "name": "gforge-skilledit-sql-injection(48851)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48851" + }, + { + "name": "31674", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31674" + }, + { + "name": "6708", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6708" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6240.json b/2008/6xxx/CVE-2008-6240.json index 3f256709b03..26cd0e35959 100644 --- a/2008/6xxx/CVE-2008-6240.json +++ b/2008/6xxx/CVE-2008-6240.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in data/views/index.html in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to inject arbitrary web script or HTML via the catalogid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://holisticinfosec.org/content/view/95/45/", - "refsource" : "MISC", - "url" : "http://holisticinfosec.org/content/view/95/45/" - }, - { - "name" : "33063", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33063" - }, - { - "name" : "51028", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/51028" - }, - { - "name" : "33296", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33296" - }, - { - "name" : "openeditdam-catalogid-xss(47692)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47692" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in data/views/index.html in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to inject arbitrary web script or HTML via the catalogid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33296", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33296" + }, + { + "name": "33063", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33063" + }, + { + "name": "http://holisticinfosec.org/content/view/95/45/", + "refsource": "MISC", + "url": "http://holisticinfosec.org/content/view/95/45/" + }, + { + "name": "51028", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/51028" + }, + { + "name": "openeditdam-catalogid-xss(47692)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47692" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6317.json b/2008/6xxx/CVE-2008-6317.json index b6ff6ed21d0..b379c0d9853 100644 --- a/2008/6xxx/CVE-2008-6317.json +++ b/2008/6xxx/CVE-2008-6317.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf[lang] parameter, a different issue than CVE-2008-6318. NOTE: this might be the same issue as CVE-2008-6316." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7399", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7399" - }, - { - "name" : "32723", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32723" - }, - { - "name" : "phpmygallery-commontpl-file-include(47171)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47171" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf[lang] parameter, a different issue than CVE-2008-6318. NOTE: this might be the same issue as CVE-2008-6316." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpmygallery-commontpl-file-include(47171)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47171" + }, + { + "name": "32723", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32723" + }, + { + "name": "7399", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7399" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6500.json b/2008/6xxx/CVE-2008-6500.json index 5b04946c2e6..eefbb9960c7 100644 --- a/2008/6xxx/CVE-2008-6500.json +++ b/2008/6xxx/CVE-2008-6500.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6500", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart Script allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6500", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0812-exploits/aspshoppingcart-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0812-exploits/aspshoppingcart-xss.txt" - }, - { - "name" : "32568", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32568" - }, - { - "name" : "aspshoppingcartscript-unspecified-xss(47003)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart Script allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aspshoppingcartscript-unspecified-xss(47003)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47003" + }, + { + "name": "32568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32568" + }, + { + "name": "http://packetstormsecurity.org/0812-exploits/aspshoppingcart-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0812-exploits/aspshoppingcart-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6623.json b/2008/6xxx/CVE-2008-6623.json index caf64ccf68e..dabc2058ccb 100644 --- a/2008/6xxx/CVE-2008-6623.json +++ b/2008/6xxx/CVE-2008-6623.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6623", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in getin.php in WEBBDOMAIN Post Card (aka Web Postcards) 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6989", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6989" - }, - { - "name" : "32108", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32108" - }, - { - "name" : "49824", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49824" - }, - { - "name" : "32494", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32494" - }, - { - "name" : "postcard-getin-sql-injection(46359)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46359" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in getin.php in WEBBDOMAIN Post Card (aka Web Postcards) 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32108", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32108" + }, + { + "name": "32494", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32494" + }, + { + "name": "6989", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6989" + }, + { + "name": "49824", + "refsource": "OSVDB", + "url": "http://osvdb.org/49824" + }, + { + "name": "postcard-getin-sql-injection(46359)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46359" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6816.json b/2008/6xxx/CVE-2008-6816.json index 86066d2142c..0069c2cfbd0 100644 --- a/2008/6xxx/CVE-2008-6816.json +++ b/2008/6xxx/CVE-2008-6816.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081027 n.runs-SA-2008.009 - Eaton MGE OPS Network Shutdown Module - authentication bypass vulnerability and remote code execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497824/100/100/threaded" - }, - { - "name" : "http://www.nruns.com/security_advisory_eaton_mge_ops_network_shutdown_module_authentication_bypass.php", - "refsource" : "MISC", - "url" : "http://www.nruns.com/security_advisory_eaton_mge_ops_network_shutdown_module_authentication_bypass.php" - }, - { - "name" : "http://download.mgeops.com/install/win32/nsm/release_note_nsm_320.txt", - "refsource" : "CONFIRM", - "url" : "http://download.mgeops.com/install/win32/nsm/release_note_nsm_320.txt" - }, - { - "name" : "31933", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31933" - }, - { - "name" : "50051", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50051" - }, - { - "name" : "32456", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32456" - }, - { - "name" : "mge-paneactionbutton-code-execution(46131)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.nruns.com/security_advisory_eaton_mge_ops_network_shutdown_module_authentication_bypass.php", + "refsource": "MISC", + "url": "http://www.nruns.com/security_advisory_eaton_mge_ops_network_shutdown_module_authentication_bypass.php" + }, + { + "name": "mge-paneactionbutton-code-execution(46131)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46131" + }, + { + "name": "http://download.mgeops.com/install/win32/nsm/release_note_nsm_320.txt", + "refsource": "CONFIRM", + "url": "http://download.mgeops.com/install/win32/nsm/release_note_nsm_320.txt" + }, + { + "name": "20081027 n.runs-SA-2008.009 - Eaton MGE OPS Network Shutdown Module - authentication bypass vulnerability and remote code execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497824/100/100/threaded" + }, + { + "name": "31933", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31933" + }, + { + "name": "32456", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32456" + }, + { + "name": "50051", + "refsource": "OSVDB", + "url": "http://osvdb.org/50051" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6952.json b/2008/6xxx/CVE-2008-6952.json index 787a91f03e8..2b805f2058a 100644 --- a/2008/6xxx/CVE-2008-6952.json +++ b/2008/6xxx/CVE-2008-6952.