diff --git a/2004/0xxx/CVE-2004-0403.json b/2004/0xxx/CVE-2004-0403.json index 17636137a2a..98d8faeb39d 100644 --- a/2004/0xxx/CVE-2004-0403.json +++ b/2004/0xxx/CVE-2004-0403.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html", - "refsource" : "CONFIRM", - "url" : "http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html" - }, - { - "name" : "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180&r2=1.181", - "refsource" : "CONFIRM", - "url" : "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180&r2=1.181" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=232288", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=232288" - }, - { - "name" : "APPLE-SA-2004-05-03", - "refsource" : "APPLE", - "url" : "http://marc.info/?l=bugtraq&m=108369640424244&w=2" - }, - { - "name" : "GLSA-200404-17", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200404-17.xml" - }, - { - "name" : "MDKSA-2004:069", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069" - }, - { - "name" : "RHSA-2004:165", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-165.html" - }, - { - "name" : "SCOSA-2005.10", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt" - }, - { - "name" : "20040506-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040506-01-U.asc" - }, - { - "name" : "10172", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10172" - }, - { - "name" : "5491", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5491" - }, - { - "name" : "oval:org.mitre.oval:def:984", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A984" - }, - { - "name" : "oval:org.mitre.oval:def:11220", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11220" - }, - { - "name" : "1009937", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009937" - }, - { - "name" : "11410", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11410" - }, - { - "name" : "11877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11877" - }, - { - "name" : "racoon-isakmp-dos(15893)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2004:069", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:069" + }, + { + "name": "oval:org.mitre.oval:def:984", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A984" + }, + { + "name": "1009937", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009937" + }, + { + "name": "http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html", + "refsource": "CONFIRM", + "url": "http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html" + }, + { + "name": "20040506-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040506-01-U.asc" + }, + { + "name": "racoon-isakmp-dos(15893)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15893" + }, + { + "name": "oval:org.mitre.oval:def:11220", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11220" + }, + { + "name": "APPLE-SA-2004-05-03", + "refsource": "APPLE", + "url": "http://marc.info/?l=bugtraq&m=108369640424244&w=2" + }, + { + "name": "11877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11877" + }, + { + "name": "SCOSA-2005.10", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt" + }, + { + "name": "10172", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10172" + }, + { + "name": "11410", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11410" + }, + { + "name": "GLSA-200404-17", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200404-17.xml" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=232288", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=232288" + }, + { + "name": "5491", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5491" + }, + { + "name": "RHSA-2004:165", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-165.html" + }, + { + "name": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180&r2=1.181", + "refsource": "CONFIRM", + "url": "http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180&r2=1.181" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0572.json b/2004/0xxx/CVE-2004-0572.json index 51866ba4931..83e03526a5d 100644 --- a/2004/0xxx/CVE-2004-0572.json +++ b/2004/0xxx/CVE-2004-0572.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040707 Re: shell:windows command question", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0290.html" - }, - { - "name" : "MS04-037", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-037" - }, - { - "name" : "VU#543864", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/543864" - }, - { - "name" : "10677", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10677" - }, - { - "name" : "oval:org.mitre.oval:def:1279", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1279" - }, - { - "name" : "oval:org.mitre.oval:def:1837", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1837" - }, - { - "name" : "oval:org.mitre.oval:def:1843", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1843" - }, - { - "name" : "oval:org.mitre.oval:def:2753", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2753" - }, - { - "name" : "oval:org.mitre.oval:def:3071", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3071" - }, - { - "name" : "oval:org.mitre.oval:def:3768", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3768" - }, - { - "name" : "oval:org.mitre.oval:def:3822", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3822" - }, - { - "name" : "oval:org.mitre.oval:def:4244", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4244" - }, - { - "name" : "oval:org.mitre.oval:def:4493", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4493" - }, - { - "name" : "win-grpconv-bo(16664)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16664" - }, - { - "name" : "win-ms04037-patch(17662)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17662" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Windows Program Group Converter (grpconv.exe) may allow remote attackers to execute arbitrary code via a shell: URL with a long filename and a .grp extension, which is not properly handled when the shell capability launches grpconv.exe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:1837", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1837" + }, + { + "name": "oval:org.mitre.oval:def:4493", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4493" + }, + { + "name": "20040707 Re: shell:windows command question", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0290.html" + }, + { + "name": "oval:org.mitre.oval:def:3822", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3822" + }, + { + "name": "oval:org.mitre.oval:def:4244", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4244" + }, + { + "name": "win-ms04037-patch(17662)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17662" + }, + { + "name": "oval:org.mitre.oval:def:2753", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2753" + }, + { + "name": "oval:org.mitre.oval:def:3071", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3071" + }, + { + "name": "VU#543864", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/543864" + }, + { + "name": "oval:org.mitre.oval:def:1843", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1843" + }, + { + "name": "oval:org.mitre.oval:def:3768", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3768" + }, + { + "name": "10677", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10677" + }, + { + "name": "oval:org.mitre.oval:def:1279", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1279" + }, + { + "name": "MS04-037", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-037" + }, + { + "name": "win-grpconv-bo(16664)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16664" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0611.json b/2004/0xxx/CVE-2004-0611.json index 4ff3435ac44..e073bf5ac61 100644 --- a/2004/0xxx/CVE-2004-0611.json +++ b/2004/0xxx/CVE-2004-0611.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040621 NETGEAR FVS318 Web-Based Administration DoS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108787199201059&w=2" - }, - { - "name" : "netgear-fvs318-dos(16462)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16462" - }, - { - "name" : "10585", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10585" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040621 NETGEAR FVS318 Web-Based Administration DoS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108787199201059&w=2" + }, + { + "name": "10585", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10585" + }, + { + "name": "netgear-fvs318-dos(16462)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16462" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0651.json b/2004/0xxx/CVE-2004-0651.json index a960f2acea1..5f4d8569ada 100644 --- a/2004/0xxx/CVE-2004-0651.json +++ b/2004/0xxx/CVE-2004-0651.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0651", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 through 1.4.2_03 allows remote attackers to cause a denial of service (virtual machine hang)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "57555", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57555" - }, - { - "name" : "SSRT4749", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/advisories/6773" - }, - { - "name" : "HPSBUX01044", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=108559041910233&w=2" - }, - { - "name" : "VU#118558", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/118558" - }, - { - "name" : "10301", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10301" - }, - { - "name" : "sun-java-dos(16085)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 through 1.4.2_03 allows remote attackers to cause a denial of service (virtual machine hang)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10301", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10301" + }, + { + "name": "57555", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57555" + }, + { + "name": "HPSBUX01044", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=108559041910233&w=2" + }, + { + "name": "VU#118558", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/118558" + }, + { + "name": "sun-java-dos(16085)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16085" + }, + { + "name": "SSRT4749", + "refsource": "HP", + "url": "http://www.securityfocus.com/advisories/6773" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1800.json b/2004/1xxx/CVE-2004-1800.json index 119992ce281..34fc10256d0 100644 --- a/2004/1xxx/CVE-2004-1800.json +++ b/2004/1xxx/CVE-2004-1800.