From aa2d54b90514598532d87b8ec0b2983d1878f881 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:50:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/0xxx/CVE-2004-0161.json | 140 +++++++++--------- 2004/0xxx/CVE-2004-0348.json | 150 +++++++++---------- 2004/0xxx/CVE-2004-0455.json | 140 +++++++++--------- 2004/1xxx/CVE-2004-1092.json | 150 +++++++++---------- 2004/1xxx/CVE-2004-1202.json | 160 ++++++++++---------- 2004/1xxx/CVE-2004-1506.json | 150 +++++++++---------- 2004/1xxx/CVE-2004-1772.json | 180 +++++++++++----------- 2004/2xxx/CVE-2004-2126.json | 130 ++++++++-------- 2008/2xxx/CVE-2008-2571.json | 160 ++++++++++---------- 2008/2xxx/CVE-2008-2679.json | 160 ++++++++++---------- 2008/2xxx/CVE-2008-2944.json | 140 +++++++++--------- 2008/3xxx/CVE-2008-3493.json | 140 +++++++++--------- 2008/3xxx/CVE-2008-3603.json | 150 +++++++++---------- 2008/3xxx/CVE-2008-3882.json | 150 +++++++++---------- 2008/3xxx/CVE-2008-3901.json | 120 +++++++-------- 2008/3xxx/CVE-2008-3925.json | 140 +++++++++--------- 2008/6xxx/CVE-2008-6111.json | 160 ++++++++++---------- 2008/6xxx/CVE-2008-6723.json | 160 ++++++++++---------- 2008/7xxx/CVE-2008-7133.json | 140 +++++++++--------- 2008/7xxx/CVE-2008-7239.json | 230 ++++++++++++++--------------- 2013/2xxx/CVE-2013-2697.json | 130 ++++++++-------- 2017/11xxx/CVE-2017-11100.json | 120 +++++++-------- 2017/11xxx/CVE-2017-11140.json | 150 +++++++++---------- 2017/11xxx/CVE-2017-11590.json | 120 +++++++-------- 2017/11xxx/CVE-2017-11606.json | 34 ++--- 2017/14xxx/CVE-2017-14166.json | 160 ++++++++++---------- 2017/14xxx/CVE-2017-14447.json | 122 +++++++-------- 2017/14xxx/CVE-2017-14622.json | 140 +++++++++--------- 2017/15xxx/CVE-2017-15122.json | 34 ++--- 2017/15xxx/CVE-2017-15443.json | 34 ++--- 2017/15xxx/CVE-2017-15688.json | 34 ++--- 2017/8xxx/CVE-2017-8844.json | 130 ++++++++-------- 2017/9xxx/CVE-2017-9060.json | 160 ++++++++++---------- 2018/1000xxx/CVE-2018-1000215.json | 126 ++++++++-------- 2018/1000xxx/CVE-2018-1000823.json | 136 ++++++++--------- 2018/12xxx/CVE-2018-12433.json | 120 +++++++-------- 2018/12xxx/CVE-2018-12986.json | 34 ++--- 2018/13xxx/CVE-2018-13140.json | 140 +++++++++--------- 2018/13xxx/CVE-2018-13291.json | 34 ++--- 2018/13xxx/CVE-2018-13364.json | 34 ++--- 2018/13xxx/CVE-2018-13517.json | 130 ++++++++-------- 2018/16xxx/CVE-2018-16311.json | 34 ++--- 2018/16xxx/CVE-2018-16473.json | 120 +++++++-------- 2018/16xxx/CVE-2018-16504.json | 34 ++--- 2018/16xxx/CVE-2018-16530.json | 34 ++--- 2018/16xxx/CVE-2018-16643.json | 150 +++++++++---------- 2018/16xxx/CVE-2018-16938.json | 34 ++--- 2018/4xxx/CVE-2018-4038.json | 122 +++++++-------- 2018/4xxx/CVE-2018-4315.json | 34 ++--- 2018/4xxx/CVE-2018-4747.json | 34 ++--- 2018/4xxx/CVE-2018-4941.json | 130 ++++++++-------- 51 files changed, 2949 insertions(+), 2949 deletions(-) diff --git a/2004/0xxx/CVE-2004-0161.json b/2004/0xxx/CVE-2004-0161.json index 15cd51b5bd6..348ddf588a5 100644 --- a/2004/0xxx/CVE-2004-0161.json +++ b/2004/0xxx/CVE-2004-0161.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use RFC2231 encoding, which may be interpreted differently by mail clients." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040914 Corsaire Security Advisory - Multiple vendor MIME RFC2231 encoding issue", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109524928232568&w=2" - }, - { - "name" : "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm", - "refsource" : "MISC", - "url" : "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm" - }, - { - "name" : "mime-tools-parameter-encoding(9274)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9274" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use RFC2231 encoding, which may be interpreted differently by mail clients." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040914 Corsaire Security Advisory - Multiple vendor MIME RFC2231 encoding issue", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109524928232568&w=2" + }, + { + "name": "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm", + "refsource": "MISC", + "url": "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm" + }, + { + "name": "mime-tools-parameter-encoding(9274)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9274" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0348.json b/2004/0xxx/CVE-2004-0348.json index 75b01afe782..d8ca9c09f73 100644 --- a/2004/0xxx/CVE-2004-0348.json +++ b/2004/0xxx/CVE-2004-0348.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote attackers to execute arbitrary SQL via the userId parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040303 Spider Sales shopping cart software multiple security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107833097705486&w=2" - }, - { - "name" : "http://www.s-quadra.com/advisories/Adv-20040303.txt", - "refsource" : "MISC", - "url" : "http://www.s-quadra.com/advisories/Adv-20040303.txt" - }, - { - "name" : "spidersales-userid-sql-injection(15371)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15371" - }, - { - "name" : "9799", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9799" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote attackers to execute arbitrary SQL via the userId parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040303 Spider Sales shopping cart software multiple security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107833097705486&w=2" + }, + { + "name": "spidersales-userid-sql-injection(15371)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15371" + }, + { + "name": "9799", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9799" + }, + { + "name": "http://www.s-quadra.com/advisories/Adv-20040303.txt", + "refsource": "MISC", + "url": "http://www.s-quadra.com/advisories/Adv-20040303.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0455.json b/2004/0xxx/CVE-2004-0455.json index 47e42c8918d..0013cf1fcf1 100644 --- a/2004/0xxx/CVE-2004-0455.json +++ b/2004/0xxx/CVE-2004-0455.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to execute arbitrary code via a web page that is processed by www-sql." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-523", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-523" - }, - { - "name" : "wwwsql-cgi-command-execution(16455)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16455" - }, - { - "name" : "10577", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to execute arbitrary code via a web page that is processed by www-sql." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-523", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-523" + }, + { + "name": "10577", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10577" + }, + { + "name": "wwwsql-cgi-command-execution(16455)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16455" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1092.json b/2004/1xxx/CVE-2004-1092.json index ca80b159127..64501d50990 100644 --- a/2004/1xxx/CVE-2004-1092.json +++ b/2004/1xxx/CVE-2004-1092.