diff --git a/2004/0xxx/CVE-2004-0086.json b/2004/0xxx/CVE-2004-0086.json index 1dafb81b3e4..c89050e4674 100644 --- a/2004/0xxx/CVE-2004-0086.json +++ b/2004/0xxx/CVE-2004-0086.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2004-0085." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2004-01-26", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html" - }, - { - "name" : "9504", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9504" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2004-0085." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2004-01-26", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html" + }, + { + "name": "9504", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9504" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0127.json b/2004/0xxx/CVE-2004-0127.json index 60fce06c8f9..42496930d1b 100644 --- a/2004/0xxx/CVE-2004-0127.json +++ b/2004/0xxx/CVE-2004-0127.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0127", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in editconfig_gedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via .. (dot dot) sequences in the gedcom_config parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040129 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/352355" - }, - { - "name" : "9529", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9529" - }, - { - "name" : "3768", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=3768" - }, - { - "name" : "1008892", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1008892" - }, - { - "name" : "10753", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10753/" - }, - { - "name" : "phpgedview-editconfig-directory-traversal(15129)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in editconfig_gedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via .. (dot dot) sequences in the gedcom_config parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3768", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=3768" + }, + { + "name": "9529", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9529" + }, + { + "name": "1008892", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1008892" + }, + { + "name": "20040129 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/352355" + }, + { + "name": "10753", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10753/" + }, + { + "name": "phpgedview-editconfig-directory-traversal(15129)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15129" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0515.json b/2004/0xxx/CVE-2004-0515.json index 6e6a1795d9c..bdc0d6f20c8 100644 --- a/2004/0xxx/CVE-2004-0515.json +++ b/2004/0xxx/CVE-2004-0515.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to \"handling of console log files.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2004-05-28", - "refsource" : "APPLE", - "url" : "http://lists.seifried.org/pipermail/security/2004-May/003743.html" - }, - { - "name" : "10432", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10432" - }, - { - "name" : "1010330", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010330" - }, - { - "name" : "macosx-loginwindow-gain-privileges(16289)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16289" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to \"handling of console log files.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "macosx-loginwindow-gain-privileges(16289)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16289" + }, + { + "name": "APPLE-SA-2004-05-28", + "refsource": "APPLE", + "url": "http://lists.seifried.org/pipermail/security/2004-May/003743.html" + }, + { + "name": "10432", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10432" + }, + { + "name": "1010330", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010330" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0752.json b/2004/0xxx/CVE-2004-0752.json index 1f0c4de39c5..283e0784166 100644 --- a/2004/0xxx/CVE-2004-0752.json +++ b/2004/0xxx/CVE-2004-0752.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0752", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040910 OpenOffice World-Readable Temporary Files Disclose Files to Local Users", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109483308421566&w=2" - }, - { - "name" : "http://www.openoffice.org/issues/show_bug.cgi?id=33357", - "refsource" : "CONFIRM", - "url" : "http://www.openoffice.org/issues/show_bug.cgi?id=33357" - }, - { - "name" : "RHSA-2004:446", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-446.html" - }, - { - "name" : "11151", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11151" - }, - { - "name" : "9804", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/9804" - }, - { - "name" : "oval:org.mitre.oval:def:10294", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10294" - }, - { - "name" : "1011205", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011205" - }, - { - "name" : "12302", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12302/" - }, - { - "name" : "12546", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12546/" - }, - { - "name" : "12668", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12668/" - }, - { - "name" : "12914", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12914/" - }, - { - "name" : "12932", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12932/" - }, - { - "name" : "openofficeorg-tmpfile-insecure-permissions(17312)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17312" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11151", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11151" + }, + { + "name": "12302", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12302/" + }, + { + "name": "9804", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/9804" + }, + { + "name": "12546", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12546/" + }, + { + "name": "RHSA-2004:446", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-446.html" + }, + { + "name": "12668", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12668/" + }, + { + "name": "20040910 OpenOffice World-Readable Temporary Files Disclose Files to Local Users", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109483308421566&w=2" + }, + { + "name": "oval:org.mitre.oval:def:10294", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10294" + }, + { + "name": "http://www.openoffice.org/issues/show_bug.cgi?id=33357", + "refsource": "CONFIRM", + "url": "http://www.openoffice.org/issues/show_bug.cgi?id=33357" + }, + { + "name": "12914", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12914/" + }, + { + "name": "12932", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12932/" + }, + { + "name": "openofficeorg-tmpfile-insecure-permissions(17312)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17312" + }, + { + "name": "1011205", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011205" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1049.json b/2004/1xxx/CVE-2004-1049.json index 9b2dfac8174..d8d386ef334 100644 --- a/2004/1xxx/CVE-2004-1049.json +++ b/2004/1xxx/CVE-2004-1049.