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7162", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7162" - }, - { - "name" : "32364", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32364" - }, - { - "name" : "49963", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49963" - }, - { - "name" : "32787", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32787" - }, - { - "name" : "ADV-2008-3216", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3216" - }, - { - "name" : "maurycms-rss-sql-injection(46738)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46738" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7162", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7162" + }, + { + "name": "maurycms-rss-sql-injection(46738)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46738" + }, + { + "name": "32364", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32364" + }, + { + "name": "32787", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32787" + }, + { + "name": "ADV-2008-3216", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3216" + }, + { + "name": "49963", + "refsource": "OSVDB", + "url": "http://osvdb.org/49963" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7108.json b/2008/7xxx/CVE-2008-7108.json index a8140cf1406..493c75379ed 100644 --- a/2008/7xxx/CVE-2008-7108.json +++ b/2008/7xxx/CVE-2008-7108.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Carmosa phpCart 3.4 through 4.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) quantity or (2) Add Engraving fields to the default URI; (3) Quantity field to phpcart.php; (4) Name, (5) Company, (6) Address, (7) City, and (8) Province/State fields in a checkout action to phpcart.php; and other unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080828 XSS and Data Manipulation attacks found in CMS PHPCart.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495806/100/0/threaded" - }, - { - "name" : "30884", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30884" - }, - { - "name" : "phpcart-phpcart-xss(44760)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44760" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Carmosa phpCart 3.4 through 4.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) quantity or (2) Add Engraving fields to the default URI; (3) Quantity field to phpcart.php; (4) Name, (5) Company, (6) Address, (7) City, and (8) Province/State fields in a checkout action to phpcart.php; and other unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080828 XSS and Data Manipulation attacks found in CMS PHPCart.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495806/100/0/threaded" + }, + { + "name": "phpcart-phpcart-xss(44760)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44760" + }, + { + "name": "30884", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30884" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7249.json b/2008/7xxx/CVE-2008-7249.json index 1728f4a927a..32c2aadb8be 100644 --- a/2008/7xxx/CVE-2008-7249.json +++ b/2008/7xxx/CVE-2008-7249.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080302 Squid Analysis Report Generator <= 2.2.3.1 buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/489018/100/0/threaded" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=581212", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=581212" - }, - { - "name" : "ADV-2008-0749", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=581212", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=581212" + }, + { + "name": "ADV-2008-0749", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0749" + }, + { + "name": "20080302 Squid Analysis Report Generator <= 2.2.3.1 buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/489018/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1978.json b/2012/1xxx/CVE-2012-1978.json index 0db9f9ac8d1..109c87b9ac2 100644 --- a/2012/1xxx/CVE-2012-1978.json +++ b/2012/1xxx/CVE-2012-1978.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admin/adminprocess.php, (3) add an event via a request to engine/new_event.php, or (4) delete an event via a request to phpagenda/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/111408/Simple-PHP-Agenda-2.2.8-Cross-Site-Request-Forgery.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/111408/Simple-PHP-Agenda-2.2.8-Cross-Site-Request-Forgery.html" - }, - { - "name" : "http://www.webapp-security.com/2012/03/simple-php-agenda/", - "refsource" : "MISC", - "url" : "http://www.webapp-security.com/2012/03/simple-php-agenda/" - }, - { - "name" : "http://www.webapp-security.com/wp-content/uploads/2012/03/Simple-PHP-Agenda-2.2.8-Multiple-CSRF-Add-Admin-Add-Event4.txt", - "refsource" : "MISC", - "url" : "http://www.webapp-security.com/wp-content/uploads/2012/03/Simple-PHP-Agenda-2.2.8-Multiple-CSRF-Add-Admin-Add-Event4.txt" - }, - { - "name" : "74778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/74778" - }, - { - "name" : "80793", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admin/adminprocess.php, (3) add an event via a request to engine/new_event.php, or (4) delete an event via a request to phpagenda/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.webapp-security.com/2012/03/simple-php-agenda/", + "refsource": "MISC", + "url": "http://www.webapp-security.com/2012/03/simple-php-agenda/" + }, + { + "name": "http://packetstormsecurity.com/files/111408/Simple-PHP-Agenda-2.2.8-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/111408/Simple-PHP-Agenda-2.2.8-Cross-Site-Request-Forgery.html" + }, + { + "name": "http://www.webapp-security.com/wp-content/uploads/2012/03/Simple-PHP-Agenda-2.2.8-Multiple-CSRF-Add-Admin-Add-Event4.txt", + "refsource": "MISC", + "url": "http://www.webapp-security.com/wp-content/uploads/2012/03/Simple-PHP-Agenda-2.2.8-Multiple-CSRF-Add-Admin-Add-Event4.txt" + }, + { + "name": "74778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/74778" + }, + { + "name": "80793", + "refsource": "OSVDB", + "url": "http://osvdb.org/80793" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5239.json b/2012/5xxx/CVE-2012-5239.json index 62e8fa2a52d..f4b93256ef9 100644 --- a/2012/5xxx/CVE-2012-5239.json +++ b/2012/5xxx/CVE-2012-5239.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5239", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3548. Reason: This candidate is a reservation duplicate of CVE-2012-3548. Notes: All CVE users should reference CVE-2012-3548 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-5239", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3548. Reason: This candidate is a reservation duplicate of CVE-2012-3548. Notes: All CVE users should reference CVE-2012-3548 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5449.json b/2012/5xxx/CVE-2012-5449.json index 44c5aa41dd9..5e38b4fa86a 100644 --- a/2012/5xxx/CVE-2012-5449.json +++ b/2012/5xxx/CVE-2012-5449.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5449", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5449", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5552.json b/2012/5xxx/CVE-2012-5552.json index afc79240896..26440d2925b 100644 --- a/2012/5xxx/CVE-2012-5552.json +++ b/2012/5xxx/CVE-2012-5552.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to \"client-side password history checks.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/20/4" - }, - { - "name" : "http://drupal.org/node/1828340", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1828340" - }, - { - "name" : "http://drupal.org/node/1828130", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1828130" - }, - { - "name" : "http://drupal.org/node/1828142", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1828142" - }, - { - "name" : "56350", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to \"client-side password history checks.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56350", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56350" + }, + { + "name": "http://drupal.org/node/1828130", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1828130" + }, + { + "name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4" + }, + { + "name": "http://drupal.org/node/1828340", + "refsource": "MISC", + "url": "http://drupal.org/node/1828340" + }, + { + "name": "http://drupal.org/node/1828142", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1828142" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5575.json b/2012/5xxx/CVE-2012-5575.json index 4e9cc04ae46..5cdd78cec45 100644 --- a/2012/5xxx/CVE-2012-5575.json +++ b/2012/5xxx/CVE-2012-5575.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka \"XML Encryption backwards compatibility attack.