From a6aabc58bbb774f9ec05b1740f8c90f6a1c4171f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:17:09 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/0xxx/CVE-2004-0643.json | 240 ++++++++-------- 2004/0xxx/CVE-2004-0691.json | 200 ++++++------- 2004/1xxx/CVE-2004-1481.json | 160 +++++------ 2004/1xxx/CVE-2004-1774.json | 180 ++++++------ 2004/1xxx/CVE-2004-1873.json | 220 +++++++------- 2004/1xxx/CVE-2004-1972.json | 140 ++++----- 2004/2xxx/CVE-2004-2119.json | 170 +++++------ 2004/2xxx/CVE-2004-2243.json | 140 ++++----- 2004/2xxx/CVE-2004-2253.json | 150 +++++----- 2004/2xxx/CVE-2004-2261.json | 160 +++++------ 2008/2xxx/CVE-2008-2419.json | 140 ++++----- 2008/2xxx/CVE-2008-2480.json | 160 +++++------ 2008/2xxx/CVE-2008-2528.json | 170 +++++------ 2008/2xxx/CVE-2008-2871.json | 130 ++++----- 2008/2xxx/CVE-2008-2956.json | 180 ++++++------ 2008/3xxx/CVE-2008-3397.json | 140 ++++----- 2008/3xxx/CVE-2008-3866.json | 200 ++++++------- 2008/6xxx/CVE-2008-6138.json | 140 ++++----- 2008/6xxx/CVE-2008-6474.json | 150 +++++----- 2008/6xxx/CVE-2008-6810.json | 140 ++++----- 2012/5xxx/CVE-2012-5079.json | 510 ++++++++++++++++----------------- 2012/5xxx/CVE-2012-5504.json | 150 +++++----- 2012/5xxx/CVE-2012-5749.json | 34 +-- 2012/5xxx/CVE-2012-5916.json | 130 ++++----- 2017/11xxx/CVE-2017-11468.json | 140 ++++----- 2017/11xxx/CVE-2017-11693.json | 120 ++++---- 2017/14xxx/CVE-2017-14415.json | 120 ++++---- 2017/14xxx/CVE-2017-14864.json | 130 ++++----- 2017/15xxx/CVE-2017-15145.json | 34 +-- 2017/15xxx/CVE-2017-15488.json | 34 +-- 2017/15xxx/CVE-2017-15498.json | 34 +-- 2017/15xxx/CVE-2017-15937.json | 120 ++++---- 2017/3xxx/CVE-2017-3855.json | 34 +-- 2017/8xxx/CVE-2017-8033.json | 120 ++++---- 2017/8xxx/CVE-2017-8384.json | 130 ++++----- 2017/8xxx/CVE-2017-8415.json | 34 +-- 2017/8xxx/CVE-2017-8528.json | 130 ++++----- 2018/12xxx/CVE-2018-12546.json | 34 +-- 2018/12xxx/CVE-2018-12829.json | 140 ++++----- 2018/12xxx/CVE-2018-12898.json | 34 +-- 2018/13xxx/CVE-2018-13112.json | 120 ++++---- 2018/13xxx/CVE-2018-13324.json | 120 ++++---- 2018/16xxx/CVE-2018-16420.json | 140 ++++----- 2018/16xxx/CVE-2018-16570.json | 34 +-- 2018/16xxx/CVE-2018-16903.json | 34 +-- 2018/17xxx/CVE-2018-17450.json | 34 +-- 2018/17xxx/CVE-2018-17787.json | 120 ++++---- 2018/4xxx/CVE-2018-4231.json | 34 +-- 2018/4xxx/CVE-2018-4396.json | 34 +-- 2018/4xxx/CVE-2018-4539.json | 34 +-- 2019/6xxx/CVE-2019-6702.json | 63 +++- 51 files changed, 3174 insertions(+), 3115 deletions(-) diff --git a/2004/0xxx/CVE-2004-0643.json b/2004/0xxx/CVE-2004-0643.json index cb817617d70..5bfd63a02f0 100644 --- a/2004/0xxx/CVE-2004-0643.json +++ b/2004/0xxx/CVE-2004-0643.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt" - }, - { - "name" : "TA04-247A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA04-247A.html" - }, - { - "name" : "VU#866472", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/866472" - }, - { - "name" : "CLA-2004:860", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860" - }, - { - "name" : "DSA-543", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-543" - }, - { - "name" : "GLSA-200409-09", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml" - }, - { - "name" : "RHSA-2004:350", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2004-350.html" - }, - { - "name" : "2004-0045", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.net/errata/2004/0045/" - }, - { - "name" : "20040913 [OpenPKG-SA-2004.039] OpenPKG Security Advisory (kerberos)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109508872524753&w=2" - }, - { - "name" : "11078", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11078" - }, - { - "name" : "oval:org.mitre.oval:def:3322", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3322" - }, - { - "name" : "oval:org.mitre.oval:def:10267", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10267" - }, - { - "name" : "kerberos-krb5rdcred-double-free(17159)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17159" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CLA-2004:860", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860" + }, + { + "name": "kerberos-krb5rdcred-double-free(17159)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17159" + }, + { + "name": "oval:org.mitre.oval:def:3322", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3322" + }, + { + "name": "VU#866472", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/866472" + }, + { + "name": "oval:org.mitre.oval:def:10267", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10267" + }, + { + "name": "RHSA-2004:350", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2004-350.html" + }, + { + "name": "2004-0045", + "refsource": "TRUSTIX", + "url": "http://www.trustix.net/errata/2004/0045/" + }, + { + "name": "DSA-543", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-543" + }, + { + "name": "TA04-247A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA04-247A.html" + }, + { + "name": "GLSA-200409-09", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml" + }, + { + "name": "20040913 [OpenPKG-SA-2004.039] OpenPKG Security Advisory (kerberos)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109508872524753&w=2" + }, + { + "name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt" + }, + { + "name": "11078", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11078" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0691.json b/2004/0xxx/CVE-2004-0691.json index d2d5e37f911..15b9dcd87b0 100644 --- a/2004/0xxx/CVE-2004-0691.json +++ b/2004/0xxx/CVE-2004-0691.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040818 CESA-2004-004: qt", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109295309008309&w=2" - }, - { - "name" : "DSA-542", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-542" - }, - { - "name" : "201610", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201610-1" - }, - { - "name" : "SUSE-SA:2004:027", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_27_qt3.html" - }, - { - "name" : "RHSA-2004:414", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-414.html" - }, - { - "name" : "GLSA-200408-20", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200408-20.xml" - }, - { - "name" : "MDKSA-2004:085", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:085" - }, - { - "name" : "oval:org.mitre.oval:def:9485", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9485" - }, - { - "name" : "qt-bmp-bo(17040)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:9485", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9485" + }, + { + "name": "GLSA-200408-20", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200408-20.xml" + }, + { + "name": "SUSE-SA:2004:027", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_27_qt3.html" + }, + { + "name": "RHSA-2004:414", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-414.html" + }, + { + "name": "DSA-542", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-542" + }, + { + "name": "qt-bmp-bo(17040)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17040" + }, + { + "name": "201610", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201610-1" + }, + { + "name": "20040818 CESA-2004-004: qt", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109295309008309&w=2" + }, + { + "name": "MDKSA-2004:085", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:085" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1481.json b/2004/1xxx/CVE-2004-1481.json index 44740d24f3d..efdf6d34766 100644 --- a/2004/1xxx/CVE-2004-1481.json +++ b/2004/1xxx/CVE-2004-1481.