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1049", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the \"Cursor and Icon Format Handling Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041223 Microsoft Windows LoadImage API Integer Buffer overflow ", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110382891718076&w=2" - }, - { - "name" : "http://www.xfocus.net/flashsky/icoExp/index.html", - "refsource" : "MISC", - "url" : "http://www.xfocus.net/flashsky/icoExp/index.html" - }, - { - "name" : "MS05-002", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-002" - }, - { - "name" : "TA05-012A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-012A.html" - }, - { - "name" : "VU#625856", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/625856" - }, - { - "name" : "P-094", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-094.shtml" - }, - { - "name" : "12095", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12095" - }, - { - "name" : "12623", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/12623" - }, - { - "name" : "oval:org.mitre.oval:def:2956", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2956" - }, - { - "name" : "oval:org.mitre.oval:def:3097", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3097" - }, - { - "name" : "oval:org.mitre.oval:def:3220", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3220" - }, - { - "name" : "oval:org.mitre.oval:def:3355", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3355" - }, - { - "name" : "oval:org.mitre.oval:def:4671", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4671" - }, - { - "name" : "1012684", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012684" - }, - { - "name" : "13645", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13645" - }, - { - "name" : "win-loadimage-bo(18668)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the \"Cursor and Icon Format Handling Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13645", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13645" + }, + { + "name": "oval:org.mitre.oval:def:3220", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3220" + }, + { + "name": "oval:org.mitre.oval:def:3097", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3097" + }, + { + "name": "MS05-002", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-002" + }, + { + "name": "oval:org.mitre.oval:def:2956", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2956" + }, + { + "refsource": "BUGTRAQ", + "name": "20041223 Microsoft Windows LoadImage API Integer Buffer overflow", + "url": "http://marc.info/?l=bugtraq&m=110382891718076&w=2" + }, + { + "name": "1012684", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012684" + }, + { + "name": "win-loadimage-bo(18668)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18668" + }, + { + "name": "P-094", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-094.shtml" + }, + { + "name": "oval:org.mitre.oval:def:3355", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3355" + }, + { + "name": "12095", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12095" + }, + { + "name": "http://www.xfocus.net/flashsky/icoExp/index.html", + "refsource": "MISC", + "url": "http://www.xfocus.net/flashsky/icoExp/index.html" + }, + { + "name": "TA05-012A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-012A.html" + }, + { + "name": "oval:org.mitre.oval:def:4671", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4671" + }, + { + "name": "12623", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/12623" + }, + { + "name": "VU#625856", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/625856" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1844.json b/2004/1xxx/CVE-2004-1844.json index 5786bde1305..7f842cde42e 100644 --- a/2004/1xxx/CVE-2004-1844.json +++ b/2004/1xxx/CVE-2004-1844.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Member Management System 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the err parameter to error.asp or (2) register.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040322 Vulnerabilities in Member Management System 2.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107999697625786&w=2" - }, - { - "name" : "9932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9932" - }, - { - "name" : "1009508", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009508" - }, - { - "name" : "11179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11179" - }, - { - "name" : "mms-xss(15552)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Member Management System 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the err parameter to error.asp or (2) register.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040322 Vulnerabilities in Member Management System 2.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107999697625786&w=2" + }, + { + "name": "11179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11179" + }, + { + "name": "9932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9932" + }, + { + "name": "mms-xss(15552)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15552" + }, + { + "name": "1009508", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009508" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2286.json b/2008/2xxx/CVE-2008-2286.json index a2fa4df8509..baa585b74ba 100644 --- a/2008/2xxx/CVE-2008-2286.json +++ b/2008/2xxx/CVE-2008-2286.