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly earlier versions allows remote attackers to gain access via a crafted URL and a certain cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sysbotz.com/press/sdupdate402.htm", - "refsource" : "CONFIRM", - "url" : "http://www.sysbotz.com/press/sdupdate402.htm" - }, - { - "name" : "9380", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9380" - }, - { - "name" : "1008695", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008695" - }, - { - "name" : "10595", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10595" - }, - { - "name" : "simpledata-gain-unauth-access(14206)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly earlier versions allows remote attackers to gain access via a crafted URL and a certain cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1008695", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008695" + }, + { + "name": "simpledata-gain-unauth-access(14206)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14206" + }, + { + "name": "http://www.sysbotz.com/press/sdupdate402.htm", + "refsource": "CONFIRM", + "url": "http://www.sysbotz.com/press/sdupdate402.htm" + }, + { + "name": "9380", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9380" + }, + { + "name": "10595", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10595" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1853.json b/2004/1xxx/CVE-2004-1853.json index 52f80c3ce10..178b0e5581c 100644 --- a/2004/1xxx/CVE-2004-1853.json +++ b/2004/1xxx/CVE-2004-1853.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote attackers to cause a denial of service via a long ServerInfo variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040323 Broadcast client buffer-overflow in Terminator 3 1.0", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108016076221855&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/t3cbof-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/t3cbof-adv.txt" - }, - { - "name" : "9918", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9918" - }, - { - "name" : "4447", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4447" - }, - { - "name" : "1009498", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009498" - }, - { - "name" : "11182", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11182" - }, - { - "name" : "terminator3-bo(15542)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15542" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote attackers to cause a denial of service via a long ServerInfo variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9918", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9918" + }, + { + "name": "20040323 Broadcast client buffer-overflow in Terminator 3 1.0", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108016076221855&w=2" + }, + { + "name": "http://aluigi.altervista.org/adv/t3cbof-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/t3cbof-adv.txt" + }, + { + "name": "1009498", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009498" + }, + { + "name": "4447", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4447" + }, + { + "name": "11182", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11182" + }, + { + "name": "terminator3-bo(15542)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15542" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1999.json b/2004/1xxx/CVE-2004-1999.json index 6db7cd00175..530833d7e35 100644 --- a/2004/1xxx/CVE-2004-1999.json +++ b/2004/1xxx/CVE-2004-1999.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040505 [waraxe-2004-SA#027 - Once again - critical vulnerabilities in PhpNuke 6.x - 7.2]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108378804809891&w=2" - }, - { - "name" : "http://www.waraxe.us/index.php?modname=sa&id=27", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/index.php?modname=sa&id=27" - }, - { - "name" : "11553", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11553" - }, - { - "name" : "phpnuke-ttitle-sid-xss(16073)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpnuke-ttitle-sid-xss(16073)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16073" + }, + { + "name": "http://www.waraxe.us/index.php?modname=sa&id=27", + "refsource": "MISC", + "url": "http://www.waraxe.us/index.php?modname=sa&id=27" + }, + { + "name": "11553", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11553" + }, + { + "name": "20040505 [waraxe-2004-SA#027 - Once again - critical vulnerabilities in PhpNuke 6.x - 7.2]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108378804809891&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2086.json b/2008/2xxx/CVE-2008-2086.json index 653a0f0c5d2..c131fe0ffda 100644 --- a/2008/2xxx/CVE-2008-2086.json +++ b/2008/2xxx/CVE-2008-2086.json @@ -1,252 +1,252 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka \"Java Web Start File Inclusion\" and CR 6694892." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081204 CVE-2008-2086: Java Web Start File Inclusion via System PropertiesOverride", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498907/100/0/threaded" - }, - { - "name" : "http://www.vsecurity.com/bulletins/advisories/2008/JWS-props.txt", - "refsource" : "MISC", - "url" : "http://www.vsecurity.com/bulletins/advisories/2008/JWS-props.txt" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm" - }, - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=" - }, - { - "name" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf", - "refsource" : "CONFIRM", - "url" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf" - }, - { - "name" : "APPLE-SA-2009-02-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "HPSBUX02411", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=123678756409861&w=2" - }, - { - "name" : "SSRT080111", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=123678756409861&w=2" - }, - { - "name" : "HPSBMA02486", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126583436323697&w=2" - }, - { - "name" : "SSRT090049", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=126583436323697&w=2" - }, - { - "name" : "RHSA-2008:1018", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-1018.html" - }, - { - "name" : "RHSA-2008:1025", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-1025.html" - }, - { - "name" : "RHSA-2009:0015", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0015.html" - }, - { - "name" : "RHSA-2009:0016", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0016.html" - }, - { - "name" : "RHSA-2009:0445", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0445.html" - }, - { - "name" : "244988", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1" - }, - { - "name" : "SUSE-SA:2009:007", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html" - }, - { - "name" : "SUSE-SA:2009:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html" - }, - { - "name" : "SUSE-SR:2009:010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" - }, - { - "name" : "TA08-340A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-340A.html" - }, - { - "name" : "32620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32620" - }, - { - "name" : "50510", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50510" - }, - { - "name" : "oval:org.mitre.oval:def:5601", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5601" - }, - { - "name" : "1021318", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021318" - }, - { - "name" : "32991", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32991" - }, - { - "name" : "33015", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33015" - }, - { - "name" : "33710", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33710" - }, - { - "name" : "33528", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33528" - }, - { - "name" : "34233", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34233" - }, - { - "name" : "34605", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34605" - }, - { - "name" : "34889", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34889" - }, - { - "name" : "35065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35065" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "38539", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38539" - }, - { - "name" : "4693", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4693" - }, - { - "name" : "ADV-2009-0424", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0424" - }, - { - "name" : "ADV-2009-0672", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka \"Java Web Start File Inclusion\" and CR 6694892." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT090049", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126583436323697&w=2" + }, + { + "name": "RHSA-2008:1018", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-1018.html" + }, + { + "name": "SUSE-SA:2009:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html" + }, + { + "name": "ADV-2009-0672", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0672" + }, + { + "name": "32620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32620" + }, + { + "name": "4693", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4693" + }, + { + "name": "33015", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33015" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm" + }, + { + "name": "34889", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34889" + }, + { + "name": "34233", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34233" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf", + "refsource": "CONFIRM", + "url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm" + }, + { + "name": "oval:org.mitre.oval:def:5601", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5601" + }, + { + "name": "SUSE-SA:2009:007", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html" + }, + { + "name": "SSRT080111", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=123678756409861&w=2" + }, + { + "name": "38539", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38539" + }, + { + "name": "50510", + "refsource": "OSVDB", + "url": "http://osvdb.org/50510" + }, + { + "name": "35065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35065" + }, + { + "name": "33528", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33528" + }, + { + "name": "http://www.vsecurity.com/bulletins/advisories/2008/JWS-props.txt", + "refsource": "MISC", + "url": "http://www.vsecurity.com/bulletins/advisories/2008/JWS-props.txt" + }, + { + "name": "ADV-2009-0424", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0424" + }, + { + "name": "1021318", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021318" + }, + { + "name": "RHSA-2008:1025", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-1025.html" + }, + { + "name": "HPSBMA02486", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=126583436323697&w=2" + }, + { + "name": "HPSBUX02411", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=123678756409861&w=2" + }, + { + "name": "RHSA-2009:0445", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0445.html" + }, + { + "name": "RHSA-2009:0016", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0016.html" + }, + { + "name": "20081204 CVE-2008-2086: Java Web Start File Inclusion via System PropertiesOverride", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498907/100/0/threaded" + }, + { + "name": "TA08-340A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-340A.html" + }, + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=" + }, + { + "name": "34605", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34605" + }, + { + "name": "SUSE-SR:2009:010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" + }, + { + "name": "RHSA-2009:0015", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0015.html" + }, + { + "name": "32991", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32991" + }, + { + "name": "APPLE-SA-2009-02-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00003.html" + }, + { + "name": "244988", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + }, + { + "name": "33710", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33710" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2190.json b/2008/2xxx/CVE-2008-2190.json index 23b75dd4937..0f9cf7c5a7b 100644 --- a/2008/2xxx/CVE-2008-2190.json +++ b/2008/2xxx/CVE-2008-2190.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Online Rent (aka Online Rental Property Script) 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. NOTE: it was later reported that 5.0 and earlier are also affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080505 [ECHO_ADV_91$2008] Online Rental Property Script <= 4.5 (pid) Blind Sql Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491607/100/0/threaded" - }, - { - "name" : "20080508 Re: [ECHO_ADV_91$2008] Online Rental Property Script <= 4.5 (pid) Blind Sql Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491816/100/0/threaded" - }, - { - "name" : "5542", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5542" - }, - { - "name" : "8711", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8711" - }, - { - "name" : "http://advisories.echo.or.id/adv/adv91-K-159-2008.txt", - "refsource" : "MISC", - "url" : "http://advisories.echo.or.id/adv/adv91-K-159-2008.txt" - }, - { - "name" : "29052", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29052" - }, - { - "name" : "35005", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35005" - }, - { - "name" : "30090", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30090" - }, - { - "name" : "35147", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35147" - }, - { - "name" : "3875", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3875" - }, - { - "name" : "ADV-2009-1366", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1366" - }, - { - "name" : "onlinerental-index-sql-injection(42191)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Online Rent (aka Online Rental Property Script) 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. NOTE: it was later reported that 5.0 and earlier are also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8711", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8711" + }, + { + "name": "30090", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30090" + }, + { + "name": "29052", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29052" + }, + { + "name": "35147", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35147" + }, + { + "name": "onlinerental-index-sql-injection(42191)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42191" + }, + { + "name": "ADV-2009-1366", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1366" + }, + { + "name": "20080508 Re: [ECHO_ADV_91$2008] Online Rental Property Script <= 4.5 (pid) Blind Sql Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491816/100/0/threaded" + }, + { + "name": "35005", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35005" + }, + { + "name": "5542", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5542" + }, + { + "name": "20080505 [ECHO_ADV_91$2008] Online Rental Property Script <= 4.5 (pid) Blind Sql Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491607/100/0/threaded" + }, + { + "name": "http://advisories.echo.or.id/adv/adv91-K-159-2008.txt", + "refsource": "MISC", + "url": "http://advisories.echo.or.id/adv/adv91-K-159-2008.txt" + }, + { + "name": "3875", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3875" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3489.json b/2008/3xxx/CVE-2008-3489.json index dc70e8c6258..7cba5ae538a 100644 --- a/2008/3xxx/CVE-2008-3489.json +++ b/2008/3xxx/CVE-2008-3489.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in checkCookie function in includes/functions.inc.php in PHPX 3.5.16 allows remote attackers to execute arbitrary SQL commands via a PXL cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6176", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6176" - }, - { - "name" : "30478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30478" - }, - { - "name" : "4112", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4112" - }, - { - "name" : "phpx-pxl-sql-injection(44240)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44240" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in checkCookie function in includes/functions.inc.php in PHPX 3.5.16 allows remote attackers to execute arbitrary SQL commands via a PXL cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpx-pxl-sql-injection(44240)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44240" + }, + { + "name": "30478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30478" + }, + { + "name": "4112", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4112" + }, + { + "name": "6176", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6176" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3508.json b/2008/3xxx/CVE-2008-3508.json index acd4f772e33..fc54bfea62f 100644 --- a/2008/3xxx/CVE-2008-3508.json +++ b/2008/3xxx/CVE-2008-3508.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6206", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6206" - }, - { - "name" : "30555", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30555" - }, - { - "name" : "litenews-cookie-auth-bypass(44231)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6206", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6206" + }, + { + "name": "litenews-cookie-auth-bypass(44231)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44231" + }, + { + "name": "30555", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30555" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3604.json b/2008/3xxx/CVE-2008-3604.json index f06583f42f2..27c32e45017 100644 --- a/2008/3xxx/CVE-2008-3604.json +++ b/2008/3xxx/CVE-2008-3604.