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041001 EEYE: RealPlayer pnen3260.dll Heap Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=109708374115061&w=2" - }, - { - "name" : "http://www.service.real.com/help/faq/security/040928_player/EN/", - "refsource" : "CONFIRM", - "url" : "http://www.service.real.com/help/faq/security/040928_player/EN/" - }, - { - "name" : "11309", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11309" - }, - { - "name" : "12672", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12672" - }, - { - "name" : "realplayer-rm-code-execution(17549)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11309", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11309" + }, + { + "name": "20041001 EEYE: RealPlayer pnen3260.dll Heap Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=109708374115061&w=2" + }, + { + "name": "http://www.service.real.com/help/faq/security/040928_player/EN/", + "refsource": "CONFIRM", + "url": "http://www.service.real.com/help/faq/security/040928_player/EN/" + }, + { + "name": "12672", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12672" + }, + { + "name": "realplayer-rm-code-execution(17549)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17549" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1774.json b/2004/1xxx/CVE-2004-1774.json index a0bf673c596..1a3083313d4 100644 --- a/2004/1xxx/CVE-2004-1774.json +++ b/2004/1xxx/CVE-2004-1774.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040902 [SHATTER Team Security Alert] Multiple vulnerabilities in Oracle Database Server", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/025984.html" - }, - { - "name" : "http://www.appsecinc.com/resources/alerts/oracle/2004-0001/", - "refsource" : "MISC", - "url" : "http://www.appsecinc.com/resources/alerts/oracle/2004-0001/" - }, - { - "name" : "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf" - }, - { - "name" : "http://www.securiteam.com/securitynews/5CP010KE0W.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/securitynews/5CP010KE0W.html" - }, - { - "name" : "http://www.frsirt.com/exploits/20050413.OracleExploit.sql.php", - "refsource" : "MISC", - "url" : "http://www.frsirt.com/exploits/20050413.OracleExploit.sql.php" - }, - { - "name" : "13145", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13145" - }, - { - "name" : "oracle-mdsysmd2sdocodesize-bo(20078)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20078" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.appsecinc.com/resources/alerts/oracle/2004-0001/", + "refsource": "MISC", + "url": "http://www.appsecinc.com/resources/alerts/oracle/2004-0001/" + }, + { + "name": "http://www.securiteam.com/securitynews/5CP010KE0W.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/securitynews/5CP010KE0W.html" + }, + { + "name": "20040902 [SHATTER Team Security Alert] Multiple vulnerabilities in Oracle Database Server", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/025984.html" + }, + { + "name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf" + }, + { + "name": "http://www.frsirt.com/exploits/20050413.OracleExploit.sql.php", + "refsource": "MISC", + "url": "http://www.frsirt.com/exploits/20050413.OracleExploit.sql.php" + }, + { + "name": "13145", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13145" + }, + { + "name": "oracle-mdsysmd2sdocodesize-bo(20078)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20078" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1873.json b/2004/1xxx/CVE-2004-1873.json index 2c869325de3..5d6d572807a 100644 --- a/2004/1xxx/CVE-2004-1873.json +++ b/2004/1xxx/CVE-2004-1873.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1873", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1873", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040329 A-CART Pro & A-CART 2.0 Input Validation Holes", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108057887008983&w=2" - }, - { - "name" : "20061118 A-Cart 2.0 SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452005/100/0/threaded" - }, - { - "name" : "20061114 A-Cart pro[ injection sql (post&get)]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/451594/100/100/threaded" - }, - { - "name" : "20061118 A-Cart PRO SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452006/100/0/threaded" - }, - { - "name" : "20061118 Re: A-Cart PRO SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/452023/100/0/threaded" - }, - { - "name" : "http://www.aria-security.com/forum/showthread.php?t=31", - "refsource" : "MISC", - "url" : "http://www.aria-security.com/forum/showthread.php?t=31" - }, - { - "name" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=27", - "refsource" : "MISC", - "url" : "http://s-a-p.ca/index.php?page=OurAdvisories&id=27" - }, - { - "name" : "http://www.aria-security.com/forum/showthread.php?t=32", - "refsource" : "MISC", - "url" : "http://www.aria-security.com/forum/showthread.php?t=32" - }, - { - "name" : "9997", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9997" - }, - { - "name" : "11236", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11236" - }, - { - "name" : "acart-categoryasp-sql-injection(15661)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040329 A-CART Pro & A-CART 2.0 Input Validation Holes", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108057887008983&w=2" + }, + { + "name": "20061118 Re: A-Cart PRO SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452023/100/0/threaded" + }, + { + "name": "http://www.aria-security.com/forum/showthread.php?t=31", + "refsource": "MISC", + "url": "http://www.aria-security.com/forum/showthread.php?t=31" + }, + { + "name": "11236", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11236" + }, + { + "name": "20061118 A-Cart 2.0 SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452005/100/0/threaded" + }, + { + "name": "20061114 A-Cart pro[ injection sql (post&get)]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/451594/100/100/threaded" + }, + { + "name": "9997", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9997" + }, + { + "name": "20061118 A-Cart PRO SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/452006/100/0/threaded" + }, + { + "name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=27", + "refsource": "MISC", + "url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=27" + }, + { + "name": "http://www.aria-security.com/forum/showthread.php?t=32", + "refsource": "MISC", + "url": "http://www.aria-security.com/forum/showthread.php?t=32" + }, + { + "name": "acart-categoryasp-sql-injection(15661)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15661" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1972.json b/2004/1xxx/CVE-2004-1972.json index 85429d3b6bc..7eae0706532 100644 --- a/2004/1xxx/CVE-2004-1972.json +++ b/2004/1xxx/CVE-2004-1972.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1972", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to execute arbitrary SQL code via the (1) clipid or (2) catid parameters in a viewclip, viewcat, or voteclip action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1972", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040426 Multiple vulnerabilities PHP-Nuke Video Gallery Module for PHP-Nuke", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108308660628557&w=2" - }, - { - "name" : "10215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10215" - }, - { - "name" : "video-gallery-sql-injection(15979)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to execute arbitrary SQL code via the (1) clipid or (2) catid parameters in a viewclip, viewcat, or voteclip action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "video-gallery-sql-injection(15979)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15979" + }, + { + "name": "20040426 Multiple vulnerabilities PHP-Nuke Video Gallery Module for PHP-Nuke", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108308660628557&w=2" + }, + { + "name": "10215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10215" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2119.json b/2004/2xxx/CVE-2004-2119.json index e0be3d93b55..13445274ea9 100644 --- a/2004/2xxx/CVE-2004-2119.json +++ b/2004/2xxx/CVE-2004-2119.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows remote attackers to inject arbitrary web script or HTML via the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040124 Tiny Server 1.1 (1.0.5) Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107496530806730&w=2" - }, - { - "name" : "http://www.autistici.org/fdonato/advisory/tinyServer1.1[1.0.5]-adv.txt", - "refsource" : "MISC", - "url" : "http://www.autistici.org/fdonato/advisory/tinyServer1.1[1.0.5]-adv.txt" - }, - { - "name" : "9485", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9485" - }, - { - "name" : "3710", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3710" - }, - { - "name" : "10707", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10707" - }, - { - "name" : "tinyserver-xss(14929)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows remote attackers to inject arbitrary web script or HTML via the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3710", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3710" + }, + { + "name": "10707", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10707" + }, + { + "name": "20040124 Tiny Server 1.1 (1.0.5) Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107496530806730&w=2" + }, + { + "name": "http://www.autistici.org/fdonato/advisory/tinyServer1.1[1.0.5]-adv.txt", + "refsource": "MISC", + "url": "http://www.autistici.org/fdonato/advisory/tinyServer1.1[1.0.5]-adv.txt" + }, + { + "name": "9485", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9485" + }, + { + "name": "tinyserver-xss(14929)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14929" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2243.json b/2004/2xxx/CVE-2004-2243.json index 71c6197b6ab..eb4e7fde2ce 100644 --- a/2004/2xxx/CVE-2004-2243.json +++ b/2004/2xxx/CVE-2004-2243.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Phorum allows remote attackers to hijack sessions of other users by stealing and replaying the session hash in the phorum_uriauth parameter, as demonstrated using profile.php. NOTE: the affected version was reported to be 4.3.7, but this may be erroneous." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040519 Ph0rum phorum_uriauth replay attack", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0999.html" - }, - { - "name" : "1010219", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010219" - }, - { - "name" : "phorum-session-hijack(16215)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Phorum allows remote attackers to hijack sessions of other users by stealing and replaying the session hash in the phorum_uriauth parameter, as demonstrated using profile.php. NOTE: the affected version was reported to be 4.3.7, but this may be erroneous." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phorum-session-hijack(16215)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16215" + }, + { + "name": "20040519 Ph0rum phorum_uriauth replay attack", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0999.html" + }, + { + "name": "1010219", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010219" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2253.json b/2004/2xxx/CVE-2004-2253.json index b390c094032..5f1517de326 100644 --- a/2004/2xxx/CVE-2004-2253.json +++ b/2004/2xxx/CVE-2004-2253.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://members.lycos.co.uk/r34ct/main/SurgeLDAP%201.0g.txt", - "refsource" : "MISC", - "url" : "http://members.lycos.co.uk/r34ct/main/SurgeLDAP%201.0g.txt" - }, - { - "name" : "10103", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10103" - }, - { - "name" : "11343", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11343" - }, - { - "name" : "surgeldap-dotdot-directory-traversal(15851)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15851" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10103", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10103" + }, + { + "name": "http://members.lycos.co.uk/r34ct/main/SurgeLDAP%201.0g.txt", + "refsource": "MISC", + "url": "http://members.lycos.co.uk/r34ct/main/SurgeLDAP%201.0g.txt" + }, + { + "name": "11343", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11343" + }, + { + "name": "surgeldap-dotdot-directory-traversal(15851)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15851" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2261.json b/2004/2xxx/CVE-2004-2261.json index 70ed0669a67..2a5a779d842 100644 --- a/2004/2xxx/CVE-2004-2261.json +++ b/2004/2xxx/CVE-2004-2261.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the \"login name/author\" field in the (1) news submit or (2) article submit functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "10293", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10293" - }, - { - "name" : "5982", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5982" - }, - { - "name" : "1010084", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010084" - }, - { - "name" : "11567", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11567" - }, - { - "name" : "e107-news-submit-xss(16087)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the \"login name/author\" field in the (1) news submit or (2) article submit functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "e107-news-submit-xss(16087)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16087" + }, + { + "name": "5982", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5982" + }, + { + "name": "1010084", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010084" + }, + { + "name": "10293", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10293" + }, + { + "name": "11567", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11567" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2419.json b/2008/2xxx/CVE-2008-2419.json index 4bb428dbc4b..e20781cfaae 100644 --- a/2008/2xxx/CVE-2008-2419.json +++ b/2008/2xxx/CVE-2008-2419.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a JSframe close, as demonstrated by an error in loading an empty Java applet defined by a 'src=\"javascript:\"' sequence." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.0x000000.com/?i=576", - "refsource" : "MISC", - "url" : "http://www.0x000000.com/?i=576" - }, - { - "name" : "29318", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29318" - }, - { - "name" : "mozilla-firefox-jsframe-code-execution(42589)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42589" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a JSframe close, as demonstrated by an error in loading an empty Java applet defined by a 'src=\"javascript:\"' sequence." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mozilla-firefox-jsframe-code-execution(42589)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42589" + }, + { + "name": "http://www.0x000000.com/?i=576", + "refsource": "MISC", + "url": "http://www.0x000000.com/?i=576" + }, + { + "name": "29318", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29318" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2480.json b/2008/2xxx/CVE-2008-2480.json index e373bd6492c..2d1ac534b5b 100644 --- a/2008/2xxx/CVE-2008-2480.json +++ b/2008/2xxx/CVE-2008-2480.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in plus.php in plusPHP Short URL Multi-User Script 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the _pages_dir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5672", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5672" - }, - { - "name" : "29357", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29357" - }, - { - "name" : "ADV-2008-1645", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1645/references" - }, - { - "name" : "30373", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30373" - }, - { - "name" : "plusphp-plus-file-include(42623)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in plus.php in plusPHP Short URL Multi-User Script 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the _pages_dir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29357", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29357" + }, + { + "name": "plusphp-plus-file-include(42623)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42623" + }, + { + "name": "5672", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5672" + }, + { + "name": "30373", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30373" + }, + { + "name": "ADV-2008-1645", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1645/references" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2528.json b/2008/2xxx/CVE-2008-2528.json index 95fdb2186f8..589be9bc91e 100644 --- a/2008/2xxx/CVE-2008-2528.json +++ b/2008/2xxx/CVE-2008-2528.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2528", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain \"access to network resources\" via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2528", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.citrix.com/article/CTX116930", - "refsource" : "CONFIRM", - "url" : "http://support.citrix.com/article/CTX116930" - }, - { - "name" : "29174", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29174" - }, - { - "name" : "ADV-2008-1474", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1474/references" - }, - { - "name" : "1020025", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020025" - }, - { - "name" : "30175", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30175" - }, - { - "name" : "citrix-access-unspecified-auth-bypass(42356)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42356" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain \"access to network resources\" via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29174", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29174" + }, + { + "name": "http://support.citrix.com/article/CTX116930", + "refsource": "CONFIRM", + "url": "http://support.citrix.com/article/CTX116930" + }, + { + "name": "ADV-2008-1474", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1474/references" + }, + { + "name": "30175", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30175" + }, + { + "name": "1020025", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020025" + }, + { + "name": "citrix-access-unspecified-auth-bypass(42356)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42356" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2871.json b/2008/2xxx/CVE-2008-2871.json index dd5114ff5db..bd75eda01ab 100644 --- a/2008/2xxx/CVE-2008-2871.json +++ b/2008/2xxx/CVE-2008-2871.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2871", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in template2.php in PEGames allow remote attackers to inject arbitrary web script or HTML via the (1) sitetitle, (2) sitenav, (3) sitemain, and (4) sitealt parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2871", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "29865", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29865" - }, - { - "name" : "pegames-template2-xss(43314)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43314" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in template2.php in PEGames allow remote attackers to inject arbitrary web script or HTML via the (1) sitetitle, (2) sitenav, (3) sitemain, and (4) sitealt parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29865", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29865" + }, + { + "name": "pegames-template2-xss(43314)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43314" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2956.json b/2008/2xxx/CVE-2008-2956.json index 3f91719aeae..51054909825 100644 --- a/2008/2xxx/CVE-2008-2956.json +++ b/2008/2xxx/CVE-2008-2956.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2956", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents. NOTE: this issue has been disputed by the upstream vendor, who states: \"I was never able to identify a scenario under which a problem occurred and the original reporter wasn't able to supply any sort of reproduction details.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-2956", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080806 rPSA-2008-0246-1 gaim", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495165/100/0/threaded" - }, - { - "name" : "http://crisp.cs.du.edu/?q=ca2007-1", - "refsource" : "MISC", - "url" : "http://crisp.cs.du.edu/?q=ca2007-1" - }, - { - "name" : "[oss-security] 20080627 CVE Request (pidgin)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/06/27/3" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2647", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2647" - }, - { - "name" : "29985", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29985" - }, - { - "name" : "31387", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31387" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents. NOTE: this issue has been disputed by the upstream vendor, who states: \"I was never able to identify a scenario under which a problem occurred and the original reporter wasn't able to supply any sort of reproduction details.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29985", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29985" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0246" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2647", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2647" + }, + { + "name": "[oss-security] 20080627 CVE Request (pidgin)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/06/27/3" + }, + { + "name": "31387", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31387" + }, + { + "name": "http://crisp.cs.du.edu/?q=ca2007-1", + "refsource": "MISC", + "url": "http://crisp.cs.du.edu/?q=ca2007-1" + }, + { + "name": "20080806 rPSA-2008-0246-1 gaim", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495165/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3397.json b/2008/3xxx/CVE-2008-3397.json index 2a1f5ee2689..cce2c7b3fe3 100644 --- a/2008/3xxx/CVE-2008-3397.json +++ b/2008/3xxx/CVE-2008-3397.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS before 3_1.4_0.9 allows remote attackers to inject arbitrary web script or HTML via a cerberus_user cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gl2logic.com/cerberus/cerberus.php?app=Old_News&SHOWID=7", - "refsource" : "MISC", - "url" : "http://gl2logic.com/cerberus/cerberus.php?app=Old_News&SHOWID=7" - }, - { - "name" : "30416", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30416" - }, - { - "name" : "31218", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS before 3_1.4_0.9 allows remote attackers to inject arbitrary web script or HTML via a cerberus_user cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30416", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30416" + }, + { + "name": "31218", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31218" + }, + { + "name": "http://gl2logic.com/cerberus/cerberus.php?app=Old_News&SHOWID=7", + "refsource": "MISC", + "url": "http://gl2logic.com/cerberus/cerberus.php?app=Old_News&SHOWID=7" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3866.json b/2008/3xxx/CVE-2008-3866.json index 05407be3031..cf5c0b99ff1 100644 --- a/2008/3xxx/CVE-2008-3866.json +++ b/2008/3xxx/CVE-2008-3866.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2008-3866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2008-43/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2008-43/" - }, - { - "name" : "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", - "refsource" : "MISC", - "url" : "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt" - }, - { - "name" : "33358", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33358" - }, - { - "name" : "ADV-2009-0191", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0191" - }, - { - "name" : "1021616", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021616" - }, - { - "name" : "1021617", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021617" - }, - { - "name" : "31160", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31160" - }, - { - "name" : "33609", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33609" - }, - { - "name" : "nsc-tmpfw-security-bypass(48108)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48108" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend Micro Network Security Component (NSC) modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which allows local users to bypass intended access restrictions and change firewall settings by using a modified client to send crafted packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secunia.com/secunia_research/2008-43/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2008-43/" + }, + { + "name": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt", + "refsource": "MISC", + "url": "http://www.trendmicro.com/ftp/documentation/readme/OSCE8.0_SP1_Patch1_CriticalPatch_3191_Readme.txt" + }, + { + "name": "1021616", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021616" + }, + { + "name": "nsc-tmpfw-security-bypass(48108)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48108" + }, + { + "name": "1021617", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021617" + }, + { + "name": "33358", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33358" + }, + { + "name": "ADV-2009-0191", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0191" + }, + { + "name": "33609", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33609" + }, + { + "name": "31160", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31160" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6138.json b/2008/6xxx/CVE-2008-6138.json index 49c1e82a49b..9f1b406c2a1 100644 --- a/2008/6xxx/CVE-2008-6138.json +++ b/2008/6xxx/CVE-2008-6138.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6703", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6703" - }, - { - "name" : "31655", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31655" - }, - { - "name" : "modulescontroller-adminhead-file-include(45771)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45771" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6703", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6703" + }, + { + "name": "31655", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31655" + }, + { + "name": "modulescontroller-adminhead-file-include(45771)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45771" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6474.json b/2008/6xxx/CVE-2008-6474.json index dca6dbbc8ec..aca8c0b2da6 100644 --- a/2008/6xxx/CVE-2008-6474.json +++ b/2008/6xxx/CVE-2008-6474.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080405 F5 BIG-IP Management Interface Perl Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490496/100/0/threaded" - }, - { - "name" : "28639", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28639" - }, - { - "name" : "51116", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51116" - }, - { - "name" : "f5bigip-interface-code-execution(49308)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51116", + "refsource": "OSVDB", + "url": "http://osvdb.org/51116" + }, + { + "name": "28639", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28639" + }, + { + "name": "20080405 F5 BIG-IP Management Interface Perl Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490496/100/0/threaded" + }, + { + "name": "f5bigip-interface-code-execution(49308)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49308" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6810.json b/2008/6xxx/CVE-2008-6810.json index d5b888bf952..311ed9c1ecd 100644 --- a/2008/6xxx/CVE-2008-6810.json +++ b/2008/6xxx/CVE-2008-6810.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in admin/checklogin.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allow remote attackers to execute arbitrary SQL commands via the (1) myusername (username) and (2) password parameters. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7263", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7263" - }, - { - "name" : "32430", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32430" - }, - { - "name" : "bookingcentre-index-sql-injection(46914)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in admin/checklogin.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allow remote attackers to execute arbitrary SQL commands via the (1) myusername (username) and (2) password parameters. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7263", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7263" + }, + { + "name": "32430", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32430" + }, + { + "name": "bookingcentre-index-sql-injection(46914)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46914" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5079.json b/2012/5xxx/CVE-2012-5079.json index 97274c38963..6a165782ef7 100644 --- a/2012/5xxx/CVE-2012-5079.json +++ b/2012/5xxx/CVE-2012-5079.json @@ -1,257 +1,257 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5073." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-5079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616490", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616490" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621154", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621154" - }, - { - "name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620037", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620037" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21631786", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21631786" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html" - }, - { - "name" : "HPSBUX02832", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135542848327757&w=2" - }, - { - "name" : "SSRT101042", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135542848327757&w=2" - }, - { - "name" : "HPSBOV02833", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135758563611658&w=2" - }, - { - "name" : "SSRT101043", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135758563611658&w=2" - }, - { - "name" : "RHSA-2012:1385", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1385.html" - }, - { - "name" : "RHSA-2012:1386", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1386.html" - }, - { - "name" : "RHSA-2012:1391", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1391.html" - }, - { - "name" : "RHSA-2012:1392", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1392.html" - }, - { - "name" : "RHSA-2012:1465", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1465.html" - }, - { - "name" : "RHSA-2012:1466", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1466.html" - }, - { - "name" : "RHSA-2012:1467", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1467.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "SUSE-SU-2012:1490", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00011.html" - }, - { - "name" : "openSUSE-SU-2012:1423", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00023.html" - }, - { - "name" : "SUSE-SU-2012:1398", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" - }, - { - "name" : "SUSE-SU-2012:1595", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html" - }, - { - "name" : "SUSE-SU-2012:1489", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00010.html" - }, - { - "name" : "56082", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56082" - }, - { - "name" : "oval:org.mitre.oval:def:16602", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16602" - }, - { - "name" : "51028", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51028" - }, - { - "name" : "51029", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51029" - }, - { - "name" : "51141", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51141" - }, - { - "name" : "51313", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51313" - }, - { - "name" : "51315", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51315" - }, - { - "name" : "51326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51326" - }, - { - "name" : "51327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51327" - }, - { - "name" : "51328", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51328" - }, - { - "name" : "51390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51390" - }, - { - "name" : "51393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51393" - }, - { - "name" : "51438", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51438" - }, - { - "name" : "51166", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51166" - }, - { - "name" : "javaruntimeenvironment-lib-cve20125079(79433)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5073." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51313", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51313" + }, + { + "name": "SUSE-SU-2012:1398", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html" + }, + { + "name": "RHSA-2012:1466", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html" + }, + { + "name": "RHSA-2012:1386", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html" + }, + { + "name": "51315", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51315" + }, + { + "name": "51438", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51438" + }, + { + "name": "51141", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51141" + }, + { + "name": "SSRT101043", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135758563611658&w=2" + }, + { + "name": "SUSE-SU-2012:1490", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00011.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154" + }, + { + "name": "openSUSE-SU-2012:1423", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00023.html" + }, + { + "name": "javaruntimeenvironment-lib-cve20125079(79433)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79433" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "RHSA-2012:1391", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21620037", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620037" + }, + { + "name": "51029", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51029" + }, + { + "name": "HPSBOV02833", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135758563611658&w=2" + }, + { + "name": "51166", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51166" + }, + { + "name": "51390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51390" + }, + { + "name": "RHSA-2012:1392", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1392.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786" + }, + { + "name": "SUSE-SU-2012:1489", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00010.html" + }, + { + "name": "SUSE-SU-2012:1595", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490" + }, + { + "name": "51327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51327" + }, + { + "name": "RHSA-2012:1467", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html" + }, + { + "name": "RHSA-2012:1465", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1465.html" + }, + { + "name": "56082", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56082" + }, + { + "name": "51328", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51328" + }, + { + "name": "SSRT101042", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135542848327757&w=2" + }, + { + "name": "51028", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51028" + }, + { + "name": "oval:org.mitre.oval:def:16602", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16602" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "51393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51393" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" + }, + { + "name": "51326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51326" + }, + { + "name": "RHSA-2012:1385", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1385.html" + }, + { + "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" + }, + { + "name": "HPSBUX02832", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135542848327757&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5504.json b/2012/5xxx/CVE-2012-5504.json index a62114deb99..10727dde24b 100644 --- a/2012/5xxx/CVE-2012-5504.json +++ b/2012/5xxx/CVE-2012-5504.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5504", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5504", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/10/1" - }, - { - "name" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", - "refsource" : "CONFIRM", - "url" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" - }, - { - "name" : "https://plone.org/products/plone-hotfix/releases/20121106", - "refsource" : "CONFIRM", - "url" : "https://plone.org/products/plone-hotfix/releases/20121106" - }, - { - "name" : "https://plone.org/products/plone/security/advisories/20121106/20", - "refsource" : "CONFIRM", - "url" : "https://plone.org/products/plone/security/advisories/20121106/20" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", + "refsource": "CONFIRM", + "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" + }, + { + "name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" + }, + { + "name": "https://plone.org/products/plone-hotfix/releases/20121106", + "refsource": "CONFIRM", + "url": "https://plone.org/products/plone-hotfix/releases/20121106" + }, + { + "name": "https://plone.org/products/plone/security/advisories/20121106/20", + "refsource": "CONFIRM", + "url": "https://plone.org/products/plone/security/advisories/20121106/20" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5749.json b/2012/5xxx/CVE-2012-5749.json index a0ae85925d3..5dc2f7fbbb4 100644 --- a/2012/5xxx/CVE-2012-5749.json +++ b/2012/5xxx/CVE-2012-5749.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5749", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5749", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5916.json b/2012/5xxx/CVE-2012-5916.json index 7455b69b6dc..4ab04e2f2f2 100644 --- a/2012/5xxx/CVE-2012-5916.json +++ b/2012/5xxx/CVE-2012-5916.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct request to (1) docs/new/seditio-createnew-160.sql, (2) docs/upgrade/sedito_convert_to_utf8.optional.sql, or (3) system/install/install.parser.sql." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/111320/Seditio-Build-161-Cross-Site-Scripting-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/111320/Seditio-Build-161-Cross-Site-Scripting-Information-Disclosure.html" - }, - { - "name" : "seditio-multiple-information-disclosure(74464)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74464" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Neocrome Seditio build 161 allows remote attackers to obtain sensitive information via a direct request to (1) docs/new/seditio-createnew-160.sql, (2) docs/upgrade/sedito_convert_to_utf8.optional.sql, or (3) system/install/install.parser.sql." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/111320/Seditio-Build-161-Cross-Site-Scripting-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/111320/Seditio-Build-161-Cross-Site-Scripting-Information-Disclosure.html" + }, + { + "name": "seditio-multiple-information-disclosure(74464)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74464" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11468.json b/2017/11xxx/CVE-2017-11468.json index e4ec68d2978..92c51b08842 100644 --- a/2017/11xxx/CVE-2017-11468.json +++ b/2017/11xxx/CVE-2017-11468.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/docker/distribution/pull/2340", - "refsource" : "CONFIRM", - "url" : "https://github.com/docker/distribution/pull/2340" - }, - { - "name" : "https://github.com/docker/distribution/releases/tag/v2.6.2", - "refsource" : "CONFIRM", - "url" : "https://github.com/docker/distribution/releases/tag/v2.6.2" - }, - { - "name" : "RHSA-2017:2603", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:2603", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2603" + }, + { + "name": "https://github.com/docker/distribution/releases/tag/v2.6.2", + "refsource": "CONFIRM", + "url": "https://github.com/docker/distribution/releases/tag/v2.6.2" + }, + { + "name": "https://github.com/docker/distribution/pull/2340", + "refsource": "CONFIRM", + "url": "https://github.com/docker/distribution/pull/2340" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11693.json b/2017/11xxx/CVE-2017-11693.json index 40f40afe636..758bef7a7d3 100644 --- a/2017/11xxx/CVE-2017-11693.json +++ b/2017/11xxx/CVE-2017-11693.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. PostgreSQL is used as the Document Management System database. The account name is dms. The password is hard-coded throughout the application, and is the same across all installations. Customers do not have the option to change passwords. The dms account for PostgreSQL has access to the database schema for Document Management System." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jul/71", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jul/71" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. PostgreSQL is used as the Document Management System database. The account name is dms. The password is hard-coded throughout the application, and is the same across all installations. Customers do not have the option to change passwords. The dms account for PostgreSQL has access to the database schema for Document Management System." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Jul/71", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Jul/71" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14415.json b/2017/14xxx/CVE-2017-14415.json index b53eb283506..ab82d97486e 100644 --- a/2017/14xxx/CVE-2017-14415.json +++ b/2017/14xxx/CVE-2017-14415.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html", - "refsource" : "MISC", - "url" : "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html", + "refsource": "MISC", + "url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14864.json b/2017/14xxx/CVE-2017-14864.json index 74e4df4774f..fe18a8b1a62 100644 --- a/2017/14xxx/CVE-2017-14864.json +++ b/2017/14xxx/CVE-2017-14864.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14864", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1494467", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1494467" - }, - { - "name" : "USN-3852-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3852-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Invalid memory address dereference was discovered in Exiv2::getULong in types.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3852-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3852-1/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1494467", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494467" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15145.json b/2017/15xxx/CVE-2017-15145.json index 9edf198f377..0078e35ab8d 100644 --- a/2017/15xxx/CVE-2017-15145.json +++ b/2017/15xxx/CVE-2017-15145.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15145", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15145", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15488.json b/2017/15xxx/CVE-2017-15488.json index c70cd338756..b049a4e9bad 100644 --- a/2017/15xxx/CVE-2017-15488.json +++ b/2017/15xxx/CVE-2017-15488.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15488", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15488", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15498.json b/2017/15xxx/CVE-2017-15498.json index 5f47adcdd14..5c39d18da21 100644 --- a/2017/15xxx/CVE-2017-15498.json +++ b/2017/15xxx/CVE-2017-15498.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15498", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15498", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15937.json b/2017/15xxx/CVE-2017-15937.json index 8388d3f0515..90e54ab1ade 100644 --- a/2017/15xxx/CVE-2017-15937.json +++ b/2017/15xxx/CVE-2017-15937.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/stolabs/security-issue-on-pandora-fms-enterprise-be630059a72d", - "refsource" : "MISC", - "url" : "https://medium.com/stolabs/security-issue-on-pandora-fms-enterprise-be630059a72d" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/stolabs/security-issue-on-pandora-fms-enterprise-be630059a72d", + "refsource": "MISC", + "url": "https://medium.com/stolabs/security-issue-on-pandora-fms-enterprise-be630059a72d" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3855.json b/2017/3xxx/CVE-2017-3855.json index d53acfce3ce..544c54a6995 100644 --- a/2017/3xxx/CVE-2017-3855.json +++ b/2017/3xxx/CVE-2017-3855.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3855", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3855", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8033.json b/2017/8xxx/CVE-2017-8033.json index 3bd0f6768d7..784b7b2050f 100644 --- a/2017/8xxx/CVE-2017-8033.json +++ b/2017/8xxx/CVE-2017-8033.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-8033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cloud Controller API CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268", - "version" : { - "version_data" : [ - { - "version_value" : "Cloud Controller API CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a specially crafted application that can write arbitrary files to the Cloud Controller VM." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "API filesystem traversal vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-8033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cloud Controller API CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268", + "version": { + "version_data": [ + { + "version_value": "Cloud Controller API CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.cloudfoundry.org/cve-2017-8033/", - "refsource" : "CONFIRM", - "url" : "https://www.cloudfoundry.org/cve-2017-8033/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer to escalate privileges by pushing a specially crafted application that can write arbitrary files to the Cloud Controller VM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "API filesystem traversal vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cloudfoundry.org/cve-2017-8033/", + "refsource": "CONFIRM", + "url": "https://www.cloudfoundry.org/cve-2017-8033/" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8384.json b/2017/8xxx/CVE-2017-8384.json index f1d1711f4ff..85a88fd6cb2 100644 --- a/2017/8xxx/CVE-2017-8384.json +++ b/2017/8xxx/CVE-2017-8384.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://craftcms.com/changelog#2-6-2976", - "refsource" : "CONFIRM", - "url" : "https://craftcms.com/changelog#2-6-2976" - }, - { - "name" : "https://twitter.com/CraftCMS/status/857743080224473088", - "refsource" : "CONFIRM", - "url" : "https://twitter.com/CraftCMS/status/857743080224473088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://craftcms.com/changelog#2-6-2976", + "refsource": "CONFIRM", + "url": "https://craftcms.com/changelog#2-6-2976" + }, + { + "name": "https://twitter.com/CraftCMS/status/857743080224473088", + "refsource": "CONFIRM", + "url": "https://twitter.com/CraftCMS/status/857743080224473088" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8415.json b/2017/8xxx/CVE-2017-8415.json index 5cc53cd9222..6271638f3ad 100644 --- a/2017/8xxx/CVE-2017-8415.json +++ b/2017/8xxx/CVE-2017-8415.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8415", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8415", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8528.json b/2017/8xxx/CVE-2017-8528.json index e6e6cd41430..a75452e2ccd 100644 --- a/2017/8xxx/CVE-2017-8528.json +++ b/2017/8xxx/CVE-2017-8528.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8528", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Uniscribe", - "version" : { - "version_data" : [ - { - "version_value" : "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Uniscribe Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0283." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8528", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Uniscribe", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8528", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8528" - }, - { - "name" : "98949", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98949" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Uniscribe Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0283." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8528", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8528" + }, + { + "name": "98949", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98949" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12546.json b/2018/12xxx/CVE-2018-12546.json index 19ecbc00c78..e4f307cc250 100644 --- a/2018/12xxx/CVE-2018-12546.json +++ b/2018/12xxx/CVE-2018-12546.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12546", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12546", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12829.json b/2018/12xxx/CVE-2018-12829.json index 73db10ac2e4..2919b9fafca 100644 --- a/2018/12xxx/CVE-2018-12829.json +++ b/2018/12xxx/CVE-2018-12829.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12829", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Creative Cloud Desktop Application before 4.6.1", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Creative Cloud Desktop Application before 4.6.1" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation vulnerability. Successful exploitation could lead to privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "improper certificate validation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12829", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Creative Cloud Desktop Application before 4.6.1", + "version": { + "version_data": [ + { + "version_value": "Adobe Creative Cloud Desktop Application before 4.6.1" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/creative-cloud/apsb18-32.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/creative-cloud/apsb18-32.html" - }, - { - "name" : "105158", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105158" - }, - { - "name" : "1041600", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation vulnerability. Successful exploitation could lead to privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "improper certificate validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105158", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105158" + }, + { + "name": "1041600", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041600" + }, + { + "name": "https://helpx.adobe.com/security/products/creative-cloud/apsb18-32.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/creative-cloud/apsb18-32.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12898.json b/2018/12xxx/CVE-2018-12898.json index 54fbc7bc6f0..64a665bbc0c 100644 --- a/2018/12xxx/CVE-2018-12898.json +++ b/2018/12xxx/CVE-2018-12898.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12898", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12898", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13112.json b/2018/13xxx/CVE-2018-13112.json index 959a97dd9c9..7fbafe7e917 100644 --- a/2018/13xxx/CVE-2018-13112.json +++ b/2018/13xxx/CVE-2018-13112.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13112", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/appneta/tcpreplay/issues/477", - "refsource" : "MISC", - "url" : "https://github.com/appneta/tcpreplay/issues/477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "get_l2len in common/get.c in Tcpreplay 4.3.0 beta1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packets, as demonstrated by tcpprep." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/appneta/tcpreplay/issues/477", + "refsource": "MISC", + "url": "https://github.com/appneta/tcpreplay/issues/477" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13324.json b/2018/13xxx/CVE-2018-13324.json index 5bfc59d2ac9..77e39c41a3f 100644 --- a/2018/13xxx/CVE-2018-13324.json +++ b/2018/13xxx/CVE-2018-13324.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d", - "refsource" : "MISC", - "url" : "https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d", + "refsource": "MISC", + "url": "https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16420.json b/2018/16xxx/CVE-2018-16420.json index 4a50508e1a4..11711d261d1 100644 --- a/2018/16xxx/CVE-2018-16420.json +++ b/2018/16xxx/CVE-2018-16420.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16420", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16420", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-b36536074d13447fbbec061e0e64d15d", - "refsource" : "MISC", - "url" : "https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-b36536074d13447fbbec061e0e64d15d" - }, - { - "name" : "https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1", - "refsource" : "MISC", - "url" : "https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1" - }, - { - "name" : "https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/", - "refsource" : "MISC", - "url" : "https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-b36536074d13447fbbec061e0e64d15d", + "refsource": "MISC", + "url": "https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-b36536074d13447fbbec061e0e64d15d" + }, + { + "name": "https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1", + "refsource": "MISC", + "url": "https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1" + }, + { + "name": "https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/", + "refsource": "MISC", + "url": "https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16570.json b/2018/16xxx/CVE-2018-16570.json index 689945cb4cc..2f5eec67fd9 100644 --- a/2018/16xxx/CVE-2018-16570.json +++ b/2018/16xxx/CVE-2018-16570.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16570", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16570", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16903.json b/2018/16xxx/CVE-2018-16903.json index 0d141ee6816..264b3b8ad36 100644 --- a/2018/16xxx/CVE-2018-16903.json +++ b/2018/16xxx/CVE-2018-16903.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16903", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16903", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17450.json b/2018/17xxx/CVE-2018-17450.json index 429e6fa4401..1906ba4a740 100644 --- a/2018/17xxx/CVE-2018-17450.json +++ b/2018/17xxx/CVE-2018-17450.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17450", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17450", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17787.json b/2018/17xxx/CVE-2018-17787.json index b4966eb4966..4238b0f3cda 100644 --- a/2018/17xxx/CVE-2018-17787.json +++ b/2018/17xxx/CVE-2018-17787.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17787", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the \"system\" library function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://xz.aliyun.com/t/2834", - "refsource" : "MISC", - "url" : "https://xz.aliyun.com/t/2834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the \"system\" library function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://xz.aliyun.com/t/2834", + "refsource": "MISC", + "url": "https://xz.aliyun.com/t/2834" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4231.json b/2018/4xxx/CVE-2018-4231.json index 1f294bdfaa0..c507d42ed24 100644 --- a/2018/4xxx/CVE-2018-4231.json +++ b/2018/4xxx/CVE-2018-4231.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4231", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4231", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4396.json b/2018/4xxx/CVE-2018-4396.json index cbe8900f682..0544ae6fc40 100644 --- a/2018/4xxx/CVE-2018-4396.json +++ b/2018/4xxx/CVE-2018-4396.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4396", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4396", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4539.json b/2018/4xxx/CVE-2018-4539.json index 4c9b9ad7418..ce65c5e4e9e 100644 --- a/2018/4xxx/CVE-2018-4539.json +++ b/2018/4xxx/CVE-2018-4539.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4539", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4539", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6702.json b/2019/6xxx/CVE-2019-6702.json index 15477947017..36851f22194 100644 --- a/2019/6xxx/CVE-2019-6702.json +++ b/2019/6xxx/CVE-2019-6702.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6702", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MasterCard Qkr! app before 5.0.8 for iOS has Missing SSL Certificate Validation. NOTE: this CVE only applies to obsolete versions from 2016 or earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151524/Qkr-With-MasterPass-Man-In-The-Middle.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151524/Qkr-With-MasterPass-Man-In-The-Middle.html" + }, + { + "refsource": "FULLDISC", + "name": "20190206 Qkr! with MasterPass iOS Application - MITM SSL Certificate Vulnerability (CVE-2019-6702)", + "url": "http://seclists.org/fulldisclosure/2019/Feb/21" + }, + { + "url": "https://seclists.org/bugtraq/2019/Feb/28", + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2019/Feb/28" + }, + { + "refsource": "MISC", + "name": "https://www.info-sec.ca/advisories/Qkr-MasterCard.html", + "url": "https://www.info-sec.ca/advisories/Qkr-MasterCard.html" } ] }