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080515 ZDI-08-024: Symantec Altiris Deployment Solution SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492127/100/0/threaded" - }, - { - "name" : "20080518 Insomnia : ISVA-080516.1 - Altiris Deployment Solution - SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492229/100/0/threaded" - }, - { - "name" : "29552", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/29552" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-024/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-024/" - }, - { - "name" : "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html" - }, - { - "name" : "HPSBMA02369", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122167472229965&w=2" - }, - { - "name" : "SSRT080115", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122167472229965&w=2" - }, - { - "name" : "29198", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29198" - }, - { - "name" : "45313", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/show/osvdb/45313" - }, - { - "name" : "1020024", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020024" - }, - { - "name" : "ADV-2008-1542", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1542/references" - }, - { - "name" : "30261", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30261" - }, - { - "name" : "symantec-altiris-axengine-sql-injection(42436)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42436" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29198", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29198" + }, + { + "name": "symantec-altiris-axengine-sql-injection(42436)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42436" + }, + { + "name": "ADV-2008-1542", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1542/references" + }, + { + "name": "SSRT080115", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122167472229965&w=2" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-024/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-024/" + }, + { + "name": "HPSBMA02369", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122167472229965&w=2" + }, + { + "name": "20080515 ZDI-08-024: Symantec Altiris Deployment Solution SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492127/100/0/threaded" + }, + { + "name": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html" + }, + { + "name": "29552", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/29552" + }, + { + "name": "20080518 Insomnia : ISVA-080516.1 - Altiris Deployment Solution - SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492229/100/0/threaded" + }, + { + "name": "45313", + "refsource": "OSVDB", + "url": "http://osvdb.org/show/osvdb/45313" + }, + { + "name": "1020024", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020024" + }, + { + "name": "30261", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30261" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2368.json b/2008/2xxx/CVE-2008-2368.json index 8442086c85f..207ed81615d 100644 --- a/2008/2xxx/CVE-2008-2368.json +++ b/2008/2xxx/CVE-2008-2368.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2368", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-2368", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=452000", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=452000" - }, - { - "name" : "RHSA-2009:0006", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-0006.html" - }, - { - "name" : "RHSA-2009:0007", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2009-0007.html" - }, - { - "name" : "33288", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33288" - }, - { - "name" : "ADV-2009-0145", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0145" - }, - { - "name" : "1021608", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021608" - }, - { - "name" : "33540", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33540" - }, - { - "name" : "redhat-cs-debuglog-info-disclosure(48022)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by reading the files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33540", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33540" + }, + { + "name": "ADV-2009-0145", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0145" + }, + { + "name": "33288", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33288" + }, + { + "name": "1021608", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021608" + }, + { + "name": "RHSA-2009:0006", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-0006.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=452000", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=452000" + }, + { + "name": "RHSA-2009:0007", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2009-0007.html" + }, + { + "name": "redhat-cs-debuglog-info-disclosure(48022)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48022" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2645.json b/2008/2xxx/CVE-2008-2645.json index 8bcd95662a5..48a1e46694b 100644 --- a/2008/2xxx/CVE-2008-2645.json +++ b/2008/2xxx/CVE-2008-2645.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in Brim (formerly Booby) 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter to template.tpl.php in (1) barrel/, (2) barry/, (3) mylook/, (4) oerdec/, (5) penguin/, (6) sidebar/, (7) slashdot/, and (8) text-only/ in templates/. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5722", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5722" - }, - { - "name" : "29469", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29469" - }, - { - "name" : "ADV-2008-1718", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1718/references" - }, - { - "name" : "booby-renderer-file-include(42784)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in Brim (formerly Booby) 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter to template.tpl.php in (1) barrel/, (2) barry/, (3) mylook/, (4) oerdec/, (5) penguin/, (6) sidebar/, (7) slashdot/, and (8) text-only/ in templates/. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1718", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1718/references" + }, + { + "name": "5722", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5722" + }, + { + "name": "booby-renderer-file-include(42784)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42784" + }, + { + "name": "29469", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29469" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3004.json b/2008/3xxx/CVE-2008-3004.json index a8e8a133d0c..77523264e24 100644 --- a/2008/3xxx/CVE-2008-3004.json +++ b/2008/3xxx/CVE-2008-3004.