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/", - "refsource" : "MISC", - "url" : "http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/" - }, - { - "name" : "http://cxf.apache.org/cve-2012-5575.html", - "refsource" : "CONFIRM", - "url" : "http://cxf.apache.org/cve-2012-5575.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=880443", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=880443" - }, - { - "name" : "RHSA-2013:0873", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0873.html" - }, - { - "name" : "RHSA-2013:0874", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0874.html" - }, - { - "name" : "RHSA-2013:0876", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0876.html" - }, - { - "name" : "RHSA-2013:0943", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0943.html" - }, - { - "name" : "RHSA-2013:1143", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1143.html" - }, - { - "name" : "RHSA-2013:1028", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1028.html" - }, - { - "name" : "RHSA-2013:0875", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0875.html" - }, - { - "name" : "RHSA-2013:0833", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0833.html" - }, - { - "name" : "RHSA-2013:0834", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0834.html" - }, - { - "name" : "RHSA-2013:0839", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0839.html" - }, - { - "name" : "RHSA-2013:1437", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1437.html" - }, - { - "name" : "60043", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60043" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka \"XML Encryption backwards compatibility attack.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:0943", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0943.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=880443", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=880443" + }, + { + "name": "RHSA-2013:0839", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0839.html" + }, + { + "name": "RHSA-2013:0875", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0875.html" + }, + { + "name": "60043", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60043" + }, + { + "name": "http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/", + "refsource": "MISC", + "url": "http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/" + }, + { + "name": "RHSA-2013:0833", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html" + }, + { + "name": "RHSA-2013:1437", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html" + }, + { + "name": "http://cxf.apache.org/cve-2012-5575.html", + "refsource": "CONFIRM", + "url": "http://cxf.apache.org/cve-2012-5575.html" + }, + { + "name": "RHSA-2013:1143", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1143.html" + }, + { + "name": "RHSA-2013:0876", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0876.html" + }, + { + "name": "RHSA-2013:1028", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1028.html" + }, + { + "name": "RHSA-2013:0834", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0834.html" + }, + { + "name": "RHSA-2013:0873", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0873.html" + }, + { + "name": "RHSA-2013:0874", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0874.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5638.json b/2012/5xxx/CVE-2012-5638.json index 83a0e33ef1b..fea9b9434c5 100644 --- a/2012/5xxx/CVE-2012-5638.json +++ b/2012/5xxx/CVE-2012-5638.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=887010", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=887010" - }, - { - "name" : "RHSA-2013:0691", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0691.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:0691", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0691.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=887010", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=887010" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5926.json b/2012/5xxx/CVE-2012-5926.json index 2c45c174412..a1e4e1cef7d 100644 --- a/2012/5xxx/CVE-2012-5926.json +++ b/2012/5xxx/CVE-2012-5926.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5926", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5926", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5997.json b/2012/5xxx/CVE-2012-5997.json index 895f2a198da..f70068d9688 100644 --- a/2012/5xxx/CVE-2012-5997.json +++ b/2012/5xxx/CVE-2012-5997.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5997", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5997", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11104.json b/2017/11xxx/CVE-2017-11104.json index 53b21aa102b..c9c879be227 100644 --- a/2017/11xxx/CVE-2017-11104.json +++ b/2017/11xxx/CVE-2017-11104.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11104", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf", - "refsource" : "MISC", - "url" : "http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf" - }, - { - "name" : "https://bugs.debian.org/865678", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/865678" - }, - { - "name" : "https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html", - "refsource" : "MISC", - "url" : "https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html" - }, - { - "name" : "DSA-3910", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3910" - }, - { - "name" : "99598", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99598" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3910", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3910" + }, + { + "name": "99598", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99598" + }, + { + "name": "https://bugs.debian.org/865678", + "refsource": "MISC", + "url": "https://bugs.debian.org/865678" + }, + { + "name": "http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf", + "refsource": "MISC", + "url": "http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf" + }, + { + "name": "https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html", + "refsource": "MISC", + "url": "https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11317.json b/2017/11xxx/CVE-2017-11317.json index a1cf5940fee..5556591921f 100644 --- a/2017/11xxx/CVE-2017-11317.json +++ b/2017/11xxx/CVE-2017-11317.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43874", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43874/" - }, - { - "name" : "http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload", - "refsource" : "CONFIRM", - "url" : "http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload" - }, - { - "name" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006", - "refsource" : "CONFIRM", - "url" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43874", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43874/" + }, + { + "name": "http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload", + "refsource": "CONFIRM", + "url": "http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload" + }, + { + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006", + "refsource": "CONFIRM", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11453.json b/2017/11xxx/CVE-2017-11453.json index 8f37d79a562..aba9c825fa2 100644 --- a/2017/11xxx/CVE-2017-11453.json +++ b/2017/11xxx/CVE-2017-11453.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11453", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11453", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11475.json b/2017/11xxx/CVE-2017-11475.json index de0d48432e0..f3128dba56f 100644 --- a/2017/11xxx/CVE-2017-11475.json +++ b/2017/11xxx/CVE-2017-11475.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/glpi-project/glpi/issues/2476", - "refsource" : "CONFIRM", - "url" : "https://github.com/glpi-project/glpi/issues/2476" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/glpi-project/glpi/issues/2476", + "refsource": "CONFIRM", + "url": "https://github.com/glpi-project/glpi/issues/2476" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11657.json b/2017/11xxx/CVE-2017-11657.json index f273fe2312f..762cb5dce12 100644 --- a/2017/11xxx/CVE-2017-11657.json +++ b/2017/11xxx/CVE-2017-11657.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\\Dashlane directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.securiteam.com/index.php/archives/3357", - "refsource" : "MISC", - "url" : "https://blogs.securiteam.com/index.php/archives/3357" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\\Dashlane directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.securiteam.com/index.php/archives/3357", + "refsource": "MISC", + "url": "https://blogs.securiteam.com/index.php/archives/3357" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11705.json b/2017/11xxx/CVE-2017-11705.json index 512c95d7897..60555bc955d 100644 --- a/2017/11xxx/CVE-2017-11705.json +++ b/2017/11xxx/CVE-2017-11705.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://somevulnsofadlab.blogspot.jp/2017/07/libmingmemory-leak-in.html", - "refsource" : "MISC", - "url" : "http://somevulnsofadlab.blogspot.jp/2017/07/libmingmemory-leak-in.html" - }, - { - "name" : "https://github.com/libming/libming/issues/71", - "refsource" : "MISC", - "url" : "https://github.com/libming/libming/issues/71" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libming/libming/issues/71", + "refsource": "MISC", + "url": "https://github.com/libming/libming/issues/71" + }, + { + "name": "http://somevulnsofadlab.blogspot.jp/2017/07/libmingmemory-leak-in.html", + "refsource": "MISC", + "url": "http://somevulnsofadlab.blogspot.jp/2017/07/libmingmemory-leak-in.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11735.json b/2017/11xxx/CVE-2017-11735.json index e4ff3fc5a1d..fe162fb3f94 100644 --- a/2017/11xxx/CVE-2017-11735.json +++ b/2017/11xxx/CVE-2017-11735.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11735", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in the originally named product. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-11735", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in the originally named product. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15241.json b/2017/15xxx/CVE-2017-15241.json index 36bc527608d..34be540cffb 100644 --- a/2017/15xxx/CVE-2017-15241.json +++ b/2017/15xxx/CVE-2017-15241.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to \"Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000000929f5.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15241", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to \"Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000000929f5.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15241", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15241" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15300.json b/2017/15xxx/CVE-2017-15300.json index 63333397714..df55490607d 100644 --- a/2017/15xxx/CVE-2017-15300.json +++ b/2017/15xxx/CVE-2017-15300.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b hangs on incoming TCP connections until some sort of request is made (such as \"GET / HTTP/1.1\"), which allows for a Denial of Service attack preventing a user from viewing their mining statistics by an attacker opening a session with telnet or netcat and connecting to the miner on the HTTP API port." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bitcointalk.org/index.php?topic=1707546.msg23016970#msg23016970", - "refsource" : "MISC", - "url" : "https://bitcointalk.org/index.php?topic=1707546.msg23016970#msg23016970" - }, - { - "name" : "https://www.legacysecuritygroup.com/cve-2017-15300.html", - "refsource" : "MISC", - "url" : "https://www.legacysecuritygroup.com/cve-2017-15300.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b hangs on incoming TCP connections until some sort of request is made (such as \"GET / HTTP/1.1\"), which allows for a Denial of Service attack preventing a user from viewing their mining statistics by an attacker opening a session with telnet or netcat and connecting to the miner on the HTTP API port." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.legacysecuritygroup.com/cve-2017-15300.html", + "refsource": "MISC", + "url": "https://www.legacysecuritygroup.com/cve-2017-15300.html" + }, + { + "name": "https://bitcointalk.org/index.php?topic=1707546.msg23016970#msg23016970", + "refsource": "MISC", + "url": "https://bitcointalk.org/index.php?topic=1707546.msg23016970#msg23016970" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15593.json b/2017/15xxx/CVE-2017-15593.json index d85b1bc761d..6931570a591 100644 --- a/2017/15xxx/CVE-2017-15593.json +++ b/2017/15xxx/CVE-2017-15593.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171120 [SECURITY] [DLA 1181-1] xen security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html" - }, - { - "name" : "[debian-lts-announce] 20181030 [SECURITY] [DLA 1559-1] xen security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html" - }, - { - "name" : "https://xenbits.xen.org/xsa/advisory-242.html", - "refsource" : "CONFIRM", - "url" : "https://xenbits.xen.org/xsa/advisory-242.html" - }, - { - "name" : "https://support.citrix.com/article/CTX228867", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX228867" - }, - { - "name" : "DSA-4050", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4050" - }, - { - "name" : "GLSA-201801-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201801-14" - }, - { - "name" : "1039568", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20181030 [SECURITY] [DLA 1559-1] xen security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html" + }, + { + "name": "[debian-lts-announce] 20171120 [SECURITY] [DLA 1181-1] xen security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html" + }, + { + "name": "DSA-4050", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4050" + }, + { + "name": "https://support.citrix.com/article/CTX228867", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX228867" + }, + { + "name": "https://xenbits.xen.org/xsa/advisory-242.html", + "refsource": "CONFIRM", + "url": "https://xenbits.xen.org/xsa/advisory-242.html" + }, + { + "name": "GLSA-201801-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201801-14" + }, + { + "name": "1039568", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039568" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15653.json b/2017/15xxx/CVE-2017-15653.json index 49015c8a89d..cafb2bc2501 100644 --- a/2017/15xxx/CVE-2017-15653.json +++ b/2017/15xxx/CVE-2017-15653.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180116 Multiple vulnerabilities in all versions of ASUS routers", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jan/63" - }, - { - "name" : "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180116 Multiple vulnerabilities in all versions of ASUS routers", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jan/63" + }, + { + "name": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15769.json b/2017/15xxx/CVE-2017-15769.json index 08ebc748e25..fbc1d1e99dd 100644 --- a/2017/15xxx/CVE-2017-15769.json +++ b/2017/15xxx/CVE-2017-15769.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView 4.50 - 64bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dds file, related to \"Read Access Violation starting at FORMATS!ReadBLP_W+0x0000000000001b22.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15769", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView 4.50 - 64bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dds file, related to \"Read Access Violation starting at FORMATS!ReadBLP_W+0x0000000000001b22.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15769", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15769" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15962.json b/2017/15xxx/CVE-2017-15962.json index f913755e178..58789595ca6 100644 --- a/2017/15xxx/CVE-2017-15962.json +++ b/2017/15xxx/CVE-2017-15962.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15962", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "iStock Management System 1.0 allows Arbitrary File Upload via user/profile." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15962", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43097", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43097/" - }, - { - "name" : "https://packetstormsecurity.com/files/144433/iStock-Management-System-1.0-Arbitrary-File-Upload.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/144433/iStock-Management-System-1.0-Arbitrary-File-Upload.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "iStock Management System 1.0 allows Arbitrary File Upload via user/profile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/144433/iStock-Management-System-1.0-Arbitrary-File-Upload.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/144433/iStock-Management-System-1.0-Arbitrary-File-Upload.html" + }, + { + "name": "43097", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43097/" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3009.json b/2017/3xxx/CVE-2017-3009.json index 0a4dd29d6ea..dcd48ad4ea3 100644 --- a/2017/3xxx/CVE-2017-3009.json +++ b/2017/3xxx/CVE-2017-3009.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" - }, - { - "name" : "97302", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97302" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97302", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97302" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3037.json b/2017/3xxx/CVE-2017-3037.json index 80658192179..d69597edb17 100644 --- a/2017/3xxx/CVE-2017-3037.json +++ b/2017/3xxx/CVE-2017-3037.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" - }, - { - "name" : "97556", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97556" - }, - { - "name" : "1038228", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038228", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038228" + }, + { + "name": "97556", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97556" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3262.json b/2017/3xxx/CVE-2017-3262.json index 28e7b42c458..b8ce435fd8c 100644 --- a/2017/3xxx/CVE-2017-3262.json +++ b/2017/3xxx/CVE-2017-3262.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java SE", - "version" : { - "version_data" : [ - { - "version_value" : "8u112" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to Java Mission Control Installation. CVSS v3.0 Base Score 5.3 (Confidentiality impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java SE", + "version": { + "version_data": [ + { + "version_value": "8u112" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20170119-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20170119-0001/" - }, - { - "name" : "GLSA-201701-65", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-65" - }, - { - "name" : "RHSA-2017:0175", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0175.html" - }, - { - "name" : "95578", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95578" - }, - { - "name" : "1037637", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037637" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to Java Mission Control Installation. CVSS v3.0 Base Score 5.3 (Confidentiality impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201701-65", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-65" + }, + { + "name": "1037637", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037637" + }, + { + "name": "95578", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95578" + }, + { + "name": "RHSA-2017:0175", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20170119-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20170119-0001/" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3317.json b/2017/3xxx/CVE-2017-3317.json index 7c3c8c8744c..27ab8b85e6d 100644 --- a/2017/3xxx/CVE-2017-3317.json +++ b/2017/3xxx/CVE-2017-3317.json @@ -1,123 +1,123 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_value" : "5.5.53 and earlier" - }, - { - "version_value" : "5.6.34 and earlier" - }, - { - "version_value" : "5.7.16 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.5.53 and earlier" + }, + { + "version_value": "5.6.34 and earlier" + }, + { + "version_value": "5.7.16 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "DSA-3767", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3767" - }, - { - "name" : "DSA-3770", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3770" - }, - { - "name" : "GLSA-201702-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-17" - }, - { - "name" : "GLSA-201702-18", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-18" - }, - { - "name" : "RHSA-2017:2886", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2886" - }, - { - "name" : "RHSA-2017:2787", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2787" - }, - { - "name" : "RHSA-2017:2192", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2192" - }, - { - "name" : "RHSA-2018:0279", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0279" - }, - { - "name" : "RHSA-2018:0574", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0574" - }, - { - "name" : "95585", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95585" - }, - { - "name" : "1037640", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:2787", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2787" + }, + { + "name": "GLSA-201702-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-17" + }, + { + "name": "RHSA-2018:0574", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0574" + }, + { + "name": "GLSA-201702-18", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-18" + }, + { + "name": "1037640", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037640" + }, + { + "name": "95585", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95585" + }, + { + "name": "RHSA-2018:0279", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0279" + }, + { + "name": "DSA-3767", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3767" + }, + { + "name": "RHSA-2017:2886", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2886" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + }, + { + "name": "DSA-3770", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3770" + }, + { + "name": "RHSA-2017:2192", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2192" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3347.json b/2017/3xxx/CVE-2017-3347.json index 4effc2c9ec5..8eabd6ab6cf 100644 --- a/2017/3xxx/CVE-2017-3347.json +++ b/2017/3xxx/CVE-2017-3347.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Marketing", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.1.2" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized read access to a subset of Oracle Marketing accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized read access to a subset of Oracle Marketing accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Marketing", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.1" + }, + { + "version_affected": "=", + "version_value": "12.1.2" + }, + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "98060", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized read access to a subset of Oracle Marketing accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized read access to a subset of Oracle Marketing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "98060", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98060" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8153.json b/2017/8xxx/CVE-2017-8153.json index b9689b7a2d7..eb366d64e4a 100644 --- a/2017/8xxx/CVE-2017-8153.json +++ b/2017/8xxx/CVE-2017-8153.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "VMall (for Android)", - "version" : { - "version_data" : [ - { - "version_value" : "The versions before VMall 1.5.8.5" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access permission. Successful exploit could lead to resource occupation or information leak." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VMall (for Android)", + "version": { + "version_data": [ + { + "version_value": "The versions before VMall 1.5.8.5" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-01-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access permission. Successful exploit could lead to resource occupation or information leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8278.json b/2017/8xxx/CVE-2017-8278.json index 65cec7d39ff..24343530403 100644 --- a/2017/8xxx/CVE-2017-8278.json +++ b/2017/8xxx/CVE-2017-8278.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-8278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-8278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "100658", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + }, + { + "name": "100658", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100658" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8477.json b/2017/8xxx/CVE-2017-8477.json index 280a3f67e3b..09cc3a04ee8 100644 --- a/2017/8xxx/CVE-2017-8477.json +++ b/2017/8xxx/CVE-2017-8477.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8484." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Windows", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42230", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42230/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8477", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8477" - }, - { - "name" : "98854", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98854" - }, - { - "name" : "1038659", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038659" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8484." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98854", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98854" + }, + { + "name": "1038659", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038659" + }, + { + "name": "42230", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42230/" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8477", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8477" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8513.json b/2017/8xxx/CVE-2017-8513.json index c40f0354778..959665e21f1 100644 --- a/2017/8xxx/CVE-2017-8513.json +++ b/2017/8xxx/CVE-2017-8513.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8513", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft PowerPoint", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft PowerPoint 2007 Service Pack 3 and Microsoft SharePoint Server 2007 Service Pack 3." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to properly handle objects in memory, aka \"Microsoft PowerPoint Remote Code Execution Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft PowerPoint", + "version": { + "version_data": [ + { + "version_value": "Microsoft PowerPoint 2007 Service Pack 3 and Microsoft SharePoint Server 2007 Service Pack 3." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8513", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8513" - }, - { - "name" : "98830", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98830" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to properly handle objects in memory, aka \"Microsoft PowerPoint Remote Code Execution Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98830", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98830" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8513", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8513" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8810.json b/2017/8xxx/CVE-2017-8810.json index 2be5d266372..577f8fa7cfb 100644 --- a/2017/8xxx/CVE-2017-8810.json +++ b/2017/8xxx/CVE-2017-8810.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@debian.org", - "ID" : "CVE-2017-8810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2", - "version" : { - "version_data" : [ - { - "version_value" : "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "information leak because of response discrepancy" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2017-8810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2", + "version": { + "version_data": [ + { + "version_value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html", - "refsource" : "CONFIRM", - "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html" - }, - { - "name" : "DSA-4036", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4036" - }, - { - "name" : "1039812", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information leak because of response discrepancy" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039812", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039812" + }, + { + "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html", + "refsource": "CONFIRM", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html" + }, + { + "name": "DSA-4036", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4036" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8977.json b/2017/8xxx/CVE-2017-8977.json index 69ce2bc0aa3..7dcc4edcbe0 100644 --- a/2017/8xxx/CVE-2017-8977.json +++ b/2017/8xxx/CVE-2017-8977.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2018-01-03T00:00:00", - "ID" : "CVE-2017-8977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moonshot Provisioning Manager Appliance", - "version" : { - "version_data" : [ - { - "version_value" : "v1.20" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Denial of Service vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2018-01-03T00:00:00", + "ID": "CVE-2017-8977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moonshot Provisioning Manager Appliance", + "version": { + "version_data": [ + { + "version_value": "v1.20" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03803en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03803en_us" - }, - { - "name" : "102410", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102410" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Denial of Service vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03803en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03803en_us" + }, + { + "name": "102410", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102410" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8985.json b/2017/8xxx/CVE-2017-8985.json index b40d90f550e..fd2b099be77 100644 --- a/2017/8xxx/CVE-2017-8985.json +++ b/2017/8xxx/CVE-2017-8985.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2018-02-09T00:00:00", - "ID" : "CVE-2017-8985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "XP Storage using HGLM", - "version" : { - "version_data" : [ - { - "version_value" : "6.3.0-00 to 8.5.2-00" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local authenticated information disclosure vulnerability in HGLM version HGLM 6.3.0-00 to 8.5.2-00." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Local Authentication Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2018-02-09T00:00:00", + "ID": "CVE-2017-8985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "XP Storage using HGLM", + "version": { + "version_data": [ + { + "version_value": "6.3.0-00 to 8.5.2-00" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03819en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03819en_us" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local authenticated information disclosure vulnerability in HGLM version HGLM 6.3.0-00 to 8.5.2-00." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local Authentication Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03819en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03819en_us" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12008.json b/2018/12xxx/CVE-2018-12008.json index ccc7b3d2afc..18e4f00da94 100644 --- a/2018/12xxx/CVE-2018-12008.json +++ b/2018/12xxx/CVE-2018-12008.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12008", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12008", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12067.json b/2018/12xxx/CVE-2018-12067.json index e98f4791593..d734d20f243 100644 --- a/2018/12xxx/CVE-2018-12067.json +++ b/2018/12xxx/CVE-2018-12067.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12067", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sell function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the \"tradeTrap\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12067", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://peckshield.com/2018/06/11/tradeTrap/", - "refsource" : "MISC", - "url" : "https://peckshield.com/2018/06/11/tradeTrap/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sell function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the \"tradeTrap\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://peckshield.com/2018/06/11/tradeTrap/", + "refsource": "MISC", + "url": "https://peckshield.com/2018/06/11/tradeTrap/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12107.json b/2018/12xxx/CVE-2018-12107.json index 9d3f1db8ab8..3a52dd873bd 100644 --- a/2018/12xxx/CVE-2018-12107.json +++ b/2018/12xxx/CVE-2018-12107.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12107", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12107", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12152.json b/2018/12xxx/CVE-2018-12152.json index 44d2bfe53bd..0e9b7ae2f83 100644 --- a/2018/12xxx/CVE-2018-12152.json +++ b/2018/12xxx/CVE-2018-12152.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2018-10-09T00:00:00", - "ID" : "CVE-2018-12152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel Graphics Driver", - "version" : { - "version_data" : [ - { - "version_value" : "Various" - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unauthenticated remote user to potentially execute arbitrary WebGL code via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2018-10-09T00:00:00", + "ID": "CVE-2018-12152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel Graphics Driver", + "version": { + "version_data": [ + { + "version_value": "Various" + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html" - }, - { - "name" : "105582", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105582" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unauthenticated remote user to potentially execute arbitrary WebGL code via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105582", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105582" + }, + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12425.json b/2018/12xxx/CVE-2018-12425.json index 2a388b957c1..e37273696fa 100644 --- a/2018/12xxx/CVE-2018-12425.json +++ b/2018/12xxx/CVE-2018-12425.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12425", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12425", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12617.json b/2018/12xxx/CVE-2018-12617.json index 17943bf06cf..96882c65a67 100644 --- a/2018/12xxx/CVE-2018-12617.json +++ b/2018/12xxx/CVE-2018-12617.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12617", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44925", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44925/" - }, - { - "name" : "[debian-lts-announce] 20190228 [SECURITY] [DLA 1694-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00041.html" - }, - { - "name" : "https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6", - "refsource" : "MISC", - "url" : "https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6" - }, - { - "name" : "https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html", - "refsource" : "MISC", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html" - }, - { - "name" : "USN-3826-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3826-1/" - }, - { - "name" : "104531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20190228 [SECURITY] [DLA 1694-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00041.html" + }, + { + "name": "https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6", + "refsource": "MISC", + "url": "https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6" + }, + { + "name": "USN-3826-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3826-1/" + }, + { + "name": "https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html", + "refsource": "MISC", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html" + }, + { + "name": "104531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104531" + }, + { + "name": "44925", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44925/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12678.json b/2018/12xxx/CVE-2018-12678.json index fc3462ea018..fdc164ad213 100644 --- a/2018/12xxx/CVE-2018-12678.json +++ b/2018/12xxx/CVE-2018-12678.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12678", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12678", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/portainer/portainer/pull/1979", - "refsource" : "CONFIRM", - "url" : "https://github.com/portainer/portainer/pull/1979" - }, - { - "name" : "https://github.com/portainer/portainer/releases/tag/1.18.0", - "refsource" : "CONFIRM", - "url" : "https://github.com/portainer/portainer/releases/tag/1.18.0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/portainer/portainer/pull/1979", + "refsource": "CONFIRM", + "url": "https://github.com/portainer/portainer/pull/1979" + }, + { + "name": "https://github.com/portainer/portainer/releases/tag/1.18.0", + "refsource": "CONFIRM", + "url": "https://github.com/portainer/portainer/releases/tag/1.18.0" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13120.json b/2018/13xxx/CVE-2018-13120.json index 773dd19d7ed..7a41718131a 100644 --- a/2018/13xxx/CVE-2018-13120.json +++ b/2018/13xxx/CVE-2018-13120.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13120", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13120", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13212.json b/2018/13xxx/CVE-2018-13212.json index 3f2a31ecd33..93bd817b00c 100644 --- a/2018/13xxx/CVE-2018-13212.json +++ b/2018/13xxx/CVE-2018-13212.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sell function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EthereumLegit", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EthereumLegit" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sell function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EthereumLegit", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EthereumLegit" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13328.json b/2018/13xxx/CVE-2018-13328.json index df2b1345395..33a100681ff 100644 --- a/2018/13xxx/CVE-2018-13328.json +++ b/2018/13xxx/CVE-2018-13328.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The transfer, transferFrom, and mint functions of a smart contract implementation for PFGc, an Ethereum token, have an integer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/safecomet/EtherTokens/blob/master/PFGc%20(PFGc)/PFGc%20(PFGc).md", - "refsource" : "MISC", - "url" : "https://github.com/safecomet/EtherTokens/blob/master/PFGc%20(PFGc)/PFGc%20(PFGc).md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The transfer, transferFrom, and mint functions of a smart contract implementation for PFGc, an Ethereum token, have an integer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/safecomet/EtherTokens/blob/master/PFGc%20(PFGc)/PFGc%20(PFGc).md", + "refsource": "MISC", + "url": "https://github.com/safecomet/EtherTokens/blob/master/PFGc%20(PFGc)/PFGc%20(PFGc).md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13470.json b/2018/13xxx/CVE-2018-13470.json index 2e997cf9a68..4ec19e47400 100644 --- a/2018/13xxx/CVE-2018-13470.json +++ b/2018/13xxx/CVE-2018-13470.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for BuyerToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BuyerToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BuyerToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for BuyerToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BuyerToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BuyerToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13509.json b/2018/13xxx/CVE-2018-13509.json index a5c7a3f2a04..65b24c580f2 100644 --- a/2018/13xxx/CVE-2018-13509.json +++ b/2018/13xxx/CVE-2018-13509.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for IamRich, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/IamRich", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/IamRich" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for IamRich, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/IamRich", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/IamRich" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13691.json b/2018/13xxx/CVE-2018-13691.json index 08882032e80..f71b3b26bef 100644 --- a/2018/13xxx/CVE-2018-13691.json +++ b/2018/13xxx/CVE-2018-13691.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RTokenMain", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RTokenMain" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RTokenMain", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RTokenMain" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13841.json b/2018/13xxx/CVE-2018-13841.json index c8b3c086e1e..098495d54ec 100644 --- a/2018/13xxx/CVE-2018-13841.json +++ b/2018/13xxx/CVE-2018-13841.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13841", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13841", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16033.json b/2018/16xxx/CVE-2018-16033.json index a9df1127aea..672c32b6e61 100644 --- a/2018/16xxx/CVE-2018-16033.json +++ b/2018/16xxx/CVE-2018-16033.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-16033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-16033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106162" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16035.json b/2018/16xxx/CVE-2018-16035.json index 5d4a5999667..5ba1a158c87 100644 --- a/2018/16xxx/CVE-2018-16035.json +++ b/2018/16xxx/CVE-2018-16035.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-16035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-16035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106162" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16429.json b/2018/16xxx/CVE-2018-16429.json index a161e756c2b..e8a1c7d146d 100644 --- a/2018/16xxx/CVE-2018-16429.json +++ b/2018/16xxx/CVE-2018-16429.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b", - "refsource" : "MISC", - "url" : "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b" - }, - { - "name" : "https://gitlab.gnome.org/GNOME/glib/issues/1361", - "refsource" : "MISC", - "url" : "https://gitlab.gnome.org/GNOME/glib/issues/1361" - }, - { - "name" : "USN-3767-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3767-1/" - }, - { - "name" : "USN-3767-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3767-2/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.gnome.org/GNOME/glib/issues/1361", + "refsource": "MISC", + "url": "https://gitlab.gnome.org/GNOME/glib/issues/1361" + }, + { + "name": "USN-3767-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3767-1/" + }, + { + "name": "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b", + "refsource": "MISC", + "url": "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b" + }, + { + "name": "USN-3767-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3767-2/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16483.json b/2018/16xxx/CVE-2018-16483.json index f6dad5c6724..9bc3affe4e7 100644 --- a/2018/16xxx/CVE-2018-16483.json +++ b/2018/16xxx/CVE-2018-16483.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2018-16483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "express-cart", - "version" : { - "version_data" : [ - { - "version_value" : ">=1.1.6" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation (CAPEC-233)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2018-16483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "express-cart", + "version": { + "version_data": [ + { + "version_value": ">=1.1.6" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/343626", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/343626" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation (CAPEC-233)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/343626", + "refsource": "MISC", + "url": "https://hackerone.com/reports/343626" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16884.json b/2018/16xxx/CVE-2018-16884.json index ba8c06ca56b..98425a45fc9 100644 --- a/2018/16xxx/CVE-2018-16884.json +++ b/2018/16xxx/CVE-2018-16884.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-16884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "kernel:", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.5/CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-16884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "kernel:", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884" - }, - { - "name" : "https://patchwork.kernel.org/cover/10733767/", - "refsource" : "CONFIRM", - "url" : "https://patchwork.kernel.org/cover/10733767/" - }, - { - "name" : "https://patchwork.kernel.org/patch/10733769/", - "refsource" : "CONFIRM", - "url" : "https://patchwork.kernel.org/patch/10733769/" - }, - { - "name" : "106253", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106253" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884" + }, + { + "name": "106253", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106253" + }, + { + "name": "https://patchwork.kernel.org/patch/10733769/", + "refsource": "CONFIRM", + "url": "https://patchwork.kernel.org/patch/10733769/" + }, + { + "name": "https://patchwork.kernel.org/cover/10733767/", + "refsource": "CONFIRM", + "url": "https://patchwork.kernel.org/cover/10733767/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17204.json b/2018/17xxx/CVE-2018-17204.json index 607c6555606..22e9ddbc2a3 100644 --- a/2018/17xxx/CVE-2018-17204.json +++ b/2018/17xxx/CVE-2018-17204.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17204", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17204", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde", - "refsource" : "MISC", - "url" : "https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde" - }, - { - "name" : "RHSA-2018:3500", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3500" - }, - { - "name" : "RHSA-2019:0053", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0053" - }, - { - "name" : "RHSA-2019:0081", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0081" - }, - { - "name" : "USN-3873-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3873-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2019:0053", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0053" + }, + { + "name": "USN-3873-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3873-1/" + }, + { + "name": "RHSA-2018:3500", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3500" + }, + { + "name": "https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde", + "refsource": "MISC", + "url": "https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde" + }, + { + "name": "RHSA-2019:0081", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0081" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17317.json b/2018/17xxx/CVE-2018-17317.json index 597eef456e7..6e6de1968dd 100644 --- a/2018/17xxx/CVE-2018-17317.json +++ b/2018/17xxx/CVE-2018-17317.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or domain parameter to /www/script/config_iface.php, or the newSSID, hostapd_secure, hostapd_wpa_passphrase, or supplicant_ssid parameter to /www/page_config.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.51cto.com/010bjsoft/2175710", - "refsource" : "MISC", - "url" : "http://blog.51cto.com/010bjsoft/2175710" - }, - { - "name" : "https://github.com/PatatasFritas/PatataWifi/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/PatatasFritas/PatataWifi/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or domain parameter to /www/script/config_iface.php, or the newSSID, hostapd_secure, hostapd_wpa_passphrase, or supplicant_ssid parameter to /www/page_config.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/PatatasFritas/PatataWifi/issues/1", + "refsource": "MISC", + "url": "https://github.com/PatatasFritas/PatataWifi/issues/1" + }, + { + "name": "http://blog.51cto.com/010bjsoft/2175710", + "refsource": "MISC", + "url": "http://blog.51cto.com/010bjsoft/2175710" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17351.json b/2018/17xxx/CVE-2018-17351.json index e37460b483c..31801352a7a 100644 --- a/2018/17xxx/CVE-2018-17351.json +++ b/2018/17xxx/CVE-2018-17351.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17351", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17351", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17575.json b/2018/17xxx/CVE-2018-17575.json index 2f3e1ba8f74..33fd8dead7f 100644 --- a/2018/17xxx/CVE-2018-17575.json +++ b/2018/17xxx/CVE-2018-17575.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17575", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17575", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://lab.insightsecurity.com.br/swa-sistemas-academicos-cve/", - "refsource" : "MISC", - "url" : "https://lab.insightsecurity.com.br/swa-sistemas-academicos-cve/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://lab.insightsecurity.com.br/swa-sistemas-academicos-cve/", + "refsource": "MISC", + "url": "https://lab.insightsecurity.com.br/swa-sistemas-academicos-cve/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17630.json b/2018/17xxx/CVE-2018-17630.json index 85750985311..94760105897 100644 --- a/2018/17xxx/CVE-2018-17630.json +++ b/2018/17xxx/CVE-2018-17630.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.1.0.5096" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the openPlayer method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6616." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.1.0.5096" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1158/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1158/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the openPlayer method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6616." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1158/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1158/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17699.json b/2018/17xxx/CVE-2018-17699.json index e95cc008765..8a588ca0425 100644 --- a/2018/17xxx/CVE-2018-17699.json +++ b/2018/17xxx/CVE-2018-17699.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17699", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7073." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125: Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17699", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1213/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1213/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7073." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1213/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1213/" + } + ] + } +} \ No newline at end of file