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6230", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6230" - }, - { - "name" : "30628", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30628" - }, - { - "name" : "31413", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31413" - }, - { - "name" : "4145", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4145" - }, - { - "name" : "zeebuddy-bannerclick-sql-injection(44362)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44362" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30628", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30628" + }, + { + "name": "zeebuddy-bannerclick-sql-injection(44362)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44362" + }, + { + "name": "6230", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6230" + }, + { + "name": "31413", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31413" + }, + { + "name": "4145", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4145" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3659.json b/2008/3xxx/CVE-2008-3659.json index 24b74283f00..afb4fcf02ce 100644 --- a/2008/3xxx/CVE-2008-3659.json +++ b/2008/3xxx/CVE-2008-3659.json @@ -1,232 +1,232 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3659", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/501376/100/0/threaded" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=234102", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=234102" - }, - { - "name" : "http://news.php.net/php.cvs/52002", - "refsource" : "CONFIRM", - "url" : "http://news.php.net/php.cvs/52002" - }, - { - "name" : "http://www.php.net/archive/2008.php#id2008-08-07-1", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/archive/2008.php#id2008-08-07-1" - }, - { - "name" : "[oss-security] 20080808 CVE request: php-5.2.6 overflow issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/08/08/2" - }, - { - "name" : "[oss-security] 20080808 Re: CVE request: php-5.2.6 overflow issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/08/08/3" - }, - { - "name" : "[oss-security] 20080808 Re: CVE request: php-5.2.6 overflow issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/08/08/4" - }, - { - "name" : "[oss-security] 20080813 Re: CVE request: php-5.2.6 overflow issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/08/13/8" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0035", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0035" - }, - { - "name" : "http://support.apple.com/kb/HT3549", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3549" - }, - { - "name" : "APPLE-SA-2009-05-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" - }, - { - "name" : "DSA-1647", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1647" - }, - { - "name" : "GLSA-200811-05", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200811-05.xml" - }, - { - "name" : "HPSBUX02431", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124654546101607&w=2" - }, - { - "name" : "SSRT090085", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124654546101607&w=2" - }, - { - "name" : "HPSBUX02465", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=125631037611762&w=2" - }, - { - "name" : "SSRT090192", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=125631037611762&w=2" - }, - { - "name" : "MDVSA-2009:021", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:021" - }, - { - "name" : "MDVSA-2009:022", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022" - }, - { - "name" : "MDVSA-2009:023", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023" - }, - { - "name" : "MDVSA-2009:024", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:024" - }, - { - "name" : "SUSE-SR:2008:018", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html" - }, - { - "name" : "SUSE-SR:2008:021", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html" - }, - { - "name" : "TA09-133A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" - }, - { - "name" : "47483", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/47483" - }, - { - "name" : "1020995", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020995" - }, - { - "name" : "32148", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32148" - }, - { - "name" : "32316", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32316" - }, - { - "name" : "31982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31982" - }, - { - "name" : "35074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35074" - }, - { - "name" : "35650", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35650" - }, - { - "name" : "32746", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32746" - }, - { - "name" : "ADV-2008-2336", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2336" - }, - { - "name" : "ADV-2009-1297", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1297" - }, - { - "name" : "php-memnstr-bo(44405)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44405" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020995", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020995" + }, + { + "name": "32746", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32746" + }, + { + "name": "HPSBUX02465", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2" + }, + { + "name": "http://support.apple.com/kb/HT3549", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3549" + }, + { + "name": "GLSA-200811-05", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200811-05.xml" + }, + { + "name": "SSRT090085", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2" + }, + { + "name": "31982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31982" + }, + { + "name": "20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/501376/100/0/threaded" + }, + { + "name": "MDVSA-2009:024", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:024" + }, + { + "name": "47483", + "refsource": "OSVDB", + "url": "http://osvdb.org/47483" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0035", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0035" + }, + { + "name": "35074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35074" + }, + { + "name": "SSRT090192", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2" + }, + { + "name": "32148", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32148" + }, + { + "name": "APPLE-SA-2009-05-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" + }, + { + "name": "[oss-security] 20080808 CVE request: php-5.2.6 overflow issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/08/08/2" + }, + { + "name": "SUSE-SR:2008:018", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html" + }, + { + "name": "SUSE-SR:2008:021", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html" + }, + { + "name": "MDVSA-2009:023", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023" + }, + { + "name": "MDVSA-2009:022", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022" + }, + { + "name": "php-memnstr-bo(44405)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44405" + }, + { + "name": "TA09-133A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" + }, + { + "name": "[oss-security] 20080813 Re: CVE request: php-5.2.6 overflow issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/08/13/8" + }, + { + "name": "ADV-2009-1297", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1297" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=234102", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=234102" + }, + { + "name": "MDVSA-2009:021", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:021" + }, + { + "name": "HPSBUX02431", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2" + }, + { + "name": "[oss-security] 20080808 Re: CVE request: php-5.2.6 overflow issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/08/08/4" + }, + { + "name": "DSA-1647", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1647" + }, + { + "name": "ADV-2008-2336", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2336" + }, + { + "name": "[oss-security] 20080808 Re: CVE request: php-5.2.6 overflow issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/08/08/3" + }, + { + "name": "http://www.php.net/archive/2008.php#id2008-08-07-1", + "refsource": "CONFIRM", + "url": "http://www.php.net/archive/2008.php#id2008-08-07-1" + }, + { + "name": "http://news.php.net/php.cvs/52002", + "refsource": "CONFIRM", + "url": "http://news.php.net/php.cvs/52002" + }, + { + "name": "35650", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35650" + }, + { + "name": "32316", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32316" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3843.json b/2008/3xxx/CVE-2008-3843.json index 3aaaa0ca9ca..7e4e21ebc2a 100644 --- a/2008/3xxx/CVE-2008-3843.json +++ b/2008/3xxx/CVE-2008-3843.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a \"<~/\" (less-than tilde slash) sequence followed by a crafted STYLE element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080821 PR08-20: Bypassing ASP .NET \"ValidateRequest\" for Script Injection Attacks", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495667/100/0/threaded" - }, - { - "name" : "20080908 Re: [WEB SECURITY] PR08-20: Bypassing ASP .NET \"ValidateRequest\" for Script Injection Attacks", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496071/100/0/threaded" - }, - { - "name" : "http://www.procheckup.com/PDFs/bypassing-dot-NET-ValidateRequest.pdf", - "refsource" : "MISC", - "url" : "http://www.procheckup.com/PDFs/bypassing-dot-NET-ValidateRequest.pdf" - }, - { - "name" : "http://www.procheckup.com/Vulnerability_PR08-20.php", - "refsource" : "MISC", - "url" : "http://www.procheckup.com/Vulnerability_PR08-20.php" - }, - { - "name" : "4193", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4193" - }, - { - "name" : "asp-validaterequestfilter-xss(44743)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44743" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework with the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a \"<~/\" (less-than tilde slash) sequence followed by a crafted STYLE element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080908 Re: [WEB SECURITY] PR08-20: Bypassing ASP .NET \"ValidateRequest\" for Script Injection Attacks", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496071/100/0/threaded" + }, + { + "name": "asp-validaterequestfilter-xss(44743)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44743" + }, + { + "name": "http://www.procheckup.com/PDFs/bypassing-dot-NET-ValidateRequest.pdf", + "refsource": "MISC", + "url": "http://www.procheckup.com/PDFs/bypassing-dot-NET-ValidateRequest.pdf" + }, + { + "name": "4193", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4193" + }, + { + "name": "20080821 PR08-20: Bypassing ASP .NET \"ValidateRequest\" for Script Injection Attacks", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495667/100/0/threaded" + }, + { + "name": "http://www.procheckup.com/Vulnerability_PR08-20.php", + "refsource": "MISC", + "url": "http://www.procheckup.com/Vulnerability_PR08-20.php" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4351.json b/2008/4xxx/CVE-2008-4351.json index 0e6398b75b1..8f32c54856c 100644 --- a/2008/4xxx/CVE-2008-4351.json +++ b/2008/4xxx/CVE-2008-4351.