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the \"Excel Indexing Validation Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-3004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080812 Microsoft Excel Chart AxesSet Invalid Array Index Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=740" - }, - { - "name" : "HPSBST02360", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2" - }, - { - "name" : "SSRT080117", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2" - }, - { - "name" : "MS08-043", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043" - }, - { - "name" : "TA08-225A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-225A.html" - }, - { - "name" : "30638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30638" - }, - { - "name" : "oval:org.mitre.oval:def:5885", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5885" - }, - { - "name" : "ADV-2008-2347", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2347" - }, - { - "name" : "1020670", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020670" - }, - { - "name" : "31454", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31454" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the \"Excel Indexing Validation Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020670", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020670" + }, + { + "name": "oval:org.mitre.oval:def:5885", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5885" + }, + { + "name": "TA08-225A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html" + }, + { + "name": "HPSBST02360", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2" + }, + { + "name": "SSRT080117", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2" + }, + { + "name": "MS08-043", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-043" + }, + { + "name": "20080812 Microsoft Excel Chart AxesSet Invalid Array Index Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=740" + }, + { + "name": "31454", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31454" + }, + { + "name": "30638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30638" + }, + { + "name": "ADV-2008-2347", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2347" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3219.json b/2008/3xxx/CVE-2008-3219.json index 0de7885e2c9..281a9809a23 100644 --- a/2008/3xxx/CVE-2008-3219.json +++ b/2008/3xxx/CVE-2008-3219.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not \"prevent use of the object HTML tag in administrator input,\" which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS) protection mechanism." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080710 CVE request: multiple drupal issues in < 6.3,5.8", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/07/10/3" - }, - { - "name" : "http://drupal.org/node/280571", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/280571" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=454849", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=454849" - }, - { - "name" : "FEDORA-2008-6411", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html" - }, - { - "name" : "FEDORA-2008-6415", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html" - }, - { - "name" : "FEDORA-2008-6916", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html" - }, - { - "name" : "30168", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30168" - }, - { - "name" : "31079", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31079" - }, - { - "name" : "openid-unspecified-xss(43701)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not \"prevent use of the object HTML tag in administrator input,\" which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS) protection mechanism." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30168", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30168" + }, + { + "name": "http://drupal.org/node/280571", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/280571" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=454849", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=454849" + }, + { + "name": "FEDORA-2008-6916", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html" + }, + { + "name": "31079", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31079" + }, + { + "name": "FEDORA-2008-6415", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html" + }, + { + "name": "[oss-security] 20080710 CVE request: multiple drupal issues in < 6.3,5.8", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/07/10/3" + }, + { + "name": "FEDORA-2008-6411", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html" + }, + { + "name": "openid-unspecified-xss(43701)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43701" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3492.json b/2008/3xxx/CVE-2008-3492.json index 477e45e0bb1..cbf1db780c4 100644 --- a/2008/3xxx/CVE-2008-3492.json +++ b/2008/3xxx/CVE-2008-3492.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "America's Army (aka AA or Army Game Project) 2.8.3.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted UDP packet, probably involving a VoiceIndex value that is outside of the range specified by VOICE_MAX_CHATTERS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080802 Server termination in America's Army 2.8.3.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495061/100/0/threaded" - }, - { - "name" : "http://aluigi.altervista.org/adv/armynchia-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/armynchia-adv.txt" - }, - { - "name" : "http://aluigi.org/poc/armynchia.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/armynchia.zip" - }, - { - "name" : "30519", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30519" - }, - { - "name" : "31353", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31353" - }, - { - "name" : "americasarmy-type4-dos(44152)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44152" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "America's Army (aka AA or Army Game Project) 2.8.3.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted UDP packet, probably involving a VoiceIndex value that is outside of the range specified by VOICE_MAX_CHATTERS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31353", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31353" + }, + { + "name": "americasarmy-type4-dos(44152)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44152" + }, + { + "name": "20080802 Server termination in America's Army 2.8.3.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495061/100/0/threaded" + }, + { + "name": "http://aluigi.altervista.org/adv/armynchia-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/armynchia-adv.txt" + }, + { + "name": "http://aluigi.org/poc/armynchia.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/armynchia.zip" + }, + { + "name": "30519", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30519" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3756.json b/2008/3xxx/CVE-2008-3756.json index 253845cb051..76fabb242db 100644 --- a/2008/3xxx/CVE-2008-3756.json +++ b/2008/3xxx/CVE-2008-3756.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing Script allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6941", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6941" - }, - { - "name" : "http://packetstormsecurity.org/0808-exploits/viral-sql.