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-639", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-639" - }, - { - "name" : "GLSA-200502-24", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200502-24.xml" - }, - { - "name" : "midnight-commander-memory-allocation(18904)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18904" - }, - { - "name" : "13863", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13863/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13863", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13863/" + }, + { + "name": "DSA-639", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-639" + }, + { + "name": "GLSA-200502-24", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200502-24.xml" + }, + { + "name": "midnight-commander-memory-allocation(18904)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18904" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1202.json b/2004/1xxx/CVE-2004-1202.json index 0a8b7559003..b3970bf30a4 100644 --- a/2004/1xxx/CVE-2004-1202.json +++ b/2004/1xxx/CVE-2004-1202.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041126 phpCMS <= 1.2.1 Xss Vulnerability, Information disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110149207123510&w=2" - }, - { - "name" : "20041126 phpCMS <= 1.2.1 Xss Vulnerability, Information disclosure", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029499.html" - }, - { - "name" : "http://www.phpcms.de/download/index.en.html", - "refsource" : "CONFIRM", - "url" : "http://www.phpcms.de/download/index.en.html" - }, - { - "name" : "11765", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11765" - }, - { - "name" : "phpcms-parser-xss(18272)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041126 phpCMS <= 1.2.1 Xss Vulnerability, Information disclosure", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029499.html" + }, + { + "name": "phpcms-parser-xss(18272)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18272" + }, + { + "name": "http://www.phpcms.de/download/index.en.html", + "refsource": "CONFIRM", + "url": "http://www.phpcms.de/download/index.en.html" + }, + { + "name": "20041126 phpCMS <= 1.2.1 Xss Vulnerability, Information disclosure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110149207123510&w=2" + }, + { + "name": "11765", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11765" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1506.json b/2004/1xxx/CVE-2004-1506.json index 5a2743d14ed..e3b4e95ab15 100644 --- a/2004/1xxx/CVE-2004-1506.json +++ b/2004/1xxx/CVE-2004-1506.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1506", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041109 Multiple Vulnerabilities in WebCalendar", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110011618724455&w=2" - }, - { - "name" : "11651", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11651" - }, - { - "name" : "13164", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13164" - }, - { - "name" : "webcalendar-img-src-xss(18026)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041109 Multiple Vulnerabilities in WebCalendar", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110011618724455&w=2" + }, + { + "name": "11651", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11651" + }, + { + "name": "webcalendar-img-src-xss(18026)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18026" + }, + { + "name": "13164", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13164" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1772.json b/2004/1xxx/CVE-2004-1772.json index d1734bc0b20..03b6e92e19d 100644 --- a/2004/1xxx/CVE-2004-1772.json +++ b/2004/1xxx/CVE-2004-1772.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040406 GNU Sharutils buffer overflow vulnerability.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/359639" - }, - { - "name" : "FLSA:2155", - "refsource" : "FEDORA", - "url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2155" - }, - { - "name" : "RHSA-2005:377", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-377.html" - }, - { - "name" : "OpenPKG-SA-2004.011", - "refsource" : "OPENPKG", - "url" : "http://marc.info/?l=bugtraq&m=108137386310299&w=2" - }, - { - "name" : "10066", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10066" - }, - { - "name" : "oval:org.mitre.oval:def:11722", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722" - }, - { - "name" : "sharutils-shar-bo(15759)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15759" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "OpenPKG-SA-2004.011", + "refsource": "OPENPKG", + "url": "http://marc.info/?l=bugtraq&m=108137386310299&w=2" + }, + { + "name": "FLSA:2155", + "refsource": "FEDORA", + "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2155" + }, + { + "name": "oval:org.mitre.oval:def:11722", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722" + }, + { + "name": "10066", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10066" + }, + { + "name": "sharutils-shar-bo(15759)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15759" + }, + { + "name": "20040406 GNU Sharutils buffer overflow vulnerability.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/359639" + }, + { + "name": "RHSA-2005:377", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-377.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2126.json b/2004/2xxx/CVE-2004-2126.json index 36bcc9767c4..9305de8e10f 100644 --- a/2004/2xxx/CVE-2004-2126.json +++ b/2004/2xxx/CVE-2004-2126.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040128 SRT2004-01-17-0227 - BlackICE allows local users to become SYSTEM", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107530966524193&w=2" - }, - { - "name" : "9513", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9513", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9513" + }, + { + "name": "20040128 SRT2004-01-17-0227 - BlackICE allows local users to become SYSTEM", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107530966524193&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2571.json b/2008/2xxx/CVE-2008-2571.json index 1d11f2850a7..8067e254b75 100644 --- a/2008/2xxx/CVE-2008-2571.json +++ b/2008/2xxx/CVE-2008-2571.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in LimeSurvey (formerly PHPSurveyor) before 1.71 allows remote attackers to change arbitrary quotas as administrators via a \"modify quota\" action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=74605&release_id=603922", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=74605&release_id=603922" - }, - { - "name" : "http://www.limesurvey.org/content/view/102/1/lang,en/", - "refsource" : "CONFIRM", - "url" : "http://www.limesurvey.org/content/view/102/1/lang,en/" - }, - { - "name" : "29506", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29506" - }, - { - "name" : "30495", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30495" - }, - { - "name" : "limesurvey-modifyquotaaction-csrf(42807)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in LimeSurvey (formerly PHPSurveyor) before 1.71 allows remote attackers to change arbitrary quotas as administrators via a \"modify quota\" action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29506", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29506" + }, + { + "name": "30495", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30495" + }, + { + "name": "limesurvey-modifyquotaaction-csrf(42807)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42807" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=74605&release_id=603922", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=74605&release_id=603922" + }, + { + "name": "http://www.limesurvey.org/content/view/102/1/lang,en/", + "refsource": "CONFIRM", + "url": "http://www.limesurvey.org/content/view/102/1/lang,en/" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2679.json b/2008/2xxx/CVE-2008-2679.json index 6bc5dbfb4ad..3c8f361c1b9 100644 --- a/2008/2xxx/CVE-2008-2679.json +++ b/2008/2xxx/CVE-2008-2679.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the KeyWordsList function in _includes/inc_routines.asp in Realm CMS 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the kwrd parameter in a kwl action to the default URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5766", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5766" - }, - { - "name" : "http://bugreport.ir/index.php?/40", - "refsource" : "MISC", - "url" : "http://bugreport.ir/index.php?/40" - }, - { - "name" : "29616", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29616" - }, - { - "name" : "30583", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30583" - }, - { - "name" : "realm-kwrd-sql-injection(42952)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42952" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the KeyWordsList function in _includes/inc_routines.asp in Realm CMS 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the kwrd parameter in a kwl action to the default URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "realm-kwrd-sql-injection(42952)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42952" + }, + { + "name": "http://bugreport.ir/index.php?/40", + "refsource": "MISC", + "url": "http://bugreport.ir/index.php?/40" + }, + { + "name": "5766", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5766" + }, + { + "name": "30583", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30583" + }, + { + "name": "29616", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29616" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2944.json b/2008/2xxx/CVE-2008-2944.json index 6326525eadd..39dc92b93a3 100644 --- a/2008/2xxx/CVE-2008-2944.json +++ b/2008/2xxx/CVE-2008-2944.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2944", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oops), as demonstrated by a crash when running the GNU GDB testsuite, a different vulnerability than CVE-2008-2365." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2944", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=207002", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=207002" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=449359", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=449359" - }, - { - "name" : "linux-kernel-utrace-dos(43556)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43556" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oops), as demonstrated by a crash when running the GNU GDB testsuite, a different vulnerability than CVE-2008-2365." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "linux-kernel-utrace-dos(43556)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43556" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=449359", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=449359" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=207002", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=207002" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3493.json b/2008/3xxx/CVE-2008-3493.json index a6665fe77fc..e80f787f274 100644 --- a/2008/3xxx/CVE-2008-3493.json +++ b/2008/3xxx/CVE-2008-3493.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC servers to cause a denial of service (application crash) via a crafted frame buffer update packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6181", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6181" - }, - { - "name" : "30499", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30499" - }, - { - "name" : "realvnc-vncviewer-dos(44218)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44218" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC servers to cause a denial of service (application crash) via a crafted frame buffer update packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6181", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6181" + }, + { + "name": "30499", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30499" + }, + { + "name": "realvnc-vncviewer-dos(44218)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44218" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3603.json b/2008/3xxx/CVE-2008-3603.json index 52091eaa8e4..821c7c2439c 100644 --- a/2008/3xxx/CVE-2008-3603.json +++ b/2008/3xxx/CVE-2008-3603.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Vacation Rental Script 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sections action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6221", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6221" - }, - { - "name" : "30626", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30626" - }, - { - "name" : "31421", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31421" - }, - { - "name" : "vacationrental-index-sql-injection(44375)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Vacation Rental Script 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sections action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30626", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30626" + }, + { + "name": "vacationrental-index-sql-injection(44375)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44375" + }, + { + "name": "31421", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31421" + }, + { + "name": "6221", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6221" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3882.json b/2008/3xxx/CVE-2008-3882.json index 340c9fd8152..8549ca68517 100644 --- a/2008/3xxx/CVE-2008-3882.json +++ b/2008/3xxx/CVE-2008-3882.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified \"Command Injection\" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080826 ZoneMinder Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495745/100/0/threaded" - }, - { - "name" : "30843", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30843" - }, - { - "name" : "31636", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31636" - }, - { - "name" : "zoneminder-htmlviewevents-command-execution(44728)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44728" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified \"Command Injection\" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30843", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30843" + }, + { + "name": "zoneminder-htmlviewevents-command-execution(44728)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44728" + }, + { + "name": "31636", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31636" + }, + { + "name": "20080826 ZoneMinder Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495745/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3901.json b/2008/3xxx/CVE-2008-3901.json index 1af80bf73b0..76e806d5465 100644 --- a/2008/3xxx/CVE-2008-3901.json +++ b/2008/3xxx/CVE-2008-3901.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf", - "refsource" : "MISC", - "url" : "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf", + "refsource": "MISC", + "url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3925.json b/2008/3xxx/CVE-2008-3925.json index ac15d666a81..65695cde67a 100644 --- a/2008/3xxx/CVE-2008-3925.json +++ b/2008/3xxx/CVE-2008-3925.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3925", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in admin.php in Content Management Made Easy (CMME) 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3925", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6313", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6313" - }, - { - "name" : "4220", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4220" - }, - { - "name" : "cmme-admin-csrf(44686)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44686" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in admin.php in Content Management Made Easy (CMME) 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4220", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4220" + }, + { + "name": "cmme-admin-csrf(44686)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44686" + }, + { + "name": "6313", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6313" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6111.json b/2008/6xxx/CVE-2008-6111.json index 6a69f2af291..f11d112fecf 100644 --- a/2008/6xxx/CVE-2008-6111.json +++ b/2008/6xxx/CVE-2008-6111.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in blog.php in NetArt Media Vlog System 1.1 allows remote attackers to execute arbitrary SQL commands via the note parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7186", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7186" - }, - { - "name" : "32425", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32425" - }, - { - "name" : "32784", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32784" - }, - { - "name" : "ADV-2008-3247", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3247" - }, - { - "name" : "vlogsystem-note-sql-injection(46783)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in blog.php in NetArt Media Vlog System 1.1 allows remote attackers to execute arbitrary SQL commands via the note parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32425", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32425" + }, + { + "name": "ADV-2008-3247", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3247" + }, + { + "name": "7186", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7186" + }, + { + "name": "32784", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32784" + }, + { + "name": "vlogsystem-note-sql-injection(46783)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46783" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6723.json b/2008/6xxx/CVE-2008-6723.json index d2a7e8fdb14..4b57f5264c1 100644 --- a/2008/6xxx/CVE-2008-6723.json +++ b/2008/6xxx/CVE-2008-6723.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TurnkeyForms Entertainment Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLogged cookie to Administrator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7028", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7028" - }, - { - "name" : "32174", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32174" - }, - { - "name" : "49749", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49749" - }, - { - "name" : "32535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32535" - }, - { - "name" : "entertainmentportal-cookie-security-bypass(46422)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46422" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TurnkeyForms Entertainment Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLogged cookie to Administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "entertainmentportal-cookie-security-bypass(46422)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46422" + }, + { + "name": "32535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32535" + }, + { + "name": "32174", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32174" + }, + { + "name": "49749", + "refsource": "OSVDB", + "url": "http://osvdb.org/49749" + }, + { + "name": "7028", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7028" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7133.json b/2008/7xxx/CVE-2008-7133.json index b73b183d102..830835eed69 100644 --- a/2008/7xxx/CVE-2008-7133.json +++ b/2008/7xxx/CVE-2008-7133.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org EasyImageCatalogue 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search and (2) d index.php parameters to index.php, (3) dir parameter to thumber.php, and the d parameter to (4) describe.php and (5) addcomment.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/28164.html", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/28164.html" - }, - { - "name" : "28164", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28164" - }, - { - "name" : "easyimagecatalogue-multiple-xss(41187)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41187" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org EasyImageCatalogue 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search and (2) d index.php parameters to index.php, (3) dir parameter to thumber.php, and the d parameter to (4) describe.php and (5) addcomment.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/28164.html", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28164.html" + }, + { + "name": "easyimagecatalogue-multiple-xss(41187)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41187" + }, + { + "name": "28164", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28164" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7239.json b/2008/7xxx/CVE-2008-7239.json index 8ac03660495..86df2ebb45f 100644 --- a/2008/7xxx/CVE-2008-7239.json +++ b/2008/7xxx/CVE-2008-7239.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7239", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 allow remote attackers to affect confidentiality via unknown vectors related to the (1) Oracle Application Object Library (APP02) and (2) Oracle Applications Manager (APP04)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=120058413923005&w=2" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=120058413923005&w=2" - }, - { - "name" : "TA08-017A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-017A.html" - }, - { - "name" : "27229", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27229" - }, - { - "name" : "40285", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/40285" - }, - { - "name" : "40287", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/40287" - }, - { - "name" : "1019218", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1019218" - }, - { - "name" : "28518", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28518" - }, - { - "name" : "28556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28556" - }, - { - "name" : "ADV-2008-0150", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0150" - }, - { - "name" : "ADV-2008-0180", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 allow remote attackers to affect confidentiality via unknown vectors related to the (1) Oracle Application Object Library (APP02) and (2) Oracle Applications Manager (APP04)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1019218", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1019218" + }, + { + "name": "27229", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27229" + }, + { + "name": "TA08-017A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-017A.html" + }, + { + "name": "40285", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/40285" + }, + { + "name": "ADV-2008-0150", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0150" + }, + { + "name": "ADV-2008-0180", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0180" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=120058413923005&w=2" + }, + { + "name": "40287", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/40287" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=120058413923005&w=2" + }, + { + "name": "28556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28556" + }, + { + "name": "28518", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28518" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2697.json b/2013/2xxx/CVE-2013-2697.json index 0a6f518ce5f..6e71679bcd7 100644 --- a/2013/2xxx/CVE-2013-2697.json +++ b/2013/2xxx/CVE-2013-2697.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2013-2697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wordpress.org/extend/plugins/wp-downloadmanager/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/wp-downloadmanager/changelog/" - }, - { - "name" : "52863", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52863" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52863", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52863" + }, + { + "name": "http://wordpress.org/extend/plugins/wp-downloadmanager/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/wp-downloadmanager/changelog/" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11100.json b/2017/11xxx/CVE-2017-11100.json index 7a39cb51f44..427a1b2b38c 100644 --- a/2017/11xxx/CVE-2017-11100.json +++ b/2017/11xxx/CVE-2017-11100.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/matthiaskramm/swftools/issues/27", - "refsource" : "MISC", - "url" : "https://github.com/matthiaskramm/swftools/issues/27" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/matthiaskramm/swftools/issues/27", + "refsource": "MISC", + "url": "https://github.com/matthiaskramm/swftools/issues/27" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11140.json b/2017/11xxx/CVE-2017-11140.json index c956c86b26e..9d6d6c61888 100644 --- a/2017/11xxx/CVE-2017-11140.json +++ b/2017/11xxx/CVE-2017-11140.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" - }, - { - "name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/b4139088b49a", - "refsource" : "CONFIRM", - "url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/b4139088b49a" - }, - { - "name" : "DSA-4321", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4321" - }, - { - "name" : "99503", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99503" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 creates a pixel cache before a successful read of a scanline, which allows remote attackers to cause a denial of service (resource consumption) via crafted JPEG files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/b4139088b49a", + "refsource": "CONFIRM", + "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/b4139088b49a" + }, + { + "name": "99503", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99503" + }, + { + "name": "DSA-4321", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4321" + }, + { + "name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11590.json b/2017/11xxx/CVE-2017-11590.json index c355fe2de00..d2421605e2e 100644 --- a/2017/11xxx/CVE-2017-11590.json +++ b/2017/11xxx/CVE-2017-11590.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a remote denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1473167", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1473167" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a remote denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1473167", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473167" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11606.json b/2017/11xxx/CVE-2017-11606.json index 27c8aa1130b..9dd258ff579 100644 --- a/2017/11xxx/CVE-2017-11606.json +++ b/2017/11xxx/CVE-2017-11606.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11606", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11606", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14166.json b/2017/14xxx/CVE-2017-14166.json index b761e337ca2..00cdd279e6c 100644 --- a/2017/14xxx/CVE-2017-14166.json +++ b/2017/14xxx/CVE-2017-14166.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181129 [SECURITY] [DLA 1600-1] libarchive security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html" - }, - { - "name" : "https://blogs.gentoo.org/ago/2017/09/06/libarchive-heap-based-buffer-overflow-in-xml_data-archive_read_support_format_xar-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/09/06/libarchive-heap-based-buffer-overflow-in-xml_data-archive_read_support_format_xar-c/" - }, - { - "name" : "https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71", - "refsource" : "MISC", - "url" : "https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71" - }, - { - "name" : "DSA-4360", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4360" - }, - { - "name" : "USN-3736-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3736-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/09/06/libarchive-heap-based-buffer-overflow-in-xml_data-archive_read_support_format_xar-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/09/06/libarchive-heap-based-buffer-overflow-in-xml_data-archive_read_support_format_xar-c/" + }, + { + "name": "[debian-lts-announce] 20181129 [SECURITY] [DLA 1600-1] libarchive security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html" + }, + { + "name": "DSA-4360", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4360" + }, + { + "name": "https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71", + "refsource": "MISC", + "url": "https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71" + }, + { + "name": "USN-3736-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3736-1/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14447.json b/2017/14xxx/CVE-2017-14447.json index 6d0deb9d850..22992a289be 100644 --- a/2017/14xxx/CVE-2017-14447.json +++ b/2017/14xxx/CVE-2017-14447.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-06-19T00:00:00", - "ID" : "CVE-2017-14447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Insteon", - "version" : { - "version_data" : [ - { - "version_value" : "Insteon Hub 2245-222 - Firmware version 1012" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable buffer overflow vulnerability exists in the PubNub message handler for the 'ad' channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-06-19T00:00:00", + "ID": "CVE-2017-14447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Insteon", + "version": { + "version_data": [ + { + "version_value": "Insteon Hub 2245-222 - Firmware version 1012" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0496", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable buffer overflow vulnerability exists in the PubNub message handler for the 'ad' channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0496", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0496" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14622.json b/2017/14xxx/CVE-2017-14622.json index 96ce71f849d..c699f7bcbb7 100644 --- a/2017/14xxx/CVE-2017-14622.json +++ b/2017/14xxx/CVE-2017-14622.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/144261/WordPress-2kb-Amazon-Affiliates-Store-2.1.0-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/144261/WordPress-2kb-Amazon-Affiliates-Store-2.1.0-Cross-Site-Scripting.html" - }, - { - "name" : "https://wordpress.org/plugins/2kb-amazon-affiliates-store/#developers", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/2kb-amazon-affiliates-store/#developers" - }, - { - "name" : "101050", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101050" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101050", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101050" + }, + { + "name": "https://packetstormsecurity.com/files/144261/WordPress-2kb-Amazon-Affiliates-Store-2.1.0-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/144261/WordPress-2kb-Amazon-Affiliates-Store-2.1.0-Cross-Site-Scripting.html" + }, + { + "name": "https://wordpress.org/plugins/2kb-amazon-affiliates-store/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/2kb-amazon-affiliates-store/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15122.json b/2017/15xxx/CVE-2017-15122.json index ea84116cc54..5c8669d45ac 100644 --- a/2017/15xxx/CVE-2017-15122.json +++ b/2017/15xxx/CVE-2017-15122.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15122", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15122", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15443.json b/2017/15xxx/CVE-2017-15443.json index 47cfb75f1a0..38b7caed560 100644 --- a/2017/15xxx/CVE-2017-15443.json +++ b/2017/15xxx/CVE-2017-15443.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15443", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15443", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15688.json b/2017/15xxx/CVE-2017-15688.json index 8a8bb04ab98..f69d46d4031 100644 --- a/2017/15xxx/CVE-2017-15688.json +++ b/2017/15xxx/CVE-2017-15688.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15688", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15688", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8844.json b/2017/8xxx/CVE-2017-8844.json index f05742e5277..1ac4b873fc1 100644 --- a/2017/8xxx/CVE-2017-8844.json +++ b/2017/8xxx/CVE-2017-8844.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/05/07/lrzip-heap-based-buffer-overflow-write-in-read_1g-stream-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/05/07/lrzip-heap-based-buffer-overflow-write-in-read_1g-stream-c/" - }, - { - "name" : "https://github.com/ckolivas/lrzip/issues/70", - "refsource" : "MISC", - "url" : "https://github.com/ckolivas/lrzip/issues/70" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ckolivas/lrzip/issues/70", + "refsource": "MISC", + "url": "https://github.com/ckolivas/lrzip/issues/70" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/05/07/lrzip-heap-based-buffer-overflow-write-in-read_1g-stream-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/05/07/lrzip-heap-based-buffer-overflow-write-in-read_1g-stream-c/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9060.json b/2017/9xxx/CVE-2017-9060.json index b8bc2fbb5aa..0a2c88716a2 100644 --- a/2017/9xxx/CVE-2017-9060.json +++ b/2017/9xxx/CVE-2017-9060.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of \"VIRTIO_GPU_CMD_SET_SCANOUT:\" commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170519 CVE-2017-9060 Qemu: virtio-gpu: host memory leakage in Virtio GPU device", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/05/19/1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1452597", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1452597" - }, - { - "name" : "http://git.qemu.org/?p=qemu.git;a=commit;h=dd248ed7e204ee8a1873914e02b8b526e8f1b80d", - "refsource" : "CONFIRM", - "url" : "http://git.qemu.org/?p=qemu.git;a=commit;h=dd248ed7e204ee8a1873914e02b8b526e8f1b80d" - }, - { - "name" : "GLSA-201706-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-03" - }, - { - "name" : "98632", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the virtio_gpu_set_scanout function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (memory consumption) via a large number of \"VIRTIO_GPU_CMD_SET_SCANOUT:\" commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201706-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-03" + }, + { + "name": "98632", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98632" + }, + { + "name": "[oss-security] 20170519 CVE-2017-9060 Qemu: virtio-gpu: host memory leakage in Virtio GPU device", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/05/19/1" + }, + { + "name": "http://git.qemu.org/?p=qemu.git;a=commit;h=dd248ed7e204ee8a1873914e02b8b526e8f1b80d", + "refsource": "CONFIRM", + "url": "http://git.qemu.org/?p=qemu.git;a=commit;h=dd248ed7e204ee8a1873914e02b8b526e8f1b80d" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1452597", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452597" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000215.json b/2018/1000xxx/CVE-2018-1000215.json index d3094edcb5d..80f6b4d4b16 100644 --- a/2018/1000xxx/CVE-2018-1000215.json +++ b/2018/1000xxx/CVE-2018-1000215.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-08-02T16:41:53.505150", - "DATE_REQUESTED" : "2018-07-23T16:30:00", - "ID" : "CVE-2018-1000215", - "REQUESTER" : "secure@veritas.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "cJSON", - "version" : { - "version_data" : [ - { - "version_value" : "1.7.6 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Dave Gamble" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerability appears to have been fixed in 1.7.7." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-772" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-08-02T16:41:53.505150", + "DATE_REQUESTED": "2018-07-23T16:30:00", + "ID": "CVE-2018-1000215", + "REQUESTER": "secure@veritas.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/DaveGamble/cJSON/issues/267", - "refsource" : "CONFIRM", - "url" : "https://github.com/DaveGamble/cJSON/issues/267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerability appears to have been fixed in 1.7.7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/DaveGamble/cJSON/issues/267", + "refsource": "CONFIRM", + "url": "https://github.com/DaveGamble/cJSON/issues/267" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000823.json b/2018/1000xxx/CVE-2018-1000823.json index 232c6a22f18..87396f3632c 100644 --- a/2018/1000xxx/CVE-2018-1000823.json +++ b/2018/1000xxx/CVE-2018-1000823.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-11-27T13:54:33.461361", - "DATE_REQUESTED" : "2018-10-28T03:43:03", - "ID" : "CVE-2018-1000823", - "REQUESTER" : "sajeeb@0dd.zone", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "exist", - "version" : { - "version_data" : [ - { - "version_value" : "<= 5.0.0-RC4" - } - ] - } - } - ] - }, - "vendor_name" : "exist" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XML External Entity (XXE)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-11-27T13:54:33.461361", + "DATE_REQUESTED": "2018-10-28T03:43:03", + "ID": "CVE-2018-1000823", + "REQUESTER": "sajeeb@0dd.zone", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://0dd.zone/2018/10/27/exist-XXE/", - "refsource" : "MISC", - "url" : "https://0dd.zone/2018/10/27/exist-XXE/" - }, - { - "name" : "https://github.com/eXist-db/exist/issues/2180", - "refsource" : "MISC", - "url" : "https://github.com/eXist-db/exist/issues/2180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://0dd.zone/2018/10/27/exist-XXE/", + "refsource": "MISC", + "url": "https://0dd.zone/2018/10/27/exist-XXE/" + }, + { + "name": "https://github.com/eXist-db/exist/issues/2180", + "refsource": "MISC", + "url": "https://github.com/eXist-db/exist/issues/2180" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12433.json b/2018/12xxx/CVE-2018-12433.json index 23c57ebcf2f..9d71be2fa70 100644 --- a/2018/12xxx/CVE-2018-12433.json +++ b/2018/12xxx/CVE-2018-12433.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the vendor does not include side-channel attacks within its threat model." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", - "refsource" : "MISC", - "url" : "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the vendor does not include side-channel attacks within its threat model." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/", + "refsource": "MISC", + "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12986.json b/2018/12xxx/CVE-2018-12986.json index 81f76741e69..6c57e1640f6 100644 --- a/2018/12xxx/CVE-2018-12986.json +++ b/2018/12xxx/CVE-2018-12986.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12986", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12986", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13140.json b/2018/13xxx/CVE-2018-13140.json index e0ee8df4cae..154fefb3961 100644 --- a/2018/13xxx/CVE-2018-13140.json +++ b/2018/13xxx/CVE-2018-13140.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180921 [CVE-2018-13140] Antidote Remote Code Execution against the update component", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Sep/38" - }, - { - "name" : "http://packetstormsecurity.com/files/149468/Antidote-9.5.1-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/149468/Antidote-9.5.1-Code-Execution.html" - }, - { - "name" : "https://sysdream.com/news/lab/2018-09-21-cve-2018-13140-antidote-remote-code-execution-against-the-update-component/", - "refsource" : "MISC", - "url" : "https://sysdream.com/news/lab/2018-09-21-cve-2018-13140-antidote-remote-code-execution-against-the-update-component/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sysdream.com/news/lab/2018-09-21-cve-2018-13140-antidote-remote-code-execution-against-the-update-component/", + "refsource": "MISC", + "url": "https://sysdream.com/news/lab/2018-09-21-cve-2018-13140-antidote-remote-code-execution-against-the-update-component/" + }, + { + "name": "20180921 [CVE-2018-13140] Antidote Remote Code Execution against the update component", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Sep/38" + }, + { + "name": "http://packetstormsecurity.com/files/149468/Antidote-9.5.1-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/149468/Antidote-9.5.1-Code-Execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13291.json b/2018/13xxx/CVE-2018-13291.json index 3ef6fabea81..a19eca0176b 100644 --- a/2018/13xxx/CVE-2018-13291.json +++ b/2018/13xxx/CVE-2018-13291.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13291", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13291", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13364.json b/2018/13xxx/CVE-2018-13364.json index 9ec9c8b4a01..048b96d6fe0 100644 --- a/2018/13xxx/CVE-2018-13364.json +++ b/2018/13xxx/CVE-2018-13364.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13364", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13364", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13517.json b/2018/13xxx/CVE-2018-13517.json index c254065b32c..6bb66a3268d 100644 --- a/2018/13xxx/CVE-2018-13517.json +++ b/2018/13xxx/CVE-2018-13517.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for C3 Token (C3), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/C3_TokenCreate", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/C3_TokenCreate" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for C3 Token (C3), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/C3_TokenCreate", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/C3_TokenCreate" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16311.json b/2018/16xxx/CVE-2018-16311.json index b3a45e0c3e0..944cff5e354 100644 --- a/2018/16xxx/CVE-2018-16311.json +++ b/2018/16xxx/CVE-2018-16311.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16311", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16311", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16473.json b/2018/16xxx/CVE-2018-16473.json index 3ae69ed11dc..c7b9cb16470 100644 --- a/2018/16xxx/CVE-2018-16473.json +++ b/2018/16xxx/CVE-2018-16473.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2018-16473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "takeapeek", - "version" : { - "version_data" : [ - { - "version_value" : "<=0.2.2" - } - ] - } - } - ] - }, - "vendor_name" : "npm" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A path traversal in takeapeek module versions <=0.2.2 allows an attacker to list directory and files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2018-16473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "takeapeek", + "version": { + "version_data": [ + { + "version_value": "<=0.2.2" + } + ] + } + } + ] + }, + "vendor_name": "npm" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/403736", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/403736" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A path traversal in takeapeek module versions <=0.2.2 allows an attacker to list directory and files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/403736", + "refsource": "MISC", + "url": "https://hackerone.com/reports/403736" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16504.json b/2018/16xxx/CVE-2018-16504.json index 513c5aefff4..d2ceff20411 100644 --- a/2018/16xxx/CVE-2018-16504.json +++ b/2018/16xxx/CVE-2018-16504.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16504", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16504", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16530.json b/2018/16xxx/CVE-2018-16530.json index 375bd89e9d8..472e83b0ba3 100644 --- a/2018/16xxx/CVE-2018-16530.json +++ b/2018/16xxx/CVE-2018-16530.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16530", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16530", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16643.json b/2018/16xxx/CVE-2018-16643.json index 8b157858790..ba1c6bcf309 100644 --- a/2018/16xxx/CVE-2018-16643.json +++ b/2018/16xxx/CVE-2018-16643.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16643", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181003 [SECURITY] [DLA 1530-1] imagemagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00002.html" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/6b6bff054d569a77973f2140c0e86366e6168a6c", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/6b6bff054d569a77973f2140c0e86366e6168a6c" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/1199", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/1199" - }, - { - "name" : "USN-3785-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3785-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/1199", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/issues/1199" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/6b6bff054d569a77973f2140c0e86366e6168a6c", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/commit/6b6bff054d569a77973f2140c0e86366e6168a6c" + }, + { + "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1530-1] imagemagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00002.html" + }, + { + "name": "USN-3785-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3785-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16938.json b/2018/16xxx/CVE-2018-16938.json index 7c45cbd1abb..ac451194596 100644 --- a/2018/16xxx/CVE-2018-16938.json +++ b/2018/16xxx/CVE-2018-16938.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16938", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16938", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4038.json b/2018/4xxx/CVE-2018-4038.json index d3c8d6b2f66..2194037134d 100644 --- a/2018/4xxx/CVE-2018-4038.json +++ b/2018/4xxx/CVE-2018-4038.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-11-20T00:00:00", - "ID" : "CVE-2018-4038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Atlantis Word Processor", - "version" : { - "version_data" : [ - { - "version_value" : "Atlantis Word Processor 3.2.7.1, 3.2.7.2" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This constructor will miscalculate a length and then use it to calculate the position to write a null byte. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-11-20T00:00:00", + "ID": "CVE-2018-4038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Atlantis Word Processor", + "version": { + "version_data": [ + { + "version_value": "Atlantis Word Processor 3.2.7.1, 3.2.7.2" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0711", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This constructor will miscalculate a length and then use it to calculate the position to write a null byte. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0711", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0711" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4315.json b/2018/4xxx/CVE-2018-4315.json index f306e04d0cc..ebe9360c66f 100644 --- a/2018/4xxx/CVE-2018-4315.json +++ b/2018/4xxx/CVE-2018-4315.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4315", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4315", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4747.json b/2018/4xxx/CVE-2018-4747.json index 9e8c609514d..fc5aa783cf5 100644 --- a/2018/4xxx/CVE-2018-4747.json +++ b/2018/4xxx/CVE-2018-4747.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4747", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4747", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4941.json b/2018/4xxx/CVE-2018-4941.json index dfa15b6b472..a0e7de4b4dd 100644 --- a/2018/4xxx/CVE-2018-4941.json +++ b/2018/4xxx/CVE-2018-4941.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html" - }, - { - "name" : "103718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103718" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-14.html" + }, + { + "name": "103718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103718" + } + ] + } +} \ No newline at end of file