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in phpSmartCom 0.2 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the p parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6452", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6452" - }, - { - "name" : "31167", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31167" - }, - { - "name" : "phpsmartcom-index-file-include(45125)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in phpSmartCom 0.2 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the p parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpsmartcom-index-file-include(45125)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45125" + }, + { + "name": "6452", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6452" + }, + { + "name": "31167", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31167" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4751.json b/2008/4xxx/CVE-2008-4751.json index 1ef5d1380d8..a03517d4f5a 100644 --- a/2008/4xxx/CVE-2008-4751.json +++ b/2008/4xxx/CVE-2008-4751.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the pg parameter, a different vector than CVE-2005-4597." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081023 iPei cross site scripting Vulnerablity", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497783/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.org/0810-exploits/ipei-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0810-exploits/ipei-xss.txt" - }, - { - "name" : "31911", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31911" - }, - { - "name" : "ADV-2008-2920", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2920" - }, - { - "name" : "32429", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32429" - }, - { - "name" : "4510", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4510" - }, - { - "name" : "ipeiguestbook-pg-xss(46111)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46111" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the pg parameter, a different vector than CVE-2005-4597." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/0810-exploits/ipei-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0810-exploits/ipei-xss.txt" + }, + { + "name": "ipeiguestbook-pg-xss(46111)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46111" + }, + { + "name": "4510", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4510" + }, + { + "name": "20081023 iPei cross site scripting Vulnerablity", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497783/100/0/threaded" + }, + { + "name": "ADV-2008-2920", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2920" + }, + { + "name": "32429", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32429" + }, + { + "name": "31911", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31911" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4833.json b/2008/4xxx/CVE-2008-4833.json index d182badca53..3ab15dadb5d 100644 --- a/2008/4xxx/CVE-2008-4833.json +++ b/2008/4xxx/CVE-2008-4833.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4833", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2008-4833", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6287.json b/2008/6xxx/CVE-2008-6287.json index e93cbe5c974..9227e03171d 100644 --- a/2008/6xxx/CVE-2008-6287.json +++ b/2008/6xxx/CVE-2008-6287.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Broadcast Machine 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) MySQLController.php, (2) SQLController.php, (3) SetupController.php, (4) VideoController.php, and (5) ViewController.php in controllers/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7310", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7310" - }, - { - "name" : "32554", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32554" - }, - { - "name" : "ADV-2008-3289", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3289" - }, - { - "name" : "broadcastmachine-basedir-file-include(46939)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Broadcast Machine 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) MySQLController.php, (2) SQLController.php, (3) SetupController.php, (4) VideoController.php, and (5) ViewController.php in controllers/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32554", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32554" + }, + { + "name": "ADV-2008-3289", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3289" + }, + { + "name": "7310", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7310" + }, + { + "name": "broadcastmachine-basedir-file-include(46939)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46939" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6461.json b/2008/6xxx/CVE-2008-6461.json index f9d0639aaeb..00b3bf8961b 100644 --- a/2008/6xxx/CVE-2008-6461.json +++ b/2008/6xxx/CVE-2008-6461.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension before 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/" - }, - { - "name" : "31264", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31264" - }, - { - "name" : "48280", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/48280" - }, - { - "name" : "steprayer2-unspecified-sql-injection(45264)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension before 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31264", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31264" + }, + { + "name": "48280", + "refsource": "OSVDB", + "url": "http://osvdb.org/48280" + }, + { + "name": "steprayer2-unspecified-sql-injection(45264)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45264" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6466.json b/2008/6xxx/CVE-2008-6466.json index d435297902e..b83307c844a 100644 --- a/2008/6xxx/CVE-2008-6466.json +++ b/2008/6xxx/CVE-2008-6466.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6516", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6516" - }, - { - "name" : "31286", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31286" - }, - { - "name" : "34384", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34384" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34384", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34384" + }, + { + "name": "31286", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31286" + }, + { + "name": "6516", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6516" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6673.json b/2008/6xxx/CVE-2008-6673.json index 807d23af834..f99937f0579 100644 --- a/2008/6xxx/CVE-2008-6673.json +++ b/2008/6xxx/CVE-2008-6673.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6673", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote attackers to (1) change the admin password via the cSaveAdminPW action; (2) modify site information, such as the contact address, via the saveAdmin; and (3) modify the site design via the saveDesign action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.bugreport.ir/39/exploit.htm", - "refsource" : "MISC", - "url" : "http://www.bugreport.ir/39/exploit.htm" - }, - { - "name" : "http://www.bugreport.ir/index_39.htm", - "refsource" : "MISC", - "url" : "http://www.bugreport.ir/index_39.htm" - }, - { - "name" : "29524", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29524" - }, - { - "name" : "30501", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30501" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict access to administrative functionality, which allows remote attackers to (1) change the admin password via the cSaveAdminPW action; (2) modify site information, such as the contact address, via the saveAdmin; and (3) modify the site design via the saveDesign action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.bugreport.ir/39/exploit.htm", + "refsource": "MISC", + "url": "http://www.bugreport.ir/39/exploit.htm" + }, + { + "name": "http://www.bugreport.ir/index_39.htm", + "refsource": "MISC", + "url": "http://www.bugreport.ir/index_39.htm" + }, + { + "name": "30501", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30501" + }, + { + "name": "29524", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29524" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7213.json b/2008/7xxx/CVE-2008-7213.json index b8f683d1db1..27c8b75c764 100644 --- a/2008/7xxx/CVE-2008-7213.json +++ b/2008/7xxx/CVE-2008-7213.