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0808-exploits/viral-sql.txt" - }, - { - "name" : "30764", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30764" - }, - { - "name" : "ADV-2008-2984", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2984" - }, - { - "name" : "31541", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31541" - }, - { - "name" : "viralmarketing-tr-sql-injection(44562)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing Script allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "viralmarketing-tr-sql-injection(44562)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44562" + }, + { + "name": "30764", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30764" + }, + { + "name": "6941", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6941" + }, + { + "name": "31541", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31541" + }, + { + "name": "ADV-2008-2984", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2984" + }, + { + "name": "http://packetstormsecurity.org/0808-exploits/viral-sql.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0808-exploits/viral-sql.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3898.json b/2008/3xxx/CVE-2008-3898.json index bc73bbc7223..4fece36ceaf 100644 --- a/2008/3xxx/CVE-2008-3898.json +++ b/2008/3xxx/CVE-2008-3898.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Secu Star DriveCrypt Plus Pack 3.9 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080825 [IVIZ-08-007] DriveCrypt Security Model bypass exploiting wrong BIOS API usage", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495803/100/0/threaded" - }, - { - "name" : "http://www.ivizsecurity.com/preboot-patch.html", - "refsource" : "MISC", - "url" : "http://www.ivizsecurity.com/preboot-patch.html" - }, - { - "name" : "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf", - "refsource" : "MISC", - "url" : "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf" - }, - { - "name" : "http://www.ivizsecurity.com/security-advisory-iviz-sr-0807.html", - "refsource" : "MISC", - "url" : "http://www.ivizsecurity.com/security-advisory-iviz-sr-0807.html" - }, - { - "name" : "30818", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30818" - }, - { - "name" : "31605", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31605" - }, - { - "name" : "4213", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4213" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Secu Star DriveCrypt Plus Pack 3.9 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31605", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31605" + }, + { + "name": "http://www.ivizsecurity.com/security-advisory-iviz-sr-0807.html", + "refsource": "MISC", + "url": "http://www.ivizsecurity.com/security-advisory-iviz-sr-0807.html" + }, + { + "name": "30818", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30818" + }, + { + "name": "http://www.ivizsecurity.com/preboot-patch.html", + "refsource": "MISC", + "url": "http://www.ivizsecurity.com/preboot-patch.html" + }, + { + "name": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf", + "refsource": "MISC", + "url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf" + }, + { + "name": "20080825 [IVIZ-08-007] DriveCrypt Security Model bypass exploiting wrong BIOS API usage", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495803/100/0/threaded" + }, + { + "name": "4213", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4213" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4346.json b/2008/4xxx/CVE-2008-4346.json index 9326c23c966..59b02f50f85 100644 --- a/2008/4xxx/CVE-2008-4346.json +++ b/2008/4xxx/CVE-2008-4346.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to comments.php, a different vector than CVE-2008-3371." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6451", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6451" - }, - { - "name" : "31164", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31164" - }, - { - "name" : "ADV-2008-2565", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2565" - }, - { - "name" : "31879", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31879" - }, - { - "name" : "4267", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4267" - }, - { - "name" : "talkback-comments-file-include(45102)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to comments.php, a different vector than CVE-2008-3371." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6451", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6451" + }, + { + "name": "talkback-comments-file-include(45102)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45102" + }, + { + "name": "ADV-2008-2565", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2565" + }, + { + "name": "4267", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4267" + }, + { + "name": "31879", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31879" + }, + { + "name": "31164", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31164" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6019.json b/2008/6xxx/CVE-2008-6019.json index 1c76ab8d6fd..24d92b96912 100644 --- a/2008/6xxx/CVE-2008-6019.json +++ b/2008/6xxx/CVE-2008-6019.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in EACOMM DO-CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "32906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32906" - }, - { - "name" : "docms-index-sql-injection(47467)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in EACOMM DO-CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "docms-index-sql-injection(47467)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47467" + }, + { + "name": "32906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32906" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6076.json b/2008/6xxx/CVE-2008-6076.json index 7209f606876..4cc81d5d7bb 100644 --- a/2008/6xxx/CVE-2008-6076.json +++ b/2008/6xxx/CVE-2008-6076.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Daily Message (com_dailymessage) 1.0.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6802", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6802" - }, - { - "name" : "31870", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31870" - }, - { - "name" : "dailymessage-id-sql-injection(46033)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Daily Message (com_dailymessage) 1.0.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6802", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6802" + }, + { + "name": "31870", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31870" + }, + { + "name": "dailymessage-id-sql-injection(46033)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46033" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6391.json b/2008/6xxx/CVE-2008-6391.json index e4585244406..08fa3e6f40f 100644 --- a/2008/6xxx/CVE-2008-6391.json +++ b/2008/6xxx/CVE-2008-6391.