From af082856bdf92c5068d7858bca36cb1f169af859 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:03:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/1xxx/CVE-2004-1351.json | 170 +++++++++--------- 2004/1xxx/CVE-2004-1498.json | 150 ++++++++-------- 2004/1xxx/CVE-2004-1696.json | 160 ++++++++--------- 2004/1xxx/CVE-2004-1802.json | 160 ++++++++--------- 2004/2xxx/CVE-2004-2167.json | 170 +++++++++--------- 2008/2xxx/CVE-2008-2649.json | 130 +++++++------- 2008/2xxx/CVE-2008-2667.json | 200 ++++++++++----------- 2008/2xxx/CVE-2008-2913.json | 150 ++++++++-------- 2008/2xxx/CVE-2008-2926.json | 200 ++++++++++----------- 2008/3xxx/CVE-2008-3068.json | 250 +++++++++++++------------- 2008/3xxx/CVE-2008-3139.json | 270 ++++++++++++++--------------- 2008/3xxx/CVE-2008-3669.json | 170 +++++++++--------- 2008/3xxx/CVE-2008-3779.json | 160 ++++++++--------- 2008/3xxx/CVE-2008-3909.json | 210 +++++++++++----------- 2008/6xxx/CVE-2008-6538.json | 140 +++++++-------- 2008/6xxx/CVE-2008-6845.json | 150 ++++++++-------- 2008/7xxx/CVE-2008-7048.json | 140 +++++++-------- 2013/2xxx/CVE-2013-2170.json | 34 ++-- 2013/2xxx/CVE-2013-2510.json | 34 ++-- 2013/2xxx/CVE-2013-2946.json | 34 ++-- 2017/11xxx/CVE-2017-11483.json | 34 ++-- 2017/11xxx/CVE-2017-11541.json | 180 +++++++++---------- 2017/11xxx/CVE-2017-11710.json | 34 ++-- 2017/11xxx/CVE-2017-11850.json | 142 +++++++-------- 2017/14xxx/CVE-2017-14035.json | 120 ++++++------- 2017/14xxx/CVE-2017-14704.json | 120 ++++++------- 2017/15xxx/CVE-2017-15117.json | 34 ++-- 2017/15xxx/CVE-2017-15210.json | 140 +++++++-------- 2017/15xxx/CVE-2017-15487.json | 34 ++-- 2017/8xxx/CVE-2017-8592.json | 152 ++++++++-------- 2017/8xxx/CVE-2017-8813.json | 34 ++-- 2018/1000xxx/CVE-2018-1000161.json | 126 +++++++------- 2018/12xxx/CVE-2018-12022.json | 34 ++-- 2018/12xxx/CVE-2018-12030.json | 130 +++++++------- 2018/12xxx/CVE-2018-12073.json | 120 ++++++------- 2018/12xxx/CVE-2018-12290.json | 120 ++++++------- 2018/12xxx/CVE-2018-12314.json | 120 ++++++------- 2018/12xxx/CVE-2018-12555.json | 34 ++-- 2018/12xxx/CVE-2018-12629.json | 34 ++-- 2018/13xxx/CVE-2018-13615.json | 130 +++++++------- 2018/13xxx/CVE-2018-13630.json | 130 +++++++------- 2018/16xxx/CVE-2018-16744.json | 120 ++++++------- 2018/16xxx/CVE-2018-16829.json | 34 ++-- 2018/16xxx/CVE-2018-16961.json | 34 ++-- 2018/16xxx/CVE-2018-16988.json | 34 ++-- 2018/4xxx/CVE-2018-4261.json | 34 ++-- 2018/4xxx/CVE-2018-4594.json | 34 ++-- 2018/4xxx/CVE-2018-4852.json | 138 +++++++-------- 2018/4xxx/CVE-2018-4911.json | 140 +++++++-------- 49 files changed, 2826 insertions(+), 2826 deletions(-) diff --git a/2004/1xxx/CVE-2004-1351.json b/2004/1xxx/CVE-2004-1351.json index b2a74765b16..5625a0591fb 100644 --- a/2004/1xxx/CVE-2004-1351.json +++ b/2004/1xxx/CVE-2004-1351.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "57659", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57659-1&searchclause=%22category:security%22%20%22availability,%20security%22" - }, - { - "name" : "ESB-2004.0759", - "refsource" : "AUSCERT", - "url" : "http://www.auscert.org.au/render.html?it=4597" - }, - { - "name" : "P-050", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-050.shtml" - }, - { - "name" : "oval:org.mitre.oval:def:592", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A592" - }, - { - "name" : "solaris-inrwhod-command-execution(18385)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18385" - }, - { - "name" : "11840", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:592", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A592" + }, + { + "name": "11840", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11840" + }, + { + "name": "solaris-inrwhod-command-execution(18385)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18385" + }, + { + "name": "57659", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57659-1&searchclause=%22category:security%22%20%22availability,%20security%22" + }, + { + "name": "P-050", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-050.shtml" + }, + { + "name": "ESB-2004.0759", + "refsource": "AUSCERT", + "url": "http://www.auscert.org.au/render.html?it=4597" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1498.json b/2004/1xxx/CVE-2004-1498.json index 1d12cca8591..5f808787a0e 100644 --- a/2004/1xxx/CVE-2004-1498.json +++ b/2004/1xxx/CVE-2004-1498.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary SQL commands via the messageToUserAccNum parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041102 [Hat-Squad] SQL injection and XSS Vulnerabilities in HELM", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109943858026542&w=2" - }, - { - "name" : "http://www.hat-squad.com/en/000077.html", - "refsource" : "MISC", - "url" : "http://www.hat-squad.com/en/000077.html" - }, - { - "name" : "11586", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11586" - }, - { - "name" : "13079", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13079" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary SQL commands via the messageToUserAccNum parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13079", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13079" + }, + { + "name": "20041102 [Hat-Squad] SQL injection and XSS Vulnerabilities in HELM", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109943858026542&w=2" + }, + { + "name": "http://www.hat-squad.com/en/000077.html", + "refsource": "MISC", + "url": "http://www.hat-squad.com/en/000077.html" + }, + { + "name": "11586", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11586" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1696.json b/2004/1xxx/CVE-2004-1696.json index 57e0154966d..0901e26ed41 100644 --- a/2004/1xxx/CVE-2004-1696.json +++ b/2004/1xxx/CVE-2004-1696.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1696", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to cause a denial of service (application crash) via a sequence of carriage returns sent to TCP port 66." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1696", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040921 Multiple Vulnerabilities In EmuLive Server4", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109577497718374&w=2" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00051-09202004", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00051-09202004" - }, - { - "name" : "11226", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11226" - }, - { - "name" : "12616", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12616" - }, - { - "name" : "emulive-tcp-port-dos(17451)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17451" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to cause a denial of service (application crash) via a sequence of carriage returns sent to TCP port 66." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040921 Multiple Vulnerabilities In EmuLive Server4", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109577497718374&w=2" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00051-09202004", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00051-09202004" + }, + { + "name": "12616", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12616" + }, + { + "name": "11226", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11226" + }, + { + "name": "emulive-tcp-port-dos(17451)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17451" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1802.json b/2004/1xxx/CVE-2004-1802.json index 05afb4a5d2f..e08d3e04446 100644 --- a/2004/1xxx/CVE-2004-1802.json +++ b/2004/1xxx/CVE-2004-1802.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Chat Anywhere 2.72 and earlier allows remote attackers to hide their IP address by using %00 before the nickname, which causes the IP address to be displayed as $IP$ on the administration web page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040309 Ghost users in Chat Anywhere 2.72", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107885946220895&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/chatany-ghost-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/chatany-ghost-adv.txt" - }, - { - "name" : "http://www.lionmax.com/chatanywhere.htm", - "refsource" : "CONFIRM", - "url" : "http://www.lionmax.com/chatanywhere.htm" - }, - { - "name" : "9823", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9823" - }, - { - "name" : "chat-anywhere-admin-bypass(15416)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15416" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Chat Anywhere 2.72 and earlier allows remote attackers to hide their IP address by using %00 before the nickname, which causes the IP address to be displayed as $IP$ on the administration web page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "chat-anywhere-admin-bypass(15416)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15416" + }, + { + "name": "http://aluigi.altervista.org/adv/chatany-ghost-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/chatany-ghost-adv.txt" + }, + { + "name": "9823", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9823" + }, + { + "name": "http://www.lionmax.com/chatanywhere.htm", + "refsource": "CONFIRM", + "url": "http://www.lionmax.com/chatanywhere.htm" + }, + { + "name": "20040309 Ghost users in Chat Anywhere 2.72", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107885946220895&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2167.json b/2004/2xxx/CVE-2004-2167.json index bac1d02fa6c..6f69cee1758 100644 --- a/2004/2xxx/CVE-2004-2167.json +++ b/2004/2xxx/CVE-2004-2167.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other versions, allow remote attackers to execute arbitrary code via (1) the expandmacro function, and possibly (2) Environments and (3) TranslateCommand." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cvs.sourceforge.net/viewcvs.py/latex2rtf/latex2rtf/definitions.c?rev=1.22&view=log", - "refsource" : "CONFIRM", - "url" : "http://cvs.sourceforge.net/viewcvs.py/latex2rtf/latex2rtf/definitions.c?rev=1.22&view=log" - }, - { - "name" : "11233", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11233" - }, - { - "name" : "10216", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=10216" - }, - { - "name" : "1011367", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2004/Sep/1011367.html" - }, - { - "name" : "latex2rtf-expandmacro-bo(17460)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17460" - }, - { - "name" : "latex2rtf-multiple-bo(17487)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other versions, allow remote attackers to execute arbitrary code via (1) the expandmacro function, and possibly (2) Environments and (3) TranslateCommand." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1011367", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2004/Sep/1011367.html" + }, + { + "name": "latex2rtf-multiple-bo(17487)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17487" + }, + { + "name": "http://cvs.sourceforge.net/viewcvs.py/latex2rtf/latex2rtf/definitions.c?rev=1.22&view=log", + "refsource": "CONFIRM", + "url": "http://cvs.sourceforge.net/viewcvs.py/latex2rtf/latex2rtf/definitions.c?rev=1.22&view=log" + }, + { + "name": "11233", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11233" + }, + { + "name": "10216", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=10216" + }, + { + "name": "latex2rtf-expandmacro-bo(17460)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17460" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2649.json b/2008/2xxx/CVE-2008-2649.json index 1d5d4c3eed1..dfcb0f51ffe 100644 --- a/2008/2xxx/CVE-2008-2649.json +++ b/2008/2xxx/CVE-2008-2649.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 Beta allow remote attackers to execute arbitrary PHP code via a URL in the app_path parameter to (1) don3_requiem.don3app/don3_requiem.php and (2) frontpage.don3app/frontpage.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5715", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5715" - }, - { - "name" : "desktoponnet-apppath-file-include(42790)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42790" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 Beta allow remote attackers to execute arbitrary PHP code via a URL in the app_path parameter to (1) don3_requiem.don3app/don3_requiem.php and (2) frontpage.don3app/frontpage.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5715", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5715" + }, + { + "name": "desktoponnet-apppath-file-include(42790)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42790" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2667.json b/2008/2xxx/CVE-2008-2667.json index 58007207d73..8ee53915e38 100644 --- a/2008/2xxx/CVE-2008-2667.json +++ b/2008/2xxx/CVE-2008-2667.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2667", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2667", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[courier-announce] 20080608 courier-authlib 0.60.6 released", - "refsource" : "MLIST", - "url" : "http://www.nabble.com/courier-authlib-0.60.6-released-td17720739.html" - }, - { - "name" : "[courier-users] 20080314 Re: [courier-users] [Fwd: Re: authmysql vs apostrophe]", - "refsource" : "MLIST", - "url" : "http://www.mail-archive.com/courier-users@lists.sourceforge.net/msg31362.html" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=225407", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=225407" - }, - { - "name" : "http://www.courier-mta.org/authlib/changelog.html", - "refsource" : "CONFIRM", - "url" : "http://www.courier-mta.org/authlib/changelog.html" - }, - { - "name" : "GLSA-200809-05", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200809-05.xml" - }, - { - "name" : "SUSE-SR:2008:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html" - }, - { - "name" : "30967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30967" - }, - { - "name" : "30591", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30591" - }, - { - "name" : "opensuse-unspecified-sql-injection(43628)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[courier-announce] 20080608 courier-authlib 0.60.6 released", + "refsource": "MLIST", + "url": "http://www.nabble.com/courier-authlib-0.60.6-released-td17720739.html" + }, + { + "name": "30591", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30591" + }, + { + "name": "opensuse-unspecified-sql-injection(43628)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43628" + }, + { + "name": "[courier-users] 20080314 Re: [courier-users] [Fwd: Re: authmysql vs apostrophe]", + "refsource": "MLIST", + "url": "http://www.mail-archive.com/courier-users@lists.sourceforge.net/msg31362.html" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=225407", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=225407" + }, + { + "name": "30967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30967" + }, + { + "name": "http://www.courier-mta.org/authlib/changelog.html", + "refsource": "CONFIRM", + "url": "http://www.courier-mta.org/authlib/changelog.html" + }, + { + "name": "SUSE-SR:2008:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html" + }, + { + "name": "GLSA-200809-05", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200809-05.xml" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2913.json b/2008/2xxx/CVE-2008-2913.json index 57a75e12c90..a93470a98e0 100644 --- a/2008/2xxx/CVE-2008-2913.json +++ b/2008/2xxx/CVE-2008-2913.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in func.php in Devalcms 1.4a, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the currentpath parameter, in conjunction with certain ... (triple dot) and ..... sequences in the currentfile parameter, to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5822", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5822" - }, - { - "name" : "29728", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29728" - }, - { - "name" : "30585", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30585" - }, - { - "name" : "devalcms-currentfile-file-include(43116)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in func.php in Devalcms 1.4a, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the currentpath parameter, in conjunction with certain ... (triple dot) and ..... sequences in the currentfile parameter, to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30585", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30585" + }, + { + "name": "5822", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5822" + }, + { + "name": "29728", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29728" + }, + { + "name": "devalcms-currentfile-file-include(43116)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43116" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2926.json b/2008/2xxx/CVE-2008-2926.json index 69293faebbc..ca5b5375f9d 100644 --- a/2008/2xxx/CVE-2008-2926.json +++ b/2008/2xxx/CVE-2008-2926.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080812 CA Host-Based Intrusion Prevention System SDK kmxfw.sys Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495397/100/0/threaded" - }, - { - "name" : "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36559", - "refsource" : "CONFIRM", - "url" : "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36559" - }, - { - "name" : "30651", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30651" - }, - { - "name" : "ADV-2008-2339", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2339" - }, - { - "name" : "1020658", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020658" - }, - { - "name" : "1020659", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020659" - }, - { - "name" : "1020660", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020660" - }, - { - "name" : "31434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31434" - }, - { - "name" : "ca-kmxfw-privilege-escalation(44392)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-2339", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2339" + }, + { + "name": "1020660", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020660" + }, + { + "name": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36559", + "refsource": "CONFIRM", + "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36559" + }, + { + "name": "20080812 CA Host-Based Intrusion Prevention System SDK kmxfw.sys Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495397/100/0/threaded" + }, + { + "name": "31434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31434" + }, + { + "name": "1020658", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020658" + }, + { + "name": "30651", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30651" + }, + { + "name": "ca-kmxfw-privilege-escalation(44392)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44392" + }, + { + "name": "1020659", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020659" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3068.json b/2008/3xxx/CVE-2008-3068.json index fdfa109b228..8aaa50f4e47 100644 --- a/2008/3xxx/CVE-2008-3068.json +++ b/2008/3xxx/CVE-2008-3068.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080703 Unauthorized reading confirmation from Outlook", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493947/100/0/threaded" - }, - { - "name" : "20080709 Re: Unauthorized reading confirmation from Outlook", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494101/100/0/threaded" - }, - { - "name" : "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt", - "refsource" : "MISC", - "url" : "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt" - }, - { - "name" : "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt", - "refsource" : "MISC", - "url" : "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt" - }, - { - "name" : "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt", - "refsource" : "MISC", - "url" : "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt" - }, - { - "name" : "https://www.cynops.de/techzone/http_over_x509.html", - "refsource" : "MISC", - "url" : "https://www.cynops.de/techzone/http_over_x509.html" - }, - { - "name" : "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt", - "refsource" : "MISC", - "url" : "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt" - }, - { - "name" : "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt", - "refsource" : "MISC", - "url" : "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt" - }, - { - "name" : "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt", - "refsource" : "MISC", - "url" : "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt" - }, - { - "name" : "28548", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28548" - }, - { - "name" : "1019736", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019736" - }, - { - "name" : "1019738", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019738" - }, - { - "name" : "1019737", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019737" - }, - { - "name" : "3978", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3978" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt", + "refsource": "MISC", + "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt" + }, + { + "name": "3978", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3978" + }, + { + "name": "20080709 Re: Unauthorized reading confirmation from Outlook", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded" + }, + { + "name": "28548", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28548" + }, + { + "name": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt", + "refsource": "MISC", + "url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt" + }, + { + "name": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt", + "refsource": "MISC", + "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt" + }, + { + "name": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt", + "refsource": "MISC", + "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt" + }, + { + "name": "1019736", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019736" + }, + { + "name": "1019738", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019738" + }, + { + "name": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt", + "refsource": "MISC", + "url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt" + }, + { + "name": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt", + "refsource": "MISC", + "url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt" + }, + { + "name": "1019737", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019737" + }, + { + "name": "https://www.cynops.de/techzone/http_over_x509.html", + "refsource": "MISC", + "url": "https://www.cynops.de/techzone/http_over_x509.html" + }, + { + "name": "20080703 Unauthorized reading confirmation from Outlook", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3139.json b/2008/3xxx/CVE-2008-3139.json index 29c88ea103f..fd64e6fb83a 100644 --- a/2008/3xxx/CVE-2008-3139.json +++ b/2008/3xxx/CVE-2008-3139.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3139", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080703 rPSA-2008-0212-1 tshark wireshark", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493882/100/0/threaded" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2008-03.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2008-03.html" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212" - }, - { - "name" : "FEDORA-2008-6440", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html" - }, - { - "name" : "GLSA-200808-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200808-04.xml" - }, - { - "name" : "SUSE-SR:2008:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" - }, - { - "name" : "30020", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30020" - }, - { - "name" : "oval:org.mitre.oval:def:14682", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14682" - }, - { - "name" : "1020404", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020404" - }, - { - "name" : "30886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30886" - }, - { - "name" : "30942", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30942" - }, - { - "name" : "31085", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31085" - }, - { - "name" : "ADV-2008-1982", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1982/references" - }, - { - "name" : "31378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31378" - }, - { - "name" : "31687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31687" - }, - { - "name" : "wireshark-rtmpt-dos(43517)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43517" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30886" + }, + { + "name": "oval:org.mitre.oval:def:14682", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14682" + }, + { + "name": "SUSE-SR:2008:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" + }, + { + "name": "wireshark-rtmpt-dos(43517)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43517" + }, + { + "name": "30942", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30942" + }, + { + "name": "FEDORA-2008-6440", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html" + }, + { + "name": "ADV-2008-1982", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1982/references" + }, + { + "name": "31687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31687" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2008-03.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2008-03.html" + }, + { + "name": "GLSA-200808-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200808-04.xml" + }, + { + "name": "20080703 rPSA-2008-0212-1 tshark wireshark", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493882/100/0/threaded" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212" + }, + { + "name": "30020", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30020" + }, + { + "name": "31378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31378" + }, + { + "name": "1020404", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020404" + }, + { + "name": "31085", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31085" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3669.json b/2008/3xxx/CVE-2008-3669.json index ca62aaafda2..99f57545847 100644 --- a/2008/3xxx/CVE-2008-3669.json +++ b/2008/3xxx/CVE-2008-3669.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in comments.php in ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP Script (aka ZeeReviews) allows remote attackers to execute arbitrary SQL commands via the ItemID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6165", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6165" - }, - { - "name" : "30445", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30445" - }, - { - "name" : "ADV-2008-2256", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2256/references" - }, - { - "name" : "31296", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31296" - }, - { - "name" : "4151", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4151" - }, - { - "name" : "reviewsopinions-comments-sql-injection(44100)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44100" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in comments.php in ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP Script (aka ZeeReviews) allows remote attackers to execute arbitrary SQL commands via the ItemID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6165", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6165" + }, + { + "name": "30445", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30445" + }, + { + "name": "ADV-2008-2256", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2256/references" + }, + { + "name": "4151", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4151" + }, + { + "name": "31296", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31296" + }, + { + "name": "reviewsopinions-comments-sql-injection(44100)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44100" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3779.json b/2008/3xxx/CVE-2008-3779.json index c00388e68fb..add343cafbd 100644 --- a/2008/3xxx/CVE-2008-3779.json +++ b/2008/3xxx/CVE-2008-3779.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search/index.php in Five Star Review Script allows remote attackers to inject arbitrary web script or HTML via the words parameter in a search action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6294", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6294" - }, - { - "name" : "30808", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30808" - }, - { - "name" : "31585", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31585" - }, - { - "name" : "4184", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4184" - }, - { - "name" : "fivestar-index-xss(44637)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44637" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search/index.php in Five Star Review Script allows remote attackers to inject arbitrary web script or HTML via the words parameter in a search action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31585", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31585" + }, + { + "name": "30808", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30808" + }, + { + "name": "fivestar-index-xss(44637)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44637" + }, + { + "name": "6294", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6294" + }, + { + "name": "4184", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4184" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3909.json b/2008/3xxx/CVE-2008-3909.json index 1a043fb9287..02448e88e90 100644 --- a/2008/3xxx/CVE-2008-3909.json +++ b/2008/3xxx/CVE-2008-3909.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080903 django CSRF vuln", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/09/03/4" - }, - { - "name" : "http://www.djangoproject.com/weblog/2008/sep/02/security/", - "refsource" : "CONFIRM", - "url" : "http://www.djangoproject.com/weblog/2008/sep/02/security/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=460966", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=460966" - }, - { - "name" : "DSA-1640", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1640" - }, - { - "name" : "FEDORA-2008-7288", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00091.html" - }, - { - "name" : "FEDORA-2008-7672", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00131.html" - }, - { - "name" : "47906", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/47906" - }, - { - "name" : "31961", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31961" - }, - { - "name" : "ADV-2008-2533", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2533" - }, - { - "name" : "31837", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31837" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31837", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31837" + }, + { + "name": "http://www.djangoproject.com/weblog/2008/sep/02/security/", + "refsource": "CONFIRM", + "url": "http://www.djangoproject.com/weblog/2008/sep/02/security/" + }, + { + "name": "DSA-1640", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1640" + }, + { + "name": "FEDORA-2008-7288", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00091.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=460966", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=460966" + }, + { + "name": "ADV-2008-2533", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2533" + }, + { + "name": "31961", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31961" + }, + { + "name": "[oss-security] 20080903 django CSRF vuln", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/09/03/4" + }, + { + "name": "FEDORA-2008-7672", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00131.html" + }, + { + "name": "47906", + "refsource": "OSVDB", + "url": "http://osvdb.org/47906" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6538.json b/2008/6xxx/CVE-2008-6538.json index 4b7870f7016..bdc059409ef 100644 --- a/2008/6xxx/CVE-2008-6538.json +++ b/2008/6xxx/CVE-2008-6538.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a direct request to config/add/CfgOptUser." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5298", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5298" - }, - { - "name" : "28426", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28426" - }, - { - "name" : "destar-publisher-security-bypass(41384)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41384" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a direct request to config/add/CfgOptUser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "destar-publisher-security-bypass(41384)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41384" + }, + { + "name": "28426", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28426" + }, + { + "name": "5298", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5298" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6845.json b/2008/6xxx/CVE-2008-6845.json index 013b70cb815..0ef5db9836b 100644 --- a/2008/6xxx/CVE-2008-6845.json +++ b/2008/6xxx/CVE-2008-6845.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081210 [IVIZ-08-011] ClamAV lzh unpacking segmentation fault", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499078/100/0/threaded" - }, - { - "name" : "http://www.ivizsecurity.com/security-advisory-iviz-sr-08011.html", - "refsource" : "MISC", - "url" : "http://www.ivizsecurity.com/security-advisory-iviz-sr-08011.html" - }, - { - "name" : "32752", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32752" - }, - { - "name" : "51963", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51963" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20081210 [IVIZ-08-011] ClamAV lzh unpacking segmentation fault", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499078/100/0/threaded" + }, + { + "name": "32752", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32752" + }, + { + "name": "http://www.ivizsecurity.com/security-advisory-iviz-sr-08011.html", + "refsource": "MISC", + "url": "http://www.ivizsecurity.com/security-advisory-iviz-sr-08011.html" + }, + { + "name": "51963", + "refsource": "OSVDB", + "url": "http://osvdb.org/51963" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7048.json b/2008/7xxx/CVE-2008-7048.json index af59c59bfe3..53c01634d8f 100644 --- a/2008/7xxx/CVE-2008-7048.json +++ b/2008/7xxx/CVE-2008-7048.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7048", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in NatterChat 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) txtUsername parameter to registerDo.asp, as invoked from register.asp, or (2) txtRoomName parameter to room_new.asp. NOTE: these issues might be resultant from XSS in SQL error messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081120 NatterChat 1.12 txtUsername and txtRoomName XSS", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-11/0461.html" - }, - { - "name" : "51985", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51985" - }, - { - "name" : "natterchat-register-xss(46768)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46768" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in NatterChat 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) txtUsername parameter to registerDo.asp, as invoked from register.asp, or (2) txtRoomName parameter to room_new.asp. NOTE: these issues might be resultant from XSS in SQL error messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20081120 NatterChat 1.12 txtUsername and txtRoomName XSS", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-11/0461.html" + }, + { + "name": "51985", + "refsource": "OSVDB", + "url": "http://osvdb.org/51985" + }, + { + "name": "natterchat-register-xss(46768)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46768" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2170.json b/2013/2xxx/CVE-2013-2170.json index b5e17bfbc00..e035aa17421 100644 --- a/2013/2xxx/CVE-2013-2170.json +++ b/2013/2xxx/CVE-2013-2170.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2170", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2013-2170", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2510.json b/2013/2xxx/CVE-2013-2510.json index 02e3a31f5fe..007db69d985 100644 --- a/2013/2xxx/CVE-2013-2510.json +++ b/2013/2xxx/CVE-2013-2510.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2510", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2510", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2946.json b/2013/2xxx/CVE-2013-2946.json index fc795a20d34..404e3eb3c37 100644 --- a/2013/2xxx/CVE-2013-2946.json +++ b/2013/2xxx/CVE-2013-2946.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2946", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2946", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11483.json b/2017/11xxx/CVE-2017-11483.json index fdc7a00a9e9..7acab85e694 100644 --- a/2017/11xxx/CVE-2017-11483.json +++ b/2017/11xxx/CVE-2017-11483.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11483", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-11483", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11541.json b/2017/11xxx/CVE-2017-11541.json index e8f25ac3dd9..a24bc4e9eea 100644 --- a/2017/11xxx/CVE-2017-11541.json +++ b/2017/11xxx/CVE-2017-11541.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/util-print", - "refsource" : "MISC", - "url" : "https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/util-print" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "DSA-3971", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3971" - }, - { - "name" : "GLSA-201709-23", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-23" - }, - { - "name" : "RHEA-2018:0705", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHEA-2018:0705" - }, - { - "name" : "99941", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99941" - }, - { - "name" : "1039307", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201709-23", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-23" + }, + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "DSA-3971", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3971" + }, + { + "name": "1039307", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039307" + }, + { + "name": "99941", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99941" + }, + { + "name": "https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/util-print", + "refsource": "MISC", + "url": "https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/util-print" + }, + { + "name": "RHEA-2018:0705", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHEA-2018:0705" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11710.json b/2017/11xxx/CVE-2017-11710.json index f7edcd4fdd7..0a1ad558ed7 100644 --- a/2017/11xxx/CVE-2017-11710.json +++ b/2017/11xxx/CVE-2017-11710.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11710", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11710", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11850.json b/2017/11xxx/CVE-2017-11850.json index 5eb0c3d17c5..fb6117cd4a7 100644 --- a/2017/11xxx/CVE-2017-11850.json +++ b/2017/11xxx/CVE-2017-11850.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-11-14T00:00:00", - "ID" : "CVE-2017-11850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Graphics Component", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to improper handling of objects in memory, aka \"Microsoft Graphics Component Information Disclosure Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-11-14T00:00:00", + "ID": "CVE-2017-11850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Graphics Component", + "version": { + "version_data": [ + { + "version_value": "Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11850", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11850" - }, - { - "name" : "101738", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101738" - }, - { - "name" : "1039782", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039782" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to improper handling of objects in memory, aka \"Microsoft Graphics Component Information Disclosure Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101738", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101738" + }, + { + "name": "1039782", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039782" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11850", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11850" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14035.json b/2017/14xxx/CVE-2017-14035.json index 157797d3643..ec327bff68b 100644 --- a/2017/14xxx/CVE-2017-14035.json +++ b/2017/14xxx/CVE-2017-14035.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14035", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CrushFTP 8.x before 8.2.0 has a serialization vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14035", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crushftp.com/version8.html", - "refsource" : "CONFIRM", - "url" : "https://crushftp.com/version8.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CrushFTP 8.x before 8.2.0 has a serialization vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crushftp.com/version8.html", + "refsource": "CONFIRM", + "url": "https://crushftp.com/version8.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14704.json b/2017/14xxx/CVE-2017-14704.json index f72197ba09b..093a6b09fc1 100644 --- a/2017/14xxx/CVE-2017-14704.json +++ b/2017/14xxx/CVE-2017-14704.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42773", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42773/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42773", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42773/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15117.json b/2017/15xxx/CVE-2017-15117.json index 65b3728eaf5..775802c25df 100644 --- a/2017/15xxx/CVE-2017-15117.json +++ b/2017/15xxx/CVE-2017-15117.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15117", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15117", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15210.json b/2017/15xxx/CVE-2017-15210.json index 76b246f217c..9b228ac9533 100644 --- a/2017/15xxx/CVE-2017-15210.json +++ b/2017/15xxx/CVE-2017-15210.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/10/04/9", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/10/04/9" - }, - { - "name" : "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1", - "refsource" : "MISC", - "url" : "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1" - }, - { - "name" : "https://kanboard.net/news/version-1.0.47", - "refsource" : "MISC", - "url" : "https://kanboard.net/news/version-1.0.47" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://openwall.com/lists/oss-security/2017/10/04/9", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/10/04/9" + }, + { + "name": "https://kanboard.net/news/version-1.0.47", + "refsource": "MISC", + "url": "https://kanboard.net/news/version-1.0.47" + }, + { + "name": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1", + "refsource": "MISC", + "url": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15487.json b/2017/15xxx/CVE-2017-15487.json index b5412423b27..466d21b2f9d 100644 --- a/2017/15xxx/CVE-2017-15487.json +++ b/2017/15xxx/CVE-2017-15487.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15487", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15487", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8592.json b/2017/8xxx/CVE-2017-8592.json index b5a6cd1a796..43010a586e4 100644 --- a/2017/8xxx/CVE-2017-8592.json +++ b/2017/8xxx/CVE-2017-8592.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-07-11T00:00:00", - "ID" : "CVE-2017-8592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft browsers" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a security feature bypass vulnerability when they improperly handle redirect requests, aka \"Microsoft Browser Security Feature Bypass\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-07-11T00:00:00", + "ID": "CVE-2017-8592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "Microsoft browsers" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8592", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8592" - }, - { - "name" : "99396", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99396" - }, - { - "name" : "1038859", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038859" - }, - { - "name" : "1038860", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038860" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a security feature bypass vulnerability when they improperly handle redirect requests, aka \"Microsoft Browser Security Feature Bypass\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038860", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038860" + }, + { + "name": "1038859", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038859" + }, + { + "name": "99396", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99396" + }, + { + "name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8592", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8592" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8813.json b/2017/8xxx/CVE-2017-8813.json index 87c5fc5386a..42f4aec6c09 100644 --- a/2017/8xxx/CVE-2017-8813.json +++ b/2017/8xxx/CVE-2017-8813.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8813", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-8831. Reason: This candidate is a duplicate of CVE-2017-8831. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2017-8831 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-8813", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-8831. Reason: This candidate is a duplicate of CVE-2017-8831. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2017-8831 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000161.json b/2018/1000xxx/CVE-2018-1000161.json index a59ea288657..c2dc678bbed 100644 --- a/2018/1000xxx/CVE-2018-1000161.json +++ b/2018/1000xxx/CVE-2018-1000161.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-04-06T14:09:26.583532", - "DATE_REQUESTED" : "2018-03-27T14:18:58", - "ID" : "CVE-2018-1000161", - "REQUESTER" : "ocve@wolke7.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "nmap", - "version" : { - "version_data" : [ - { - "version_value" : "6.49BETA6 through 7.60, up to and including SVN revision 37147" - } - ] - } - } - ] - }, - "vendor_name" : "nmap" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-04-06T14:09:26.583532", + "DATE_REQUESTED": "2018-03-27T14:18:58", + "ID": "CVE-2018-1000161", + "REQUESTER": "ocve@wolke7.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nmap.org/changelog.html", - "refsource" : "MISC", - "url" : "https://nmap.org/changelog.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nmap.org/changelog.html", + "refsource": "MISC", + "url": "https://nmap.org/changelog.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12022.json b/2018/12xxx/CVE-2018-12022.json index 48f6cdd74fc..cd8ded89d7d 100644 --- a/2018/12xxx/CVE-2018-12022.json +++ b/2018/12xxx/CVE-2018-12022.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12022", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12022", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12030.json b/2018/12xxx/CVE-2018-12030.json index 2b3c8b7a47d..b68dcf457d5 100644 --- a/2018/12xxx/CVE-2018-12030.json +++ b/2018/12xxx/CVE-2018-12030.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12030", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Chevereto Free before 1.0.13 has XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://edricteo.com/chevereto-free-xss-vulnerability-in-version-1.0.12/", - "refsource" : "MISC", - "url" : "https://edricteo.com/chevereto-free-xss-vulnerability-in-version-1.0.12/" - }, - { - "name" : "https://github.com/Chevereto/Chevereto-Free/commit/159daeab6adfe828bd06e6e74f5b647bf9b1bb70", - "refsource" : "CONFIRM", - "url" : "https://github.com/Chevereto/Chevereto-Free/commit/159daeab6adfe828bd06e6e74f5b647bf9b1bb70" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Chevereto Free before 1.0.13 has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://edricteo.com/chevereto-free-xss-vulnerability-in-version-1.0.12/", + "refsource": "MISC", + "url": "https://edricteo.com/chevereto-free-xss-vulnerability-in-version-1.0.12/" + }, + { + "name": "https://github.com/Chevereto/Chevereto-Free/commit/159daeab6adfe828bd06e6e74f5b647bf9b1bb70", + "refsource": "CONFIRM", + "url": "https://github.com/Chevereto/Chevereto-Free/commit/159daeab6adfe828bd06e6e74f5b647bf9b1bb70" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12073.json b/2018/12xxx/CVE-2018-12073.json index 3277bd6329e..73dd38c3c68 100644 --- a/2018/12xxx/CVE-2018-12073.json +++ b/2018/12xxx/CVE-2018-12073.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interface. Therefore, it is possible to exploit this issue (e.g., in combination with a successful XSS, or at an unattended workstation) to change the admin password to an attacker-chosen value without knowing the current password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/freetom/2a446a226d0e98807c8b0c1111ef2def", - "refsource" : "MISC", - "url" : "https://gist.github.com/freetom/2a446a226d0e98807c8b0c1111ef2def" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interface. Therefore, it is possible to exploit this issue (e.g., in combination with a successful XSS, or at an unattended workstation) to change the admin password to an attacker-chosen value without knowing the current password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/freetom/2a446a226d0e98807c8b0c1111ef2def", + "refsource": "MISC", + "url": "https://gist.github.com/freetom/2a446a226d0e98807c8b0c1111ef2def" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12290.json b/2018/12xxx/CVE-2018-12290.json index e5a62fbc31f..755fe0b907b 100644 --- a/2018/12xxx/CVE-2018-12290.json +++ b/2018/12xxx/CVE-2018-12290.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12290", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Yii2-StateMachine extension v2.x.x for Yii2 has XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12290", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.iwantacve.cn/index.php/archives/40/", - "refsource" : "MISC", - "url" : "http://www.iwantacve.cn/index.php/archives/40/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Yii2-StateMachine extension v2.x.x for Yii2 has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.iwantacve.cn/index.php/archives/40/", + "refsource": "MISC", + "url": "http://www.iwantacve.cn/index.php/archives/40/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12314.json b/2018/12xxx/CVE-2018-12314.json index 62dea211f2e..5c6d5fbfc2d 100644 --- a/2018/12xxx/CVE-2018-12314.json +++ b/2018/12xxx/CVE-2018-12314.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12314", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the \"file\" and \"folder\" URL parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12314", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc", - "refsource" : "MISC", - "url" : "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the \"file\" and \"folder\" URL parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc", + "refsource": "MISC", + "url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12555.json b/2018/12xxx/CVE-2018-12555.json index 141a2e164b2..634339587ef 100644 --- a/2018/12xxx/CVE-2018-12555.json +++ b/2018/12xxx/CVE-2018-12555.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12555", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-12555", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12629.json b/2018/12xxx/CVE-2018-12629.json index 8e7c0d4b506..1f41166a39c 100644 --- a/2018/12xxx/CVE-2018-12629.json +++ b/2018/12xxx/CVE-2018-12629.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12629", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12629", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13615.json b/2018/13xxx/CVE-2018-13615.json index 25efcf346fe..2906da214ac 100644 --- a/2018/13xxx/CVE-2018-13615.json +++ b/2018/13xxx/CVE-2018-13615.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13615", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for MJCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MJCToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MJCToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for MJCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MJCToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MJCToken" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13630.json b/2018/13xxx/CVE-2018-13630.json index 3ba80b961ed..601a950f9a3 100644 --- a/2018/13xxx/CVE-2018-13630.json +++ b/2018/13xxx/CVE-2018-13630.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for DoccoinPreICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DoccoinPreICO", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DoccoinPreICO" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for DoccoinPreICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DoccoinPreICO", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DoccoinPreICO" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16744.json b/2018/16xxx/CVE-2018-16744.json index b857a9d44d4..849ea66930f 100644 --- a/2018/16xxx/CVE-2018-16744.json +++ b/2018/16xxx/CVE-2018-16744.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty", - "refsource" : "MISC", - "url" : "https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty", + "refsource": "MISC", + "url": "https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16829.json b/2018/16xxx/CVE-2018-16829.json index 6faeabaa96e..1e4bbbac0dc 100644 --- a/2018/16xxx/CVE-2018-16829.json +++ b/2018/16xxx/CVE-2018-16829.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16829", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16829", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16961.json b/2018/16xxx/CVE-2018-16961.json index fa63c68ce59..e2695940b1d 100644 --- a/2018/16xxx/CVE-2018-16961.json +++ b/2018/16xxx/CVE-2018-16961.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16961", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16961", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16988.json b/2018/16xxx/CVE-2018-16988.json index d7aa17fda1a..b095dfe7eb6 100644 --- a/2018/16xxx/CVE-2018-16988.json +++ b/2018/16xxx/CVE-2018-16988.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16988", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16988", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4261.json b/2018/4xxx/CVE-2018-4261.json index 489cd9ef6fb..952a4f63ca3 100644 --- a/2018/4xxx/CVE-2018-4261.json +++ b/2018/4xxx/CVE-2018-4261.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4261", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4261", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4594.json b/2018/4xxx/CVE-2018-4594.json index de94bf504b6..dea11161755 100644 --- a/2018/4xxx/CVE-2018-4594.json +++ b/2018/4xxx/CVE-2018-4594.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4594", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4594", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4852.json b/2018/4xxx/CVE-2018-4852.json index ae43aa24338..b5a8bf6e2fd 100644 --- a/2018/4xxx/CVE-2018-4852.json +++ b/2018/4xxx/CVE-2018-4852.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "DATE_PUBLIC" : "2018-07-03T00:00:00", - "ID" : "CVE-2018-4852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SICLOCK TC100, SICLOCK TC400", - "version" : { - "version_data" : [ - { - "version_value" : "SICLOCK TC100 : All versions" - }, - { - "version_value" : "SICLOCK TC400 : All versions" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-288: Authentication Bypass Using an Alternate Path or Channel" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "DATE_PUBLIC": "2018-07-03T00:00:00", + "ID": "CVE-2018-4852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SICLOCK TC100, SICLOCK TC400", + "version": { + "version_data": [ + { + "version_value": "SICLOCK TC100 : All versions" + }, + { + "version_value": "SICLOCK TC400 : All versions" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf" - }, - { - "name" : "104672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104672" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4911.json b/2018/4xxx/CVE-2018-4911.json index a4b50dda086..6f97dbe09c2 100644 --- a/2018/4xxx/CVE-2018-4911.json +++ b/2018/4xxx/CVE-2018-4911.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4911", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API related to bookmark functionality. The vulnerability is triggered by crafted JavaScript code embedded within a PDF file. A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4911", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "name" : "102995", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102995" - }, - { - "name" : "1040364", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API related to bookmark functionality. The vulnerability is triggered by crafted JavaScript code embedded within a PDF file. A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102995", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102995" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" + }, + { + "name": "1040364", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040364" + } + ] + } +} \ No newline at end of file