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487128/100/200/threaded" - }, - { - "name" : "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html" - }, - { - "name" : "http://www.bugreport.ir/index_33.htm", - "refsource" : "MISC", - "url" : "http://www.bugreport.ir/index_33.htm" - }, - { - "name" : "http://forum.mambo-foundation.org/showthread.php?t=10158", - "refsource" : "CONFIRM", - "url" : "http://forum.mambo-foundation.org/showthread.php?t=10158" - }, - { - "name" : "27470", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27470" - }, - { - "name" : "42530", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42530" - }, - { - "name" : "28670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28670" - }, - { - "name" : "ADV-2008-0325", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0325" - }, - { - "name" : "mambo-mostlyce-connector-xss(39984)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42530", + "refsource": "OSVDB", + "url": "http://osvdb.org/42530" + }, + { + "name": "ADV-2008-0325", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0325" + }, + { + "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html" + }, + { + "name": "mambo-mostlyce-connector-xss(39984)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39984" + }, + { + "name": "27470", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27470" + }, + { + "name": "28670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28670" + }, + { + "name": "http://forum.mambo-foundation.org/showthread.php?t=10158", + "refsource": "CONFIRM", + "url": "http://forum.mambo-foundation.org/showthread.php?t=10158" + }, + { + "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded" + }, + { + "name": "http://www.bugreport.ir/index_33.htm", + "refsource": "MISC", + "url": "http://www.bugreport.ir/index_33.htm" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2600.json b/2013/2xxx/CVE-2013-2600.json index 9db40a43e49..6c8c0a0f4b3 100644 --- a/2013/2xxx/CVE-2013-2600.json +++ b/2013/2xxx/CVE-2013-2600.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2600", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2600", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2640.json b/2013/2xxx/CVE-2013-2640.json index 71ea250c989..2b5c6a57b97 100644 --- a/2013/2xxx/CVE-2013-2640.json +++ b/2013/2xxx/CVE-2013-2640.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2640", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to \"formData=save\" requests, a different version than CVE-2013-0731." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://plugins.trac.wordpress.org/changeset?new=682420", - "refsource" : "MISC", - "url" : "http://plugins.trac.wordpress.org/changeset?new=682420" - }, - { - "name" : "http://wordpress.org/extend/plugins/wp-mailup/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/wp-mailup/changelog/" - }, - { - "name" : "91274", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/91274" - }, - { - "name" : "51917", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to \"formData=save\" requests, a different version than CVE-2013-0731." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://plugins.trac.wordpress.org/changeset?new=682420", + "refsource": "MISC", + "url": "http://plugins.trac.wordpress.org/changeset?new=682420" + }, + { + "name": "51917", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51917" + }, + { + "name": "http://wordpress.org/extend/plugins/wp-mailup/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/wp-mailup/changelog/" + }, + { + "name": "91274", + "refsource": "OSVDB", + "url": "http://osvdb.org/91274" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2711.json b/2013/2xxx/CVE-2013-2711.json index 52a24dd5cda..90387b19a64 100644 --- a/2013/2xxx/CVE-2013-2711.json +++ b/2013/2xxx/CVE-2013-2711.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2711", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2711", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11377.json b/2017/11xxx/CVE-2017-11377.json index 7292dc7b22b..f1942752d07 100644 --- a/2017/11xxx/CVE-2017-11377.json +++ b/2017/11xxx/CVE-2017-11377.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11377", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11377", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11840.json b/2017/11xxx/CVE-2017-11840.json index 7bce16f076f..83759116a0c 100644 --- a/2017/11xxx/CVE-2017-11840.json +++ b/2017/11xxx/CVE-2017-11840.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-11-14T00:00:00", - "ID" : "CVE-2017-11840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ChakraCore, Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-11-14T00:00:00", + "ID": "CVE-2017-11840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore, Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43183", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43183/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11840", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11840" - }, - { - "name" : "101734", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101734" - }, - { - "name" : "1039780", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101734", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101734" + }, + { + "name": "1039780", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039780" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11840", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11840" + }, + { + "name": "43183", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43183/" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11865.json b/2017/11xxx/CVE-2017-11865.json index ca42855fb46..bd8b9c21497 100644 --- a/2017/11xxx/CVE-2017-11865.json +++ b/2017/11xxx/CVE-2017-11865.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11865", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11865", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11965.json b/2017/11xxx/CVE-2017-11965.json index 711d7008216..540430b58eb 100644 --- a/2017/11xxx/CVE-2017-11965.json +++ b/2017/11xxx/CVE-2017-11965.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11965", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11965", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11975.json b/2017/11xxx/CVE-2017-11975.json index 7bca4979aa9..61a9226a783 100644 --- a/2017/11xxx/CVE-2017-11975.json +++ b/2017/11xxx/CVE-2017-11975.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11975", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11975", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14090.json b/2017/14xxx/CVE-2017-14090.json index 9c8f2f1ff7a..86aaaf824fa 100644 --- a/2017/14xxx/CVE-2017-14090.json +++ b/2017/14xxx/CVE-2017-14090.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2017-14090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro ScanMail for Exchange", - "version" : { - "version_data" : [ - { - "version_value" : "12.0" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OTHER - Insecure Communication" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2017-14090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro ScanMail for Exchange", + "version": { + "version_data": [ + { + "version_value": "12.0" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities" - }, - { - "name" : "https://success.trendmicro.com/solution/1118486", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1118486" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OTHER - Insecure Communication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://success.trendmicro.com/solution/1118486", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1118486" + }, + { + "name": "https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14355.json b/2017/14xxx/CVE-2017-14355.json index 8e183a4fe39..574cefb86a1 100644 --- a/2017/14xxx/CVE-2017-14355.json +++ b/2017/14xxx/CVE-2017-14355.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "ID" : "CVE-2017-14355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2017-14355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20171013 [security bulletin] MFSBGN03786 rev.1 - HPE Connected Backup, Local Escalation of Privilege", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2017/Oct/23" - }, - { - "name" : "43857", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43857/" - }, - { - "name" : "https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02987868", - "refsource" : "CONFIRM", - "url" : "https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02987868" - }, - { - "name" : "101270", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02987868", + "refsource": "CONFIRM", + "url": "https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02987868" + }, + { + "name": "43857", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43857/" + }, + { + "name": "101270", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101270" + }, + { + "name": "20171013 [security bulletin] MFSBGN03786 rev.1 - HPE Connected Backup, Local Escalation of Privilege", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2017/Oct/23" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14762.json b/2017/14xxx/CVE-2017-14762.json index 2cabd382972..3a8b7a07521 100644 --- a/2017/14xxx/CVE-2017-14762.json +++ b/2017/14xxx/CVE-2017-14762.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ph0rse.me/2017/09/21/GeniXCMS-1-1-4%E6%9C%80%E6%96%B0%E7%89%88%E6%9C%AC-getshell/", - "refsource" : "MISC", - "url" : "http://ph0rse.me/2017/09/21/GeniXCMS-1-1-4%E6%9C%80%E6%96%B0%E7%89%88%E6%9C%AC-getshell/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ph0rse.me/2017/09/21/GeniXCMS-1-1-4%E6%9C%80%E6%96%B0%E7%89%88%E6%9C%AC-getshell/", + "refsource": "MISC", + "url": "http://ph0rse.me/2017/09/21/GeniXCMS-1-1-4%E6%9C%80%E6%96%B0%E7%89%88%E6%9C%AC-getshell/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15234.json b/2017/15xxx/CVE-2017-15234.json index f86e9c3e5f6..1abef30131f 100644 --- a/2017/15xxx/CVE-2017-15234.json +++ b/2017/15xxx/CVE-2017-15234.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15234", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15234", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15511.json b/2017/15xxx/CVE-2017-15511.json index 18542025d26..687bd4d8387 100644 --- a/2017/15xxx/CVE-2017-15511.json +++ b/2017/15xxx/CVE-2017-15511.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15511", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15511", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15517.json b/2017/15xxx/CVE-2017-15517.json index 1539e97046e..0a968f9c466 100644 --- a/2017/15xxx/CVE-2017-15517.json +++ b/2017/15xxx/CVE-2017-15517.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@netapp.com", - "DATE_PUBLIC" : "2017-11-16T00:00:00", - "ID" : "CVE-2017-15517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "AltaVault OST Plug-in", - "version" : { - "version_data" : [ - { - "version_value" : "Versions prior to 1.2.2" - } - ] - } - } - ] - }, - "vendor_name" : "NetApp " - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Sensitive Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@netapp.com", + "DATE_PUBLIC": "2017-11-16T00:00:00", + "ID": "CVE-2017-15517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AltaVault OST Plug-in", + "version": { + "version_data": [ + { + "version_value": "Versions prior to 1.2.2" + } + ] + } + } + ] + }, + "vendor_name": "NetApp " + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.netapp.com/advisory/ntap-20171116-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20171116-0001/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to obtain sensitive information via unspecified vectors. All users are urged to move to a fixed version and change passwords used by Veritas NetBackup to access the OST shares on the NetApp AltaVault as a precaution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Sensitive Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20171116-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20171116-0001/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15674.json b/2017/15xxx/CVE-2017-15674.json index b6f84ec377b..fe07532364c 100644 --- a/2017/15xxx/CVE-2017-15674.json +++ b/2017/15xxx/CVE-2017-15674.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15674", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15674", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8770.json b/2017/8xxx/CVE-2017-8770.json index 00f3af949d2..39e408a43a8 100644 --- a/2017/8xxx/CVE-2017-8770.json +++ b/2017/8xxx/CVE-2017-8770.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42547", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42547/" - }, - { - "name" : "http://www.digitalwhisper.co.il/files/Zines/0x56/DW86-1-RepeaterHack.pdf", - "refsource" : "MISC", - "url" : "http://www.digitalwhisper.co.il/files/Zines/0x56/DW86-1-RepeaterHack.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.digitalwhisper.co.il/files/Zines/0x56/DW86-1-RepeaterHack.pdf", + "refsource": "MISC", + "url": "http://www.digitalwhisper.co.il/files/Zines/0x56/DW86-1-RepeaterHack.pdf" + }, + { + "name": "42547", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42547/" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8960.json b/2017/8xxx/CVE-2017-8960.json index d8646f4f2ef..fce287aa4d9 100644 --- a/2017/8xxx/CVE-2017-8960.json +++ b/2017/8xxx/CVE-2017-8960.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-8960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MSA 1040 and 2040 SAN Storage", - "version" : { - "version_data" : [ - { - "version_value" : "GL220P008 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 SAN Storage IN version GL220P008 and earlier was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-8960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MSA 1040 and 2040 SAN Storage", + "version": { + "version_data": [ + { + "version_value": "GL220P008 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbst03780en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbst03780en_us" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 SAN Storage IN version GL220P008 and earlier was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbst03780en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbst03780en_us" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9494.json b/2017/9xxx/CVE-2017-9494.json index a63c82243ff..0ec75348c8e 100644 --- a/2017/9xxx/CVE-2017-9494.json +++ b/2017/9xxx/CVE-2017-9494.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to enable a Remote Web Inspector that is accessible from the public Internet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-38.remote-web-inspector.txt", - "refsource" : "MISC", - "url" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-38.remote-web-inspector.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to enable a Remote Web Inspector that is accessible from the public Internet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-38.remote-web-inspector.txt", + "refsource": "MISC", + "url": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-38.remote-web-inspector.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0802.json b/2018/0xxx/CVE-2018-0802.json index d171a26d43e..01fae3338b4 100644 --- a/2018/0xxx/CVE-2018-0802.json +++ b/2018/0xxx/CVE-2018-0802.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-01-09T00:00:00", - "ID" : "CVE-2018-0802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Equation Editor", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE is unique from CVE-2018-0797 and CVE-2018-0812." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-01-09T00:00:00", + "ID": "CVE-2018-0802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Equation Editor", + "version": { + "version_data": [ + { + "version_value": "Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rxwx/CVE-2018-0802", - "refsource" : "MISC", - "url" : "https://github.com/rxwx/CVE-2018-0802" - }, - { - "name" : "https://github.com/zldww2011/CVE-2018-0802_POC", - "refsource" : "MISC", - "url" : "https://github.com/zldww2011/CVE-2018-0802_POC" - }, - { - "name" : "https://0patch.blogspot.com/2018/01/the-bug-that-killed-equation-editor-how.html", - "refsource" : "MISC", - "url" : "https://0patch.blogspot.com/2018/01/the-bug-that-killed-equation-editor-how.html" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802" - }, - { - "name" : "102347", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102347" - }, - { - "name" : "1040153", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE is unique from CVE-2018-0797 and CVE-2018-0812." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802" + }, + { + "name": "https://github.com/rxwx/CVE-2018-0802", + "refsource": "MISC", + "url": "https://github.com/rxwx/CVE-2018-0802" + }, + { + "name": "1040153", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040153" + }, + { + "name": "https://0patch.blogspot.com/2018/01/the-bug-that-killed-equation-editor-how.html", + "refsource": "MISC", + "url": "https://0patch.blogspot.com/2018/01/the-bug-that-killed-equation-editor-how.html" + }, + { + "name": "102347", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102347" + }, + { + "name": "https://github.com/zldww2011/CVE-2018-0802_POC", + "refsource": "MISC", + "url": "https://github.com/zldww2011/CVE-2018-0802_POC" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000074.json b/2018/1000xxx/CVE-2018-1000074.json index d9fa8c9dca2..47ba0d1bb4a 100644 --- a/2018/1000xxx/CVE-2018-1000074.json +++ b/2018/1000xxx/CVE-2018-1000074.json @@ -1,119 +1,119 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2/18/2018 7:58:35", - "ID" : "CVE-2018-1000074", - "REQUESTER" : "craig.ingram@salesforce.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RubyGems", - "version" : { - "version_data" : [ - { - "version_value" : "Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422" - } - ] - } - } - ] - }, - "vendor_name" : "RubyGems" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Deserialization of Untrusted Data" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2/18/2018 7:58:35", + "ID": "CVE-2018-1000074", + "REQUESTER": "craig.ingram@salesforce.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180417 [SECURITY] [DLA 1352-1] jruby security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00017.html" - }, - { - "name" : "[debian-lts-announce] 20180827 [SECURITY] [DLA 1480-1] ruby2.1 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html" - }, - { - "name" : "http://blog.rubygems.org/2018/02/15/2.7.6-released.html", - "refsource" : "MISC", - "url" : "http://blog.rubygems.org/2018/02/15/2.7.6-released.html" - }, - { - "name" : "https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d", - "refsource" : "MISC", - "url" : "https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d" - }, - { - "name" : "DSA-4219", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4219" - }, - { - "name" : "DSA-4259", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4259" - }, - { - "name" : "RHSA-2018:3729", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3729" - }, - { - "name" : "RHSA-2018:3730", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3730" - }, - { - "name" : "RHSA-2018:3731", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3731" - }, - { - "name" : "USN-3621-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3621-1/" - }, - { - "name" : "USN-3621-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3621-2/" - }, - { - "name" : "USN-3685-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3685-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3685-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3685-1/" + }, + { + "name": "USN-3621-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3621-2/" + }, + { + "name": "https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d", + "refsource": "MISC", + "url": "https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d" + }, + { + "name": "[debian-lts-announce] 20180417 [SECURITY] [DLA 1352-1] jruby security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00017.html" + }, + { + "name": "DSA-4219", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4219" + }, + { + "name": "USN-3621-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3621-1/" + }, + { + "name": "RHSA-2018:3729", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3729" + }, + { + "name": "RHSA-2018:3730", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3730" + }, + { + "name": "RHSA-2018:3731", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3731" + }, + { + "name": "[debian-lts-announce] 20180827 [SECURITY] [DLA 1480-1] ruby2.1 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html" + }, + { + "name": "DSA-4259", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4259" + }, + { + "name": "http://blog.rubygems.org/2018/02/15/2.7.6-released.html", + "refsource": "MISC", + "url": "http://blog.rubygems.org/2018/02/15/2.7.6-released.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12060.json b/2018/12xxx/CVE-2018-12060.json index dfe92ab861c..0d17f77411a 100644 --- a/2018/12xxx/CVE-2018-12060.json +++ b/2018/12xxx/CVE-2018-12060.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12060", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12060", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12183.json b/2018/12xxx/CVE-2018-12183.json index 02602f39aa1..743d09e374c 100644 --- a/2018/12xxx/CVE-2018-12183.json +++ b/2018/12xxx/CVE-2018-12183.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12183", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12183", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12613.json b/2018/12xxx/CVE-2018-12613.json index b08b8cc8e4c..3570aedb4f4 100644 --- a/2018/12xxx/CVE-2018-12613.json +++ b/2018/12xxx/CVE-2018-12613.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the \"$cfg['AllowArbitraryServer'] = true\" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the \"$cfg['ServerDefault'] = 0\" case (which bypasses the login requirement and runs the vulnerable code without any authentication)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44928", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44928/" - }, - { - "name" : "44924", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44924/" - }, - { - "name" : "45020", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45020/" - }, - { - "name" : "https://www.phpmyadmin.net/security/PMASA-2018-4/", - "refsource" : "CONFIRM", - "url" : "https://www.phpmyadmin.net/security/PMASA-2018-4/" - }, - { - "name" : "104532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the \"$cfg['AllowArbitraryServer'] = true\" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the \"$cfg['ServerDefault'] = 0\" case (which bypasses the login requirement and runs the vulnerable code without any authentication)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.phpmyadmin.net/security/PMASA-2018-4/", + "refsource": "CONFIRM", + "url": "https://www.phpmyadmin.net/security/PMASA-2018-4/" + }, + { + "name": "45020", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45020/" + }, + { + "name": "104532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104532" + }, + { + "name": "44924", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44924/" + }, + { + "name": "44928", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44928/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12905.json b/2018/12xxx/CVE-2018-12905.json index e8788b0db55..458ce8affa3 100644 --- a/2018/12xxx/CVE-2018-12905.json +++ b/2018/12xxx/CVE-2018-12905.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php \"system manage\" and \"add\" actions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/joyplus/joyplus-cms/issues/427", - "refsource" : "MISC", - "url" : "https://github.com/joyplus/joyplus-cms/issues/427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php \"system manage\" and \"add\" actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/joyplus/joyplus-cms/issues/427", + "refsource": "MISC", + "url": "https://github.com/joyplus/joyplus-cms/issues/427" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13458.json b/2018/13xxx/CVE-2018-13458.json index a6d7f254ec0..f8b27755609 100644 --- a/2018/13xxx/CVE-2018-13458.json +++ b/2018/13xxx/CVE-2018-13458.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45082", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45082/" - }, - { - "name" : "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e", - "refsource" : "MISC", - "url" : "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e" - }, - { - "name" : "https://knowledge.opsview.com/v5.3/docs/whats-new", - "refsource" : "CONFIRM", - "url" : "https://knowledge.opsview.com/v5.3/docs/whats-new" - }, - { - "name" : "https://knowledge.opsview.com/v5.4/docs/whats-new", - "refsource" : "CONFIRM", - "url" : "https://knowledge.opsview.com/v5.4/docs/whats-new" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://knowledge.opsview.com/v5.4/docs/whats-new", + "refsource": "CONFIRM", + "url": "https://knowledge.opsview.com/v5.4/docs/whats-new" + }, + { + "name": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e", + "refsource": "MISC", + "url": "https://gist.github.com/fakhrizulkifli/40f3daf52950cca6de28ebec2498ff6e" + }, + { + "name": "45082", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45082/" + }, + { + "name": "https://knowledge.opsview.com/v5.3/docs/whats-new", + "refsource": "CONFIRM", + "url": "https://knowledge.opsview.com/v5.3/docs/whats-new" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16008.json b/2018/16xxx/CVE-2018-16008.json index 5ad914c5ed7..ffb24506e65 100644 --- a/2018/16xxx/CVE-2018-16008.json +++ b/2018/16xxx/CVE-2018-16008.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-16008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-16008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106164", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106164", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106164" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16243.json b/2018/16xxx/CVE-2018-16243.json index a939ea1189b..ea0898db245 100644 --- a/2018/16xxx/CVE-2018-16243.json +++ b/2018/16xxx/CVE-2018-16243.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16243", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16243", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16334.json b/2018/16xxx/CVE-2018-16334.json index 47f992957d4..664df25eaec 100644 --- a/2018/16xxx/CVE-2018-16334.json +++ b/2018/16xxx/CVE-2018-16334.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md", - "refsource" : "MISC", - "url" : "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md", + "refsource": "MISC", + "url": "https://github.com/zsjevilhex/iot/blob/master/route/tenda/tenda-04/tenda.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16366.json b/2018/16xxx/CVE-2018-16366.json index 263fecc82e6..8970ca1db17 100644 --- a/2018/16xxx/CVE-2018-16366.json +++ b/2018/16xxx/CVE-2018-16366.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16366", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16366", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/idreamsoft/iCMS/issues/32", - "refsource" : "MISC", - "url" : "https://github.com/idreamsoft/iCMS/issues/32" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/idreamsoft/iCMS/issues/32", + "refsource": "MISC", + "url": "https://github.com/idreamsoft/iCMS/issues/32" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16728.json b/2018/16xxx/CVE-2018-16728.json index 4c79cdd153b..beb4ca0da8c 100644 --- a/2018/16xxx/CVE-2018-16728.json +++ b/2018/16xxx/CVE-2018-16728.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/frozeman/feindura-flat-file-cms/issues/29", - "refsource" : "MISC", - "url" : "https://github.com/frozeman/feindura-flat-file-cms/issues/29" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/frozeman/feindura-flat-file-cms/issues/29", + "refsource": "MISC", + "url": "https://github.com/frozeman/feindura-flat-file-cms/issues/29" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4258.json b/2018/4xxx/CVE-2018-4258.json index 9d28fb47844..63fa2362e9c 100644 --- a/2018/4xxx/CVE-2018-4258.json +++ b/2018/4xxx/CVE-2018-4258.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208849", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208849", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208849" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4554.json b/2018/4xxx/CVE-2018-4554.json index 5d9e888cb94..6dd23a076f8 100644 --- a/2018/4xxx/CVE-2018-4554.json +++ b/2018/4xxx/CVE-2018-4554.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4554", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4554", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4739.json b/2018/4xxx/CVE-2018-4739.json index b6ea4b0f6ff..675fd194452 100644 --- a/2018/4xxx/CVE-2018-4739.json +++ b/2018/4xxx/CVE-2018-4739.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4739", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4739", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7416.json b/2019/7xxx/CVE-2019-7416.json index cfe58d6dd4e..aff2042b49c 100644 --- a/2019/7xxx/CVE-2019-7416.json +++ b/2019/7xxx/CVE-2019-7416.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7416", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in \"/webtop/help/en/default.htm\" is vulnerable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151582/OpenText-Documentum-Webtop-5.3-SP2-Open-Redirect.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151582/OpenText-Documentum-Webtop-5.3-SP2-Open-Redirect.html" + }, + { + "url": "https://www.opentext.com/products-and-solutions/products/opentext-product-offerings-catalog/rebranded-products/documentum", + "refsource": "MISC", + "name": "https://www.opentext.com/products-and-solutions/products/opentext-product-offerings-catalog/rebranded-products/documentum" + }, + { + "refsource": "FULLDISC", + "name": "20190212 KSA-Dev-007:CVE-2019-7386:DoS and gecko reboot in the nokia 8810 4G handset", + "url": "http://seclists.org/fulldisclosure/2019/Feb/26" } ] }