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the username (user parameter)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "jbook-unspecified-sql-injection(47033)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47033" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the username (user parameter)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jbook-unspecified-sql-injection(47033)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47033" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6785.json b/2008/6xxx/CVE-2008-6785.json index 297ba76519b..94edef0ab93 100644 --- a/2008/6xxx/CVE-2008-6785.json +++ b/2008/6xxx/CVE-2008-6785.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in Mini File Host 1.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as demonstrated by creating a name.php file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7509", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7509" - }, - { - "name" : "minifilehost-name-file-upload(47460)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47460" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in Mini File Host 1.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as demonstrated by creating a name.php file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7509", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7509" + }, + { + "name": "minifilehost-name-file-upload(47460)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47460" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7092.json b/2008/7xxx/CVE-2008-7092.json index 8e2a3a88227..2f0faf75bc2 100644 --- a/2008/7xxx/CVE-2008-7092.json +++ b/2008/7xxx/CVE-2008-7092.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a CustomBookMarkLink action to Campaign/Campaign; (4) a Javascript event in the displayIcon parameter to Campaign/updateOfferTemplateSubmit.do (aka the templates web page); (5) crafted input to Campaign/CampaignListener (aka the listener server), which is not properly handled when displaying the status log; and (6) id parameter to Campaign/campaignDetails.do, (7) id parameter to Campaign/offerDetails.do, (8) function parameter to Campaign/Campaign, (9) sessionID parameter to Campaign/runAllFlowchart.do, (10) id parameter in an edit action to Campaign/updateOfferTemplatePage.do, (11) Frame parameter in a LoadFrame action to Campaign/Campaign, (12) affiniumUserName parameter to manager/jsp/test.jsp, (13) affiniumUserName parameter to Campaign/main.do, and possibly other vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.portcullis.co.uk/286.php", - "refsource" : "MISC", - "url" : "http://www.portcullis.co.uk/286.php" - }, - { - "name" : "http://www.portcullis.co.uk/288.php", - "refsource" : "MISC", - "url" : "http://www.portcullis.co.uk/288.php" - }, - { - "name" : "http://www.portcullis.co.uk/289.php", - "refsource" : "MISC", - "url" : "http://www.portcullis.co.uk/289.php" - }, - { - "name" : "http://www.portcullis.co.uk/290.php", - "refsource" : "MISC", - "url" : "http://www.portcullis.co.uk/290.php" - }, - { - "name" : "30433", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30433" - }, - { - "name" : "47520", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/47520" - }, - { - "name" : "47521", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/47521" - }, - { - "name" : "47522", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/47522" - }, - { - "name" : "47523", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/47523" - }, - { - "name" : "47524", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/47524" - }, - { - "name" : "47525", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/47525" - }, - { - "name" : "47526", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/47526" - }, - { - "name" : "47528", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/47528" - }, - { - "name" : "47530", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/47530" - }, - { - "name" : "31280", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31280" - }, - { - "name" : "affiniumcampaign-campaignlistener-xss(44073)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44073" - }, - { - "name" : "affiniumcampaign-displayicon-xss(44072)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44072" - }, - { - "name" : "affiniumcampaign-multiple-xss(44074)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44074" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a CustomBookMarkLink action to Campaign/Campaign; (4) a Javascript event in the displayIcon parameter to Campaign/updateOfferTemplateSubmit.do (aka the templates web page); (5) crafted input to Campaign/CampaignListener (aka the listener server), which is not properly handled when displaying the status log; and (6) id parameter to Campaign/campaignDetails.do, (7) id parameter to Campaign/offerDetails.do, (8) function parameter to Campaign/Campaign, (9) sessionID parameter to Campaign/runAllFlowchart.do, (10) id parameter in an edit action to Campaign/updateOfferTemplatePage.do, (11) Frame parameter in a LoadFrame action to Campaign/Campaign, (12) affiniumUserName parameter to manager/jsp/test.jsp, (13) affiniumUserName parameter to Campaign/main.do, and possibly other vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "affiniumcampaign-campaignlistener-xss(44073)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44073" + }, + { + "name": "47528", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/47528" + }, + { + "name": "31280", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31280" + }, + { + "name": "47524", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/47524" + }, + { + "name": "30433", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30433" + }, + { + "name": "47520", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/47520" + }, + { + "name": "47523", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/47523" + }, + { + "name": "47526", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/47526" + }, + { + "name": "affiniumcampaign-multiple-xss(44074)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44074" + }, + { + "name": "47530", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/47530" + }, + { + "name": "http://www.portcullis.co.uk/289.php", + "refsource": "MISC", + "url": "http://www.portcullis.co.uk/289.php" + }, + { + "name": "47522", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/47522" + }, + { + "name": "http://www.portcullis.co.uk/290.php", + "refsource": "MISC", + "url": "http://www.portcullis.co.uk/290.php" + }, + { + "name": "47525", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/47525" + }, + { + "name": "http://www.portcullis.co.uk/286.php", + "refsource": "MISC", + "url": "http://www.portcullis.co.uk/286.php" + }, + { + "name": "affiniumcampaign-displayicon-xss(44072)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44072" + }, + { + "name": "47521", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/47521" + }, + { + "name": "http://www.portcullis.co.uk/288.php", + "refsource": "MISC", + "url": "http://www.portcullis.co.uk/288.php" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7170.json b/2008/7xxx/CVE-2008-7170.json index e4cdb1a4566..e0b053c48de 100644 --- a/2008/7xxx/CVE-2008-7170.json +++ b/2008/7xxx/CVE-2008-7170.