From a23f10e7fcd86746d3d4fb4c990a9716828d32d2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:31:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/0xxx/CVE-2004-0229.json | 170 +++++++------- 2004/0xxx/CVE-2004-0537.json | 190 +++++++-------- 2004/0xxx/CVE-2004-0912.json | 34 +-- 2004/0xxx/CVE-2004-0919.json | 160 ++++++------- 2004/1xxx/CVE-2004-1296.json | 160 ++++++------- 2004/1xxx/CVE-2004-1530.json | 160 ++++++------- 2004/1xxx/CVE-2004-1649.json | 150 ++++++------ 2004/2xxx/CVE-2004-2319.json | 200 ++++++++-------- 2008/2xxx/CVE-2008-2062.json | 170 +++++++------- 2008/2xxx/CVE-2008-2252.json | 220 +++++++++--------- 2008/2xxx/CVE-2008-2597.json | 190 +++++++-------- 2008/2xxx/CVE-2008-2729.json | 280 +++++++++++----------- 2008/3xxx/CVE-2008-3192.json | 160 ++++++------- 2008/3xxx/CVE-2008-3226.json | 150 ++++++------ 2008/3xxx/CVE-2008-3522.json | 240 +++++++++---------- 2008/3xxx/CVE-2008-3566.json | 150 ++++++------ 2008/3xxx/CVE-2008-3657.json | 410 ++++++++++++++++----------------- 2008/6xxx/CVE-2008-6066.json | 140 +++++------ 2008/6xxx/CVE-2008-6157.json | 140 +++++------ 2008/6xxx/CVE-2008-6464.json | 160 ++++++------- 2008/6xxx/CVE-2008-6671.json | 180 +++++++-------- 2008/7xxx/CVE-2008-7183.json | 140 +++++------ 2012/5xxx/CVE-2012-5653.json | 200 ++++++++-------- 2012/5xxx/CVE-2012-5701.json | 170 +++++++------- 2013/2xxx/CVE-2013-2629.json | 130 +++++------ 2017/11xxx/CVE-2017-11283.json | 140 +++++------ 2017/11xxx/CVE-2017-11508.json | 132 +++++------ 2017/11xxx/CVE-2017-11648.json | 120 +++++----- 2017/11xxx/CVE-2017-11690.json | 34 +-- 2017/14xxx/CVE-2017-14159.json | 120 +++++----- 2017/14xxx/CVE-2017-14301.json | 120 +++++----- 2017/14xxx/CVE-2017-14445.json | 120 +++++----- 2017/14xxx/CVE-2017-14526.json | 130 +++++------ 2017/14xxx/CVE-2017-14959.json | 34 +-- 2017/15xxx/CVE-2017-15040.json | 34 +-- 2017/15xxx/CVE-2017-15055.json | 130 +++++------ 2017/15xxx/CVE-2017-15116.json | 170 +++++++------- 2017/15xxx/CVE-2017-15195.json | 150 ++++++------ 2017/15xxx/CVE-2017-15246.json | 120 +++++----- 2017/8xxx/CVE-2017-8660.json | 142 ++++++------ 2017/8xxx/CVE-2017-8963.json | 132 +++++------ 2018/12xxx/CVE-2018-12046.json | 120 +++++----- 2018/12xxx/CVE-2018-12051.json | 120 +++++----- 2018/12xxx/CVE-2018-12274.json | 34 +-- 2018/12xxx/CVE-2018-12838.json | 140 +++++------ 2018/13xxx/CVE-2018-13071.json | 120 +++++----- 2018/13xxx/CVE-2018-13172.json | 130 +++++------ 2018/13xxx/CVE-2018-13521.json | 130 +++++------ 2018/13xxx/CVE-2018-13687.json | 130 +++++------ 2018/16xxx/CVE-2018-16058.json | 180 +++++++-------- 2018/16xxx/CVE-2018-16285.json | 130 +++++------ 2018/16xxx/CVE-2018-16714.json | 34 +-- 2018/17xxx/CVE-2018-17568.json | 130 +++++------ 2018/4xxx/CVE-2018-4387.json | 34 +-- 2018/4xxx/CVE-2018-4443.json | 34 +-- 2018/4xxx/CVE-2018-4560.json | 34 +-- 2019/7xxx/CVE-2019-7422.json | 58 ++++- 57 files changed, 3947 insertions(+), 3893 deletions(-) diff --git a/2004/0xxx/CVE-2004-0229.json b/2004/0xxx/CVE-2004-0229.json index 980fa303637..d71d5236a08 100644 --- a/2004/0xxx/CVE-2004-0229.json +++ b/2004/0xxx/CVE-2004-0229.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0229", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The framebuffer driver in Linux kernel 2.6.x does not properly use the fb_copy_cmap function, with unknown impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CLA-2004:852", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852" - }, - { - "name" : "GLSA-200407-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200407-02.xml" - }, - { - "name" : "MDKSA-2004:037", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:037" - }, - { - "name" : "SuSE-SA:2004:010", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_10_kernel.html" - }, - { - "name" : "10211", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10211" - }, - { - "name" : "linux-framebuffer(15974)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15974" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The framebuffer driver in Linux kernel 2.6.x does not properly use the fb_copy_cmap function, with unknown impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "linux-framebuffer(15974)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15974" + }, + { + "name": "SuSE-SA:2004:010", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_10_kernel.html" + }, + { + "name": "10211", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10211" + }, + { + "name": "MDKSA-2004:037", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:037" + }, + { + "name": "CLA-2004:852", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852" + }, + { + "name": "GLSA-200407-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200407-02.xml" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0537.json b/2004/0xxx/CVE-2004-0537.json index fde18077a53..cb34e749474 100644 --- a/2004/0xxx/CVE-2004-0537.json +++ b/2004/0xxx/CVE-2004-0537.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera 7.50 and earlier allows remote web sites to provide a \"Shortcut Icon\" (favicon) that is wider than expected, which could allow the web sites to spoof a trusted domain and facilitate phishing attacks using a wide icon and extra spaces." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040603 Phishing for Opera (GM#007-OP)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108627581717738&w=2" - }, - { - "name" : "20040603 Phishing for Opera (GM#007-OP)", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022263.html" - }, - { - "name" : "http://security.greymagic.com/security/advisories/gm007-op/", - "refsource" : "MISC", - "url" : "http://security.greymagic.com/security/advisories/gm007-op/" - }, - { - "name" : "http://www.opera.com/linux/changelogs/751/index.dml", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/linux/changelogs/751/index.dml" - }, - { - "name" : "10452", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10452" - }, - { - "name" : "6590", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/6590" - }, - { - "name" : "11762", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11762" - }, - { - "name" : "opera-favicon-spoofing(16307)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera 7.50 and earlier allows remote web sites to provide a \"Shortcut Icon\" (favicon) that is wider than expected, which could allow the web sites to spoof a trusted domain and facilitate phishing attacks using a wide icon and extra spaces." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10452", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10452" + }, + { + "name": "11762", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11762" + }, + { + "name": "6590", + "refsource": "OSVDB", + "url": "http://osvdb.org/6590" + }, + { + "name": "http://www.opera.com/linux/changelogs/751/index.dml", + "refsource": "CONFIRM", + "url": "http://www.opera.com/linux/changelogs/751/index.dml" + }, + { + "name": "20040603 Phishing for Opera (GM#007-OP)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108627581717738&w=2" + }, + { + "name": "opera-favicon-spoofing(16307)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16307" + }, + { + "name": "20040603 Phishing for Opera (GM#007-OP)", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022263.html" + }, + { + "name": "http://security.greymagic.com/security/advisories/gm007-op/", + "refsource": "MISC", + "url": "http://security.greymagic.com/security/advisories/gm007-op/" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0912.json b/2004/0xxx/CVE-2004-0912.json index b4fa4b8880b..1959549cf39 100644 --- a/2004/0xxx/CVE-2004-0912.json +++ b/2004/0xxx/CVE-2004-0912.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0912", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0912", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0919.json b/2004/0xxx/CVE-2004-0919.json index 19d919e886c..136e3b2cbf9 100644 --- a/2004/0xxx/CVE-2004-0919.json +++ b/2004/0xxx/CVE-2004-0919.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0919", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to read arbitrary kernel memory via (1) negative coordinates or (2) large coordinates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0919", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-04:15", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:15.syscons.asc" - }, - { - "name" : "VU#969078", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/969078" - }, - { - "name" : "11321", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11321" - }, - { - "name" : "12722", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12722" - }, - { - "name" : "syscons-consscrshot-info-disclosure(17584)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to read arbitrary kernel memory via (1) negative coordinates or (2) large coordinates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12722", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12722" + }, + { + "name": "FreeBSD-SA-04:15", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:15.syscons.asc" + }, + { + "name": "VU#969078", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/969078" + }, + { + "name": "11321", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11321" + }, + { + "name": "syscons-consscrshot-info-disclosure(17584)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17584" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1296.json b/2004/1xxx/CVE-2004-1296.json index ca3e8a60cb2..47efe02a4f5 100644 --- a/2004/1xxx/CVE-2004-1296.json +++ b/2004/1xxx/CVE-2004-1296.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041220 [USN-43-1] groff utility vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110358225615424&w=2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372" - }, - { - "name" : "MDKSA-2006:038", - "refsource" : "MANDRIVA", - "url" : "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038" - }, - { - "name" : "groff-eqn2graph-pic2graph-symlink(18660)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041220 [USN-43-1] groff utility vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110358225615424&w=2" + }, + { + "name": "MDKSA-2006:038", + "refsource": "MANDRIVA", + "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038" + }, + { + "name": "groff-eqn2graph-pic2graph-symlink(18660)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18660" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1530.json b/2004/1xxx/CVE-2004-1530.json index 5f2db5b9ff9..9be33517550 100644 --- a/2004/1xxx/CVE-2004-1530.json +++ b/2004/1xxx/CVE-2004-1530.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the (1) eid or (2) cid parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041116 [waraxe-2004-SA#038 - Multiple vulnerabilities in Event Calendar module for PhpNuke]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110064626111756&w=2" - }, - { - "name" : "http://www.waraxe.us/index.php?modname=sa&id=38", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/index.php?modname=sa&id=38" - }, - { - "name" : "11693", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11693" - }, - { - "name" : "13213", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13213" - }, - { - "name" : "event-calendar-sql-injection(18104)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the (1) eid or (2) cid parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11693", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11693" + }, + { + "name": "event-calendar-sql-injection(18104)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18104" + }, + { + "name": "20041116 [waraxe-2004-SA#038 - Multiple vulnerabilities in Event Calendar module for PhpNuke]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110064626111756&w=2" + }, + { + "name": "http://www.waraxe.us/index.php?modname=sa&id=38", + "refsource": "MISC", + "url": "http://www.waraxe.us/index.php?modname=sa&id=38" + }, + { + "name": "13213", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13213" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1649.json b/2004/1xxx/CVE-2004-1649.json index cec527b1e2a..55c395cb62c 100644 --- a/2004/1xxx/CVE-2004-1649.json +++ b/2004/1xxx/CVE-2004-1649.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040831 MSInfo Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109413415205017&w=2" - }, - { - "name" : "20040830 MSInfo Buffer Overflow", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025902.html" - }, - { - "name" : "20040830 MSInfo Buffer Overflow", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=109391133831787&w=2" - }, - { - "name" : "msinfo-msinfofile-bo(17153)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "msinfo-msinfofile-bo(17153)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17153" + }, + { + "name": "20040831 MSInfo Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109413415205017&w=2" + }, + { + "name": "20040830 MSInfo Buffer Overflow", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=109391133831787&w=2" + }, + { + "name": "20040830 MSInfo Buffer Overflow", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025902.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2319.json b/2004/2xxx/CVE-2004-2319.json index 14845ffd764..f4a23fbce2b 100644 --- a/2004/2xxx/CVE-2004-2319.json +++ b/2004/2xxx/CVE-2004-2319.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040129 ----------========== OPEN3S-2003-08-08-eng-informix-onedcu ==========----------", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/351770" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21153336", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21153336" - }, - { - "name" : "9511", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9511" - }, - { - "name" : "9512", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9512" - }, - { - "name" : "3758", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3758" - }, - { - "name" : "3760", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3760" - }, - { - "name" : "10737", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10737/" - }, - { - "name" : "informix-onedcu-symlink-attack(14971)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14971" - }, - { - "name" : "informix-onshowaudit-information-disclosure(14969)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14969" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3760", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3760" + }, + { + "name": "9511", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9511" + }, + { + "name": "informix-onshowaudit-information-disclosure(14969)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14969" + }, + { + "name": "9512", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9512" + }, + { + "name": "informix-onedcu-symlink-attack(14971)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14971" + }, + { + "name": "10737", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10737/" + }, + { + "name": "3758", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3758" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336" + }, + { + "name": "20040129 ----------========== OPEN3S-2003-08-08-eng-informix-onedcu ==========----------", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/351770" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2062.json b/2008/2xxx/CVE-2008-2062.json index 3a780063c02..3e1ea930bd7 100644 --- a/2008/2xxx/CVE-2008-2062.json +++ b/2008/2xxx/CVE-2008-2062.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2008-2062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080625 Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml" - }, - { - "name" : "29935", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29935" - }, - { - "name" : "ADV-2008-1933", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1933/references" - }, - { - "name" : "1020361", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020361" - }, - { - "name" : "30848", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30848" - }, - { - "name" : "cucm-risdatacollector-info-disclosure(43355)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cucm-risdatacollector-info-disclosure(43355)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43355" + }, + { + "name": "ADV-2008-1933", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1933/references" + }, + { + "name": "30848", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30848" + }, + { + "name": "29935", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29935" + }, + { + "name": "20080625 Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml" + }, + { + "name": "1020361", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020361" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2252.json b/2008/2xxx/CVE-2008-2252.json index d241b23956e..efe63e8a523 100644 --- a/2008/2xxx/CVE-2008-2252.json +++ b/2008/2xxx/CVE-2008-2252.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka \"Windows Kernel Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-2252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02379", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2" - }, - { - "name" : "SSRT080143", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2" - }, - { - "name" : "MS08-061", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-061" - }, - { - "name" : "TA08-288A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-288A.html" - }, - { - "name" : "31652", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31652" - }, - { - "name" : "oval:org.mitre.oval:def:6045", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6045" - }, - { - "name" : "ADV-2008-2812", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2812" - }, - { - "name" : "1021046", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021046" - }, - { - "name" : "32247", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32247" - }, - { - "name" : "win-kernel-input-privilege-escalation(45543)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45543" - }, - { - "name" : "win-ms08kb954211-update(45544)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka \"Windows Kernel Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT080143", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2" + }, + { + "name": "32247", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32247" + }, + { + "name": "win-kernel-input-privilege-escalation(45543)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45543" + }, + { + "name": "MS08-061", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-061" + }, + { + "name": "oval:org.mitre.oval:def:6045", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6045" + }, + { + "name": "win-ms08kb954211-update(45544)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45544" + }, + { + "name": "HPSBST02379", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2" + }, + { + "name": "ADV-2008-2812", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2812" + }, + { + "name": "1021046", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021046" + }, + { + "name": "TA08-288A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html" + }, + { + "name": "31652", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31652" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2597.json b/2008/2xxx/CVE-2008-2597.json index ce2afbbbc0d..7e9bf94373e 100644 --- a/2008/2xxx/CVE-2008-2597.json +++ b/2008/2xxx/CVE-2008-2597.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the TimesTen Client/Server component in Oracle Times Ten In-Memory Database 7.0.3.0.0 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2598 and CVE-2008-2599." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "ADV-2008-2115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2115" - }, - { - "name" : "ADV-2008-2109", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2109/references" - }, - { - "name" : "1020493", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020493" - }, - { - "name" : "31113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31113" - }, - { - "name" : "31087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the TimesTen Client/Server component in Oracle Times Ten In-Memory Database 7.0.3.0.0 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2598 and CVE-2008-2599." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" + }, + { + "name": "ADV-2008-2115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2115" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "ADV-2008-2109", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2109/references" + }, + { + "name": "31087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31087" + }, + { + "name": "31113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31113" + }, + { + "name": "1020493", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020493" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2729.json b/2008/2xxx/CVE-2008-2729.json index 1b1a8c07df6..7c00e0bfb80 100644 --- a/2008/2xxx/CVE-2008-2729.json +++ b/2008/2xxx/CVE-2008-2729.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3022d734a54cbd2b65eea9a024564821101b4a9a;hp=f0f4c3432e5e1087b3a8c0e6bd4113d3c37497ff", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3022d734a54cbd2b65eea9a024564821101b4a9a;hp=f0f4c3432e5e1087b3a8c0e6bd4113d3c37497ff" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=451271", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=451271" - }, - { - "name" : "DSA-1630", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1630" - }, - { - "name" : "MDVSA-2008:174", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:174" - }, - { - "name" : "RHSA-2008:0508", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-0508.html" - }, - { - "name" : "RHSA-2008:0519", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0519.html" - }, - { - "name" : "RHSA-2008:0585", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0585.html" - }, - { - "name" : "USN-625-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-625-1" - }, - { - "name" : "29943", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29943" - }, - { - "name" : "oval:org.mitre.oval:def:11571", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11571" - }, - { - "name" : "1020364", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020364" - }, - { - "name" : "30849", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30849" - }, - { - "name" : "30850", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30850" - }, - { - "name" : "31107", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31107" - }, - { - "name" : "31628", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31628" - }, - { - "name" : "31551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31551" - }, - { - "name" : "linux-kernel-destination-info-disclosure(43558)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3022d734a54cbd2b65eea9a024564821101b4a9a;hp=f0f4c3432e5e1087b3a8c0e6bd4113d3c37497ff", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3022d734a54cbd2b65eea9a024564821101b4a9a;hp=f0f4c3432e5e1087b3a8c0e6bd4113d3c37497ff" + }, + { + "name": "DSA-1630", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1630" + }, + { + "name": "RHSA-2008:0519", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0519.html" + }, + { + "name": "linux-kernel-destination-info-disclosure(43558)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43558" + }, + { + "name": "oval:org.mitre.oval:def:11571", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11571" + }, + { + "name": "30849", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30849" + }, + { + "name": "1020364", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020364" + }, + { + "name": "31551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31551" + }, + { + "name": "30850", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30850" + }, + { + "name": "RHSA-2008:0585", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0585.html" + }, + { + "name": "MDVSA-2008:174", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:174" + }, + { + "name": "31107", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31107" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=451271", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=451271" + }, + { + "name": "29943", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29943" + }, + { + "name": "31628", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31628" + }, + { + "name": "USN-625-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-625-1" + }, + { + "name": "RHSA-2008:0508", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-0508.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3192.json b/2008/3xxx/CVE-2008-3192.json index 9473a8d5e43..78b8303b4d0 100644 --- a/2008/3xxx/CVE-2008-3192.json +++ b/2008/3xxx/CVE-2008-3192.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in jSite 1.0 OE allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6057", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6057" - }, - { - "name" : "30206", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30206" - }, - { - "name" : "31049", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31049" - }, - { - "name" : "3999", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3999" - }, - { - "name" : "jsite-module-file-include(43746)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43746" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in jSite 1.0 OE allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31049", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31049" + }, + { + "name": "6057", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6057" + }, + { + "name": "3999", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3999" + }, + { + "name": "30206", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30206" + }, + { + "name": "jsite-module-file-include(43746)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43746" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3226.json b/2008/3xxx/CVE-2008-3226.json index 282b6c39291..f59f3cabf44 100644 --- a/2008/3xxx/CVE-2008-3226.json +++ b/2008/3xxx/CVE-2008-3226.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080712 CVE requests: joomla <1.5.4", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/07/12/2" - }, - { - "name" : "http://www.joomla.org/content/view/5180/1/", - "refsource" : "CONFIRM", - "url" : "http://www.joomla.org/content/view/5180/1/" - }, - { - "name" : "30125", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30125" - }, - { - "name" : "joomla-filecaching-unauth-access(43650)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20080712 CVE requests: joomla <1.5.4", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/07/12/2" + }, + { + "name": "http://www.joomla.org/content/view/5180/1/", + "refsource": "CONFIRM", + "url": "http://www.joomla.org/content/view/5180/1/" + }, + { + "name": "30125", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30125" + }, + { + "name": "joomla-filecaching-unauth-access(43650)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43650" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3522.json b/2008/3xxx/CVE-2008-3522.json index b3a160a4ae3..676474f98a1 100644 --- a/2008/3xxx/CVE-2008-3522.json +++ b/2008/3xxx/CVE-2008-3522.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-3522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.gentoo.org/attachment.cgi?id=163282&action=view", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/attachment.cgi?id=163282&action=view" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=222819", - "refsource" : "MISC", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=222819" - }, - { - "name" : "GLSA-200812-18", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200812-18.xml" - }, - { - "name" : "MDVSA-2009:142", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:142" - }, - { - "name" : "MDVSA-2009:144", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:144" - }, - { - "name" : "MDVSA-2009:164", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:164" - }, - { - "name" : "RHSA-2015:0698", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0698.html" - }, - { - "name" : "SSA:2015-302-02", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606" - }, - { - "name" : "USN-742-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-742-1" - }, - { - "name" : "31470", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31470" - }, - { - "name" : "33173", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33173" - }, - { - "name" : "34391", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34391" - }, - { - "name" : "jasper-jasstreamprintf-bo(45623)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31470", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31470" + }, + { + "name": "MDVSA-2009:164", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:164" + }, + { + "name": "MDVSA-2009:144", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:144" + }, + { + "name": "http://bugs.gentoo.org/attachment.cgi?id=163282&action=view", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/attachment.cgi?id=163282&action=view" + }, + { + "name": "34391", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34391" + }, + { + "name": "MDVSA-2009:142", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:142" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=222819", + "refsource": "MISC", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=222819" + }, + { + "name": "USN-742-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-742-1" + }, + { + "name": "jasper-jasstreamprintf-bo(45623)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45623" + }, + { + "name": "RHSA-2015:0698", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html" + }, + { + "name": "33173", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33173" + }, + { + "name": "GLSA-200812-18", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200812-18.xml" + }, + { + "name": "SSA:2015-302-02", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3566.json b/2008/3xxx/CVE-2008-3566.json index 52ced229820..271cf74b44e 100644 --- a/2008/3xxx/CVE-2008-3566.json +++ b/2008/3xxx/CVE-2008-3566.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ZoneO-soft freeForum 1.7 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter to (1) the default URI or (2) index.php, or (3) the PATH_INFO to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30509.html", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30509.html" - }, - { - "name" : "30509", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30509" - }, - { - "name" : "31349", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31349" - }, - { - "name" : "freeforum-acuparam-xss(44178)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44178" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ZoneO-soft freeForum 1.7 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter to (1) the default URI or (2) index.php, or (3) the PATH_INFO to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31349", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31349" + }, + { + "name": "30509", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30509" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/30509.html", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/30509.html" + }, + { + "name": "freeforum-acuparam-xss(44178)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44178" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3657.json b/2008/3xxx/CVE-2008-3657.json index d721203d719..d61724e022c 100644 --- a/2008/3xxx/CVE-2008-3657.json +++ b/2008/3xxx/CVE-2008-3657.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3657", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check \"taintness\" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080831 rPSA-2008-0264-1 ruby", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495884/100/0/threaded" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401" - }, - { - "name" : "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", - "refsource" : "CONFIRM", - "url" : "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm" - }, - { - "name" : "http://support.apple.com/kb/HT3549", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3549" - }, - { - "name" : "APPLE-SA-2009-05-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" - }, - { - "name" : "DSA-1651", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1651" - }, - { - "name" : "DSA-1652", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1652" - }, - { - "name" : "FEDORA-2008-8736", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html" - }, - { - "name" : "FEDORA-2008-8738", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html" - }, - { - "name" : "GLSA-200812-17", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200812-17.xml" - }, - { - "name" : "RHSA-2008:0897", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0897.html" - }, - { - "name" : "USN-651-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/651-1/" - }, - { - "name" : "TA09-133A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" - }, - { - "name" : "30644", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30644" - }, - { - "name" : "oval:org.mitre.oval:def:9793", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9793" - }, - { - "name" : "35074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35074" - }, - { - "name" : "ADV-2008-2334", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2334" - }, - { - "name" : "1020652", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020652" - }, - { - "name" : "31697", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31697" - }, - { - "name" : "32255", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32255" - }, - { - "name" : "32256", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32256" - }, - { - "name" : "33178", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33178" - }, - { - "name" : "31430", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31430" - }, - { - "name" : "32165", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32165" - }, - { - "name" : "32219", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32219" - }, - { - "name" : "32371", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32371" - }, - { - "name" : "ADV-2009-1297", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1297" - }, - { - "name" : "ruby-dl-security-bypass(44372)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check \"taintness\" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31430", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31430" + }, + { + "name": "31697", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31697" + }, + { + "name": "USN-651-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/651-1/" + }, + { + "name": "http://support.apple.com/kb/HT3549", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3549" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264" + }, + { + "name": "DSA-1652", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1652" + }, + { + "name": "FEDORA-2008-8736", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html" + }, + { + "name": "oval:org.mitre.oval:def:9793", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9793" + }, + { + "name": "35074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35074" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm" + }, + { + "name": "DSA-1651", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1651" + }, + { + "name": "APPLE-SA-2009-05-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" + }, + { + "name": "30644", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30644" + }, + { + "name": "RHSA-2008:0897", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0897.html" + }, + { + "name": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", + "refsource": "CONFIRM", + "url": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/" + }, + { + "name": "32219", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32219" + }, + { + "name": "TA09-133A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" + }, + { + "name": "ruby-dl-security-bypass(44372)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44372" + }, + { + "name": "32255", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32255" + }, + { + "name": "ADV-2009-1297", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1297" + }, + { + "name": "20080831 rPSA-2008-0264-1 ruby", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495884/100/0/threaded" + }, + { + "name": "32371", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32371" + }, + { + "name": "32165", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32165" + }, + { + "name": "GLSA-200812-17", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml" + }, + { + "name": "33178", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33178" + }, + { + "name": "ADV-2008-2334", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2334" + }, + { + "name": "1020652", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020652" + }, + { + "name": "FEDORA-2008-8738", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401" + }, + { + "name": "32256", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32256" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6066.json b/2008/6xxx/CVE-2008-6066.json index 59d32aeafb6..c1b3bf3e165 100644 --- a/2008/6xxx/CVE-2008-6066.json +++ b/2008/6xxx/CVE-2008-6066.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6066", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules.php, (2) ManagerResource.class.php, (3) ManagerRightsResource.class.php, (4) RegForm.class.php, (5) RegResource.class.php, and (6) RegRightsResource.class.php in classes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6066", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/bid/30673/exploit", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/bid/30673/exploit" - }, - { - "name" : "30673", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30673" - }, - { - "name" : "meetweb-rootpath-file-include(44454)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules.php, (2) ManagerResource.class.php, (3) ManagerRightsResource.class.php, (4) RegForm.class.php, (5) RegResource.class.php, and (6) RegRightsResource.class.php in classes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securityfocus.com/bid/30673/exploit", + "refsource": "MISC", + "url": "http://www.securityfocus.com/bid/30673/exploit" + }, + { + "name": "meetweb-rootpath-file-include(44454)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44454" + }, + { + "name": "30673", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30673" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6157.json b/2008/6xxx/CVE-2008-6157.json index fd5b820afcc..b257ee3d570 100644 --- a/2008/6xxx/CVE-2008-6157.json +++ b/2008/6xxx/CVE-2008-6157.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6157", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6157", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7613", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7613" - }, - { - "name" : "20090220 CVE-2008-6157 / Milw0rm 7613", - "refsource" : "VIM", - "url" : "http://www.attrition.org/pipermail/vim/2009-February/002146.html" - }, - { - "name" : "classifiedads-classifieds-info-disclosure(48822)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48822" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7613", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7613" + }, + { + "name": "classifiedads-classifieds-info-disclosure(48822)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48822" + }, + { + "name": "20090220 CVE-2008-6157 / Milw0rm 7613", + "refsource": "VIM", + "url": "http://www.attrition.org/pipermail/vim/2009-February/002146.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6464.json b/2008/6xxx/CVE-2008-6464.json index 61c4f91941e..8fd9700420c 100644 --- a/2008/6xxx/CVE-2008-6464.json +++ b/2008/6xxx/CVE-2008-6464.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in event.php in Mevin Productions Basic PHP Events Lister 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6508", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6508" - }, - { - "name" : "31278", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31278" - }, - { - "name" : "48499", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/48499" - }, - { - "name" : "31779", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31779" - }, - { - "name" : "ADV-2008-2648", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in event.php in Mevin Productions Basic PHP Events Lister 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48499", + "refsource": "OSVDB", + "url": "http://osvdb.org/48499" + }, + { + "name": "ADV-2008-2648", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2648" + }, + { + "name": "6508", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6508" + }, + { + "name": "31278", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31278" + }, + { + "name": "31779", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31779" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6671.json b/2008/6xxx/CVE-2008-6671.json index 3d0d4740c47..a5fb6c29ff4 100644 --- a/2008/6xxx/CVE-2008-6671.json +++ b/2008/6xxx/CVE-2008-6671.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted join packet to UDP port 27960." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/sunagex-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/sunagex-adv.txt" - }, - { - "name" : "http://aluigi.org/poc/sunagex.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/sunagex.zip" - }, - { - "name" : "29889", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29889" - }, - { - "name" : "46562", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46562" - }, - { - "name" : "30823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30823" - }, - { - "name" : "ADV-2008-1903", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1903/references" - }, - { - "name" : "sunage-unspecified-dos(43249)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted join packet to UDP port 27960." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1903", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1903/references" + }, + { + "name": "sunage-unspecified-dos(43249)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43249" + }, + { + "name": "30823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30823" + }, + { + "name": "29889", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29889" + }, + { + "name": "http://aluigi.org/poc/sunagex.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/sunagex.zip" + }, + { + "name": "46562", + "refsource": "OSVDB", + "url": "http://osvdb.org/46562" + }, + { + "name": "http://aluigi.altervista.org/adv/sunagex-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/sunagex-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7183.json b/2008/7xxx/CVE-2008-7183.json index dbdc787171d..16bbad7be5b 100644 --- a/2008/7xxx/CVE-2008-7183.json +++ b/2008/7xxx/CVE-2008-7183.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in eva/index.php in EVA CMS 2.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the eva[caminho] parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstorm.linuxsecurity.com/0806-exploits/evacms-rfi.txt", - "refsource" : "MISC", - "url" : "http://packetstorm.linuxsecurity.com/0806-exploits/evacms-rfi.txt" - }, - { - "name" : "29954", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29954" - }, - { - "name" : "evacms-index-file-include(43437)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43437" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in eva/index.php in EVA CMS 2.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the eva[caminho] parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29954", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29954" + }, + { + "name": "http://packetstorm.linuxsecurity.com/0806-exploits/evacms-rfi.txt", + "refsource": "MISC", + "url": "http://packetstorm.linuxsecurity.com/0806-exploits/evacms-rfi.txt" + }, + { + "name": "evacms-index-file-include(43437)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43437" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5653.json b/2012/5xxx/CVE-2012-5653.json index 2f15a068361..34a1575e8b3 100644 --- a/2012/5xxx/CVE-2012-5653.json +++ b/2012/5xxx/CVE-2012-5653.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121219 Re: CVE request for Drupal core, and contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/12/20/1" - }, - { - "name" : "http://drupal.org/SA-CORE-2012-004", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/SA-CORE-2012-004" - }, - { - "name" : "http://drupalcode.org/project/drupal.git/commitdiff/b47f95d", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/drupal.git/commitdiff/b47f95d" - }, - { - "name" : "http://drupalcode.org/project/drupal.git/commitdiff/da8023a", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/drupal.git/commitdiff/da8023a" - }, - { - "name" : "DSA-2776", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2776" - }, - { - "name" : "MDVSA-2013:074", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:074" - }, - { - "name" : "56993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56993" - }, - { - "name" : "88529", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/88529" - }, - { - "name" : "drupal-fileupload-code-execution(80795)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80795" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "88529", + "refsource": "OSVDB", + "url": "http://osvdb.org/88529" + }, + { + "name": "http://drupalcode.org/project/drupal.git/commitdiff/da8023a", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/drupal.git/commitdiff/da8023a" + }, + { + "name": "MDVSA-2013:074", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:074" + }, + { + "name": "http://drupal.org/SA-CORE-2012-004", + "refsource": "CONFIRM", + "url": "http://drupal.org/SA-CORE-2012-004" + }, + { + "name": "56993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56993" + }, + { + "name": "http://drupalcode.org/project/drupal.git/commitdiff/b47f95d", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/drupal.git/commitdiff/b47f95d" + }, + { + "name": "DSA-2776", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2776" + }, + { + "name": "[oss-security] 20121219 Re: CVE request for Drupal core, and contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/12/20/1" + }, + { + "name": "drupal-fileupload-code-execution(80795)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80795" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5701.json b/2012/5xxx/CVE-2012-5701.json index 63d06c926b5..3465f0b878c 100644 --- a/2012/5xxx/CVE-2012-5701.json +++ b/2012/5xxx/CVE-2012-5701.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5701", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5701", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/118274/dotProject-2.1.6-Cross-Site-Scripting-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/118274/dotProject-2.1.6-Cross-Site-Scripting-SQL-Injection.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23124", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23124" - }, - { - "name" : "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/" - }, - { - "name" : "56624", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56624" - }, - { - "name" : "87625", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87625" - }, - { - "name" : "dotproject-searchstring-sql-injection(80223)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80223" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "87625", + "refsource": "OSVDB", + "url": "http://osvdb.org/87625" + }, + { + "name": "dotproject-searchstring-sql-injection(80223)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80223" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23124", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23124" + }, + { + "name": "56624", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56624" + }, + { + "name": "http://packetstormsecurity.com/files/118274/dotProject-2.1.6-Cross-Site-Scripting-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/118274/dotProject-2.1.6-Cross-Site-Scripting-SQL-Injection.html" + }, + { + "name": "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2629.json b/2013/2xxx/CVE-2013-2629.json index 862e546472f..3bdd13084e0 100644 --- a/2013/2xxx/CVE-2013-2629.json +++ b/2013/2xxx/CVE-2013-2629.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2013/Dec/107" - }, - { - "name" : "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt", - "refsource" : "MISC", - "url" : "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2013/Dec/107" + }, + { + "name": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt", + "refsource": "MISC", + "url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11283.json b/2017/11xxx/CVE-2017-11283.json index dc65e1f18cc..cc5f071df53 100644 --- a/2017/11xxx/CVE-2017-11283.json +++ b/2017/11xxx/CVE-2017-11283.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-11283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Vulnerable 3rd Party Library" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-11283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11.", + "version": { + "version_data": [ + { + "version_value": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html" - }, - { - "name" : "100708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100708" - }, - { - "name" : "1039321", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Vulnerable 3rd Party Library" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html" + }, + { + "name": "1039321", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039321" + }, + { + "name": "100708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100708" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11508.json b/2017/11xxx/CVE-2017-11508.json index 1805610b7ff..b059bac254d 100644 --- a/2017/11xxx/CVE-2017-11508.json +++ b/2017/11xxx/CVE-2017-11508.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnreport@tenable.com", - "DATE_PUBLIC" : "2017-11-01T00:00:00", - "ID" : "CVE-2017-11508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SecurityCenter", - "version" : { - "version_data" : [ - { - "version_value" : "5.5.0, 5.5.1 and 5.5.2" - } - ] - } - } - ] - }, - "vendor_name" : "Tenable" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vulnreport@tenable.com", + "DATE_PUBLIC": "2017-11-01T00:00:00", + "ID": "CVE-2017-11508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SecurityCenter", + "version": { + "version_data": [ + { + "version_value": "5.5.0, 5.5.1 and 5.5.2" + } + ] + } + } + ] + }, + "vendor_name": "Tenable" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/tns-2017-13", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2017-13" - }, - { - "name" : "1039804", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039804" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039804", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039804" + }, + { + "name": "https://www.tenable.com/security/tns-2017-13", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2017-13" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11648.json b/2017/11xxx/CVE-2017-11648.json index 22428ed86fc..a20dbcd3a40 100644 --- a/2017/11xxx/CVE-2017-11648.json +++ b/2017/11xxx/CVE-2017-11648.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://iscouncil.blogspot.com/2017/07/cross-site-request-forgery_31.html", - "refsource" : "MISC", - "url" : "https://iscouncil.blogspot.com/2017/07/cross-site-request-forgery_31.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://iscouncil.blogspot.com/2017/07/cross-site-request-forgery_31.html", + "refsource": "MISC", + "url": "https://iscouncil.blogspot.com/2017/07/cross-site-request-forgery_31.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11690.json b/2017/11xxx/CVE-2017-11690.json index 598ec805718..b38007328d5 100644 --- a/2017/11xxx/CVE-2017-11690.json +++ b/2017/11xxx/CVE-2017-11690.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11690", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11690", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14159.json b/2017/14xxx/CVE-2017-14159.json index 45e2c005860..2dd41071942 100644 --- a/2017/14xxx/CVE-2017-14159.json +++ b/2017/14xxx/CVE-2017-14159.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openldap.org/its/index.cgi?findid=8703", - "refsource" : "MISC", - "url" : "http://www.openldap.org/its/index.cgi?findid=8703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.openldap.org/its/index.cgi?findid=8703", + "refsource": "MISC", + "url": "http://www.openldap.org/its/index.cgi?findid=8703" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14301.json b/2017/14xxx/CVE-2017-14301.json index 11a08aa08a1..f54ac4ef0a2 100644 --- a/2017/14xxx/CVE-2017-14301.json +++ b/2017/14xxx/CVE-2017-14301.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to \"Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d3.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14301", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14301" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to \"Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d3.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14301", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14301" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14445.json b/2017/14xxx/CVE-2017-14445.json index 86baa7b75fa..2aa307a4c36 100644 --- a/2017/14xxx/CVE-2017-14445.json +++ b/2017/14xxx/CVE-2017-14445.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2017-14445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Insteon", - "version" : { - "version_data" : [ - { - "version_value" : "Insteon Hub 2245-222 - Firmware version 1012" - } - ] - } - } - ] - }, - "vendor_name" : "Insteon" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2017-14445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Insteon", + "version": { + "version_data": [ + { + "version_value": "Insteon Hub 2245-222 - Firmware version 1012" + } + ] + } + } + ] + }, + "vendor_name": "Insteon" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0494", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0494", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0494" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14526.json b/2017/14xxx/CVE-2017-14526.json index ec85a3096e6..d3d03db6cae 100644 --- a/2017/14xxx/CVE-2017-14526.json +++ b/2017/14xxx/CVE-2017-14526.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170925 OpenText Documentum Administrator and Webtop - XML External Entity Injection", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Sep/58" - }, - { - "name" : "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774", - "refsource" : "CONFIRM", - "url" : "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20170925 OpenText Documentum Administrator and Webtop - XML External Entity Injection", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Sep/58" + }, + { + "name": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774", + "refsource": "CONFIRM", + "url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14959.json b/2017/14xxx/CVE-2017-14959.json index 19ccc775266..15a649dfc40 100644 --- a/2017/14xxx/CVE-2017-14959.json +++ b/2017/14xxx/CVE-2017-14959.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14959", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14959", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15040.json b/2017/15xxx/CVE-2017-15040.json index 62f58181a90..e66f4e2aa9c 100644 --- a/2017/15xxx/CVE-2017-15040.json +++ b/2017/15xxx/CVE-2017-15040.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15040", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15040", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15055.json b/2017/15xxx/CVE-2017-15055.json index a7648ba2ad1..6b0a53dfc13 100644 --- a/2017/15xxx/CVE-2017-15055.json +++ b/2017/15xxx/CVE-2017-15055.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15055", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the file attachments of an arbitrary item, copy the password of an arbitrary item to the copy/paste buffer, access the history of an arbitrary item, and edit attributes of an arbitrary directory. To exploit the vulnerability, an authenticated attacker must tamper with the requests sent directly, for example by changing the \"item_id\" parameter when invoking \"copy_item\" on items.queries.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15055", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.amossys.fr/teampass-multiple-cve-01.html", - "refsource" : "MISC", - "url" : "http://blog.amossys.fr/teampass-multiple-cve-01.html" - }, - { - "name" : "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f", - "refsource" : "MISC", - "url" : "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the file attachments of an arbitrary item, copy the password of an arbitrary item to the copy/paste buffer, access the history of an arbitrary item, and edit attributes of an arbitrary directory. To exploit the vulnerability, an authenticated attacker must tamper with the requests sent directly, for example by changing the \"item_id\" parameter when invoking \"copy_item\" on items.queries.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.amossys.fr/teampass-multiple-cve-01.html", + "refsource": "MISC", + "url": "http://blog.amossys.fr/teampass-multiple-cve-01.html" + }, + { + "name": "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f", + "refsource": "MISC", + "url": "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15116.json b/2017/15xxx/CVE-2017-15116.json index 188986ad5bf..b41d930bb99 100644 --- a/2017/15xxx/CVE-2017-15116.json +++ b/2017/15xxx/CVE-2017-15116.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2017-15116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Linux kernel", - "version" : { - "version_data" : [ - { - "version_value" : "Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "null pointer dereference" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-15116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Linux kernel", + "version": { + "version_data": [ + { + "version_value": "Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1485815", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1485815" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1514609", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1514609" - }, - { - "name" : "https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6" - }, - { - "name" : "RHSA-2018:0676", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0676" - }, - { - "name" : "RHSA-2018:1062", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1062" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "null pointer dereference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1485815", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1485815" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1514609", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1514609" + }, + { + "name": "RHSA-2018:1062", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1062" + }, + { + "name": "RHSA-2018:0676", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0676" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6" + }, + { + "name": "https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15195.json b/2017/15xxx/CVE-2017-15195.json index 04a9c5906cb..a101582bd39 100644 --- a/2017/15xxx/CVE-2017-15195.json +++ b/2017/15xxx/CVE-2017-15195.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15195", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15195", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/10/04/9", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/10/04/9" - }, - { - "name" : "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0", - "refsource" : "MISC", - "url" : "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0" - }, - { - "name" : "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524", - "refsource" : "MISC", - "url" : "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524" - }, - { - "name" : "https://kanboard.net/news/version-1.0.47", - "refsource" : "MISC", - "url" : "https://kanboard.net/news/version-1.0.47" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0", + "refsource": "MISC", + "url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/10/04/9", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/10/04/9" + }, + { + "name": "https://kanboard.net/news/version-1.0.47", + "refsource": "MISC", + "url": "https://kanboard.net/news/version-1.0.47" + }, + { + "name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524", + "refsource": "MISC", + "url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15246.json b/2017/15xxx/CVE-2017-15246.json index bc843508a8c..f33c8c33883 100644 --- a/2017/15xxx/CVE-2017-15246.json +++ b/2017/15xxx/CVE-2017-15246.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a \"Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x000000000001515b.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15246", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15246" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a \"Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x000000000001515b.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15246", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15246" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8660.json b/2017/8xxx/CVE-2017-8660.json index e924207a817..fc315b2054a 100644 --- a/2017/8xxx/CVE-2017-8660.json +++ b/2017/8xxx/CVE-2017-8660.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-09-12T00:00:00", - "ID" : "CVE-2017-8660", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8649, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-09-12T00:00:00", + "ID": "CVE-2017-8660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8660", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8660" - }, - { - "name" : "100757", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100757" - }, - { - "name" : "1039342", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8649, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8660", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8660" + }, + { + "name": "1039342", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039342" + }, + { + "name": "100757", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100757" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8963.json b/2017/8xxx/CVE-2017-8963.json index aad977e051b..2053f6c1565 100644 --- a/2017/8xxx/CVE-2017-8963.json +++ b/2017/8xxx/CVE-2017-8963.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-10-27T00:00:00", - "ID" : "CVE-2017-8963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (iMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "7.3 E0504P2" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Deserialization of Untrusted Data" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-10-27T00:00:00", + "ID": "CVE-2017-8963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (iMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "7.3 E0504P2" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03787en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03787en_us" - }, - { - "name" : "1039684", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039684" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03787en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03787en_us" + }, + { + "name": "1039684", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039684" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12046.json b/2018/12xxx/CVE-2018-12046.json index 0157710058b..63beb71504a 100644 --- a/2018/12xxx/CVE-2018-12046.json +++ b/2018/12xxx/CVE-2018-12046.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12046", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12046", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/SukaraLin/php_code_audit_project/blob/master/dedecms/dedecms%20v5.7%20sp2%20%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1.md", - "refsource" : "MISC", - "url" : "https://github.com/SukaraLin/php_code_audit_project/blob/master/dedecms/dedecms%20v5.7%20sp2%20%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/SukaraLin/php_code_audit_project/blob/master/dedecms/dedecms%20v5.7%20sp2%20%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1.md", + "refsource": "MISC", + "url": "https://github.com/SukaraLin/php_code_audit_project/blob/master/dedecms/dedecms%20v5.7%20sp2%20%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12051.json b/2018/12xxx/CVE-2018-12051.json index 5c3baa3a91d..d5c1e38a81f 100644 --- a/2018/12xxx/CVE-2018-12051.json +++ b/2018/12xxx/CVE-2018-12051.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/unh3x/just4cve/issues/5", - "refsource" : "MISC", - "url" : "https://github.com/unh3x/just4cve/issues/5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/unh3x/just4cve/issues/5", + "refsource": "MISC", + "url": "https://github.com/unh3x/just4cve/issues/5" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12274.json b/2018/12xxx/CVE-2018-12274.json index 7cf405075b9..6cffea8fd68 100644 --- a/2018/12xxx/CVE-2018-12274.json +++ b/2018/12xxx/CVE-2018-12274.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12274", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12274", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12838.json b/2018/12xxx/CVE-2018-12838.json index de0c9161a2a..3d2ebfd236c 100644 --- a/2018/12xxx/CVE-2018-12838.json +++ b/2018/12xxx/CVE-2018-12838.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a stack overflow vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stack Overflow " - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105444", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105444" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a stack overflow vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack Overflow " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "105444", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105444" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13071.json b/2018/13xxx/CVE-2018-13071.json index e236f07d7a3..f18f6be0615 100644 --- a/2018/13xxx/CVE-2018-13071.json +++ b/2018/13xxx/CVE-2018-13071.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/VenusADLab/EtherTokens/blob/master/CCindexToken/CCindexToken.md", - "refsource" : "MISC", - "url" : "https://github.com/VenusADLab/EtherTokens/blob/master/CCindexToken/CCindexToken.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/VenusADLab/EtherTokens/blob/master/CCindexToken/CCindexToken.md", + "refsource": "MISC", + "url": "https://github.com/VenusADLab/EtherTokens/blob/master/CCindexToken/CCindexToken.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13172.json b/2018/13xxx/CVE-2018-13172.json index e64df799015..f9fd9cfd7c6 100644 --- a/2018/13xxx/CVE-2018-13172.json +++ b/2018/13xxx/CVE-2018-13172.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for bzxcoin (BZX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/bzxcoin", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/bzxcoin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for bzxcoin (BZX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/bzxcoin", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/bzxcoin" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13521.json b/2018/13xxx/CVE-2018-13521.json index efba2765c8d..154b504fa18 100644 --- a/2018/13xxx/CVE-2018-13521.json +++ b/2018/13xxx/CVE-2018-13521.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for PinkyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PinkyToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PinkyToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for PinkyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PinkyToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PinkyToken" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13687.json b/2018/13xxx/CVE-2018-13687.json index daf1d20d0e3..bf3512d0392 100644 --- a/2018/13xxx/CVE-2018-13687.json +++ b/2018/13xxx/CVE-2018-13687.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13687", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for normikaivo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13687", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/normikaivo", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/normikaivo" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for normikaivo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/normikaivo", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/normikaivo" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16058.json b/2018/16xxx/CVE-2018-16058.json index e1bda3036bb..eac20171ef2 100644 --- a/2018/16xxx/CVE-2018-16058.json +++ b/2018/16xxx/CVE-2018-16058.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14884", - "refsource" : "MISC", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14884" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c48d6a6d60c5c9111838a945966b6cb8750777be", - "refsource" : "MISC", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c48d6a6d60c5c9111838a945966b6cb8750777be" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2018-44.html", - "refsource" : "MISC", - "url" : "https://www.wireshark.org/security/wnpa-sec-2018-44.html" - }, - { - "name" : "DSA-4315", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4315" - }, - { - "name" : "105174", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105174" - }, - { - "name" : "1041609", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041609" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4315", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4315" + }, + { + "name": "105174", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105174" + }, + { + "name": "1041609", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041609" + }, + { + "name": "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c48d6a6d60c5c9111838a945966b6cb8750777be", + "refsource": "MISC", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c48d6a6d60c5c9111838a945966b6cb8750777be" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2018-44.html", + "refsource": "MISC", + "url": "https://www.wireshark.org/security/wnpa-sec-2018-44.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14884", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14884" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16285.json b/2018/16xxx/CVE-2018-16285.json index ad29ac7b0a8..9d6f9d08b21 100644 --- a/2018/16xxx/CVE-2018-16285.json +++ b/2018/16xxx/CVE-2018-16285.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://risataim.blogspot.com/2018/09/xss-en-plugin-userpro-de-wordpress.html", - "refsource" : "MISC", - "url" : "https://risataim.blogspot.com/2018/09/xss-en-plugin-userpro-de-wordpress.html" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/9124", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/9124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpvulndb.com/vulnerabilities/9124", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/9124" + }, + { + "name": "https://risataim.blogspot.com/2018/09/xss-en-plugin-userpro-de-wordpress.html", + "refsource": "MISC", + "url": "https://risataim.blogspot.com/2018/09/xss-en-plugin-userpro-de-wordpress.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16714.json b/2018/16xxx/CVE-2018-16714.json index 433aba46e9a..80a49849467 100644 --- a/2018/16xxx/CVE-2018-16714.json +++ b/2018/16xxx/CVE-2018-16714.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16714", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16714", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17568.json b/2018/17xxx/CVE-2018-17568.json index 445e1ee9ef1..05757fd9c8f 100644 --- a/2018/17xxx/CVE-2018-17568.json +++ b/2018/17xxx/CVE-2018-17568.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/viabtc/viabtc_exchange_server/commit/4a7c27bfe98f409623d4d857894d017ff0672cc9#diff-0c23effa84a7b85053bac7981a8580c8", - "refsource" : "MISC", - "url" : "https://github.com/viabtc/viabtc_exchange_server/commit/4a7c27bfe98f409623d4d857894d017ff0672cc9#diff-0c23effa84a7b85053bac7981a8580c8" - }, - { - "name" : "https://github.com/viabtc/viabtc_exchange_server/pull/131", - "refsource" : "MISC", - "url" : "https://github.com/viabtc/viabtc_exchange_server/pull/131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/viabtc/viabtc_exchange_server/pull/131", + "refsource": "MISC", + "url": "https://github.com/viabtc/viabtc_exchange_server/pull/131" + }, + { + "name": "https://github.com/viabtc/viabtc_exchange_server/commit/4a7c27bfe98f409623d4d857894d017ff0672cc9#diff-0c23effa84a7b85053bac7981a8580c8", + "refsource": "MISC", + "url": "https://github.com/viabtc/viabtc_exchange_server/commit/4a7c27bfe98f409623d4d857894d017ff0672cc9#diff-0c23effa84a7b85053bac7981a8580c8" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4387.json b/2018/4xxx/CVE-2018-4387.json index 1cb75c9378e..e0dd27b117b 100644 --- a/2018/4xxx/CVE-2018-4387.json +++ b/2018/4xxx/CVE-2018-4387.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4387", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4387", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4443.json b/2018/4xxx/CVE-2018-4443.json index 9529f05ca08..f8d2247f413 100644 --- a/2018/4xxx/CVE-2018-4443.json +++ b/2018/4xxx/CVE-2018-4443.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4443", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4443", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4560.json b/2018/4xxx/CVE-2018-4560.json index 14ba64201ee..9083f07876e 100644 --- a/2018/4xxx/CVE-2018-4560.json +++ b/2018/4xxx/CVE-2018-4560.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4560", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4560", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7422.json b/2019/7xxx/CVE-2019-7422.json index 7cf44496cff..b8974561d81 100644 --- a/2019/7xxx/CVE-2019-7422.json +++ b/2019/7xxx/CVE-2019-7422.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7422", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone \"/netflow/jspui/addMailSettings.jsp\" file in the gF parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html" + }, + { + "url": "https://www.manageengine.com/products/netflow/?doc", + "refsource": "MISC", + "name": "https://www.manageengine.com/products/netflow/?doc" + }, + { + "refsource": "FULLDISC", + "name": "20190206 [CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427] Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone", + "url": "http://seclists.org/fulldisclosure/2019/Feb/29" } ] }