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GSC build 2067 and earlier relies on the client to enforce administrator privileges, which allows remote attackers to execute arbitrary administrator commands via a crafted packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080614 GSC Privilege Escalation Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493355/100/0/threaded" - }, - { - "name" : "29718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29718" - }, - { - "name" : "gsc-admin-security-bypass(43120)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GSC build 2067 and earlier relies on the client to enforce administrator privileges, which allows remote attackers to execute arbitrary administrator commands via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29718" + }, + { + "name": "gsc-admin-security-bypass(43120)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43120" + }, + { + "name": "20080614 GSC Privilege Escalation Exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493355/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2459.json b/2013/2xxx/CVE-2013-2459.json index be021b318c0..509a2f79955 100644 --- a/2013/2xxx/CVE-2013-2459.json +++ b/2013/2xxx/CVE-2013-2459.json @@ -1,217 +1,217 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2459", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"integer overflow checks.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2459", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c98afec1bf86", - "refsource" : "MISC", - "url" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c98afec1bf86" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=975121", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=975121" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" - }, - { - "name" : "http://advisories.mageia.org/MGASA-2013-0185.html", - "refsource" : "CONFIRM", - "url" : "http://advisories.mageia.org/MGASA-2013-0185.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02922", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" - }, - { - "name" : "SSRT101305", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" - }, - { - "name" : "HPSBUX02907", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137545505800971&w=2" - }, - { - "name" : "HPSBUX02908", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137545592101387&w=2" - }, - { - "name" : "MDVSA-2013:183", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183" - }, - { - "name" : "RHSA-2013:0963", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0963.html" - }, - { - "name" : "RHSA-2013:1081", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1081.html" - }, - { - "name" : "RHSA-2013:1060", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1060.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "RHSA-2013:1059", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1059.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "SUSE-SU-2013:1305", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" - }, - { - "name" : "SUSE-SU-2013:1293", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" - }, - { - "name" : "SUSE-SU-2013:1255", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" - }, - { - "name" : "SUSE-SU-2013:1256", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" - }, - { - "name" : "SUSE-SU-2013:1257", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" - }, - { - "name" : "SUSE-SU-2013:1263", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" - }, - { - "name" : "SUSE-SU-2013:1264", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html" - }, - { - "name" : "TA13-169A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-169A" - }, - { - "name" : "60647", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60647" - }, - { - "name" : "oval:org.mitre.oval:def:17181", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17181" - }, - { - "name" : "oval:org.mitre.oval:def:19310", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19310" - }, - { - "name" : "oval:org.mitre.oval:def:19587", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19587" - }, - { - "name" : "oval:org.mitre.oval:def:19741", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19741" - }, - { - "name" : "54154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to \"integer overflow checks.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1060", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html" + }, + { + "name": "HPSBUX02908", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137545592101387&w=2" + }, + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" + }, + { + "name": "SUSE-SU-2013:1264", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html" + }, + { + "name": "SUSE-SU-2013:1257", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" + }, + { + "name": "oval:org.mitre.oval:def:17181", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17181" + }, + { + "name": "HPSBUX02907", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137545505800971&w=2" + }, + { + "name": "oval:org.mitre.oval:def:19587", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19587" + }, + { + "name": "SUSE-SU-2013:1256", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" + }, + { + "name": "54154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54154" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "SSRT101305", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" + }, + { + "name": "HPSBUX02922", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" + }, + { + "name": "SUSE-SU-2013:1263", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html" + }, + { + "name": "RHSA-2013:1059", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html" + }, + { + "name": "oval:org.mitre.oval:def:19741", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19741" + }, + { + "name": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c98afec1bf86", + "refsource": "MISC", + "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c98afec1bf86" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=975121", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=975121" + }, + { + "name": "SUSE-SU-2013:1293", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html" + }, + { + "name": "RHSA-2013:1081", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html" + }, + { + "name": "TA13-169A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-169A" + }, + { + "name": "http://advisories.mageia.org/MGASA-2013-0185.html", + "refsource": "CONFIRM", + "url": "http://advisories.mageia.org/MGASA-2013-0185.html" + }, + { + "name": "60647", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60647" + }, + { + "name": "RHSA-2013:0963", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0963.html" + }, + { + "name": "oval:org.mitre.oval:def:19310", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19310" + }, + { + "name": "SUSE-SU-2013:1255", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "MDVSA-2013:183", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" + }, + { + "name": "SUSE-SU-2013:1305", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2486.json b/2013/2xxx/CVE-2013-2486.json index af2bd4eb696..5fbf012c422 100644 --- a/2013/2xxx/CVE-2013-2486.json +++ b/2013/2xxx/CVE-2013-2486.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-reload.c?r1=47805&r2=47804&pathrev=47805", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-reload.c?r1=47805&r2=47804&pathrev=47805" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47805", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47805" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2013-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2013-21.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364" - }, - { - "name" : "openSUSE-SU-2013:0494", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00065.html" - }, - { - "name" : "openSUSE-SU-2013:0506", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00077.html" - }, - { - "name" : "openSUSE-SU-2013:0911", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html" - }, - { - "name" : "openSUSE-SU-2013:0947", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html" - }, - { - "name" : "oval:org.mitre.oval:def:16109", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16109" - }, - { - "name" : "52471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52471" - }, - { - "name" : "53425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dissect_diagnosticrequest function in epan/dissectors/packet-reload.c in the REsource LOcation And Discovery (aka RELOAD) dissector in Wireshark 1.8.x before 1.8.6 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (infinite loop) via crafted integer values in a packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0494", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00065.html" + }, + { + "name": "53425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53425" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364" + }, + { + "name": "openSUSE-SU-2013:0911", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2013-21.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2013-21.html" + }, + { + "name": "oval:org.mitre.oval:def:16109", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16109" + }, + { + "name": "52471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52471" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html" + }, + { + "name": "openSUSE-SU-2013:0506", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00077.html" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-reload.c?r1=47805&r2=47804&pathrev=47805", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-reload.c?r1=47805&r2=47804&pathrev=47805" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47805", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47805" + }, + { + "name": "openSUSE-SU-2013:0947", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2665.json b/2013/2xxx/CVE-2013-2665.json index b97a1e229eb..76c3fdf0f0a 100644 --- a/2013/2xxx/CVE-2013-2665.json +++ b/2013/2xxx/CVE-2013-2665.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2665", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2665", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11262.json b/2017/11xxx/CVE-2017-11262.json index a5964724ab0..99fe95917f3 100644 --- a/2017/11xxx/CVE-2017-11262.json +++ b/2017/11xxx/CVE-2017-11262.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-11262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Acrobat Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2017.009.20058 and earlier" - }, - { - "version_value" : "2017.008.30051 and earlier" - }, - { - "version_value" : "2015.006.30306 and earlier" - }, - { - "version_value" : "11.0.20 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe Systems Incorporated" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing ASCII text string. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-11262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_value": "2017.009.20058 and earlier" + }, + { + "version_value": "2017.008.30051 and earlier" + }, + { + "version_value": "2015.006.30306 and earlier" + }, + { + "version_value": "11.0.20 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Adobe Systems Incorporated" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" - }, - { - "name" : "100179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100179" - }, - { - "name" : "1039098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing ASCII text string. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" + }, + { + "name": "1039098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039098" + }, + { + "name": "100179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100179" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11325.json b/2017/11xxx/CVE-2017-11325.json index 8cca25aa236..43fbc831b29 100644 --- a/2017/11xxx/CVE-2017-11325.json +++ b/2017/11xxx/CVE-2017-11325.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11325", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read via a file=../ attack on actionphp/download.File.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read via a file=../ attack on actionphp/download.File.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11345.json b/2017/11xxx/CVE-2017-11345.json index 45fe0bb3899..933fbc20e12 100644 --- a/2017/11xxx/CVE-2017-11345.json +++ b/2017/11xxx/CVE-2017-11345.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device description XML document (that includes a serviceType element) at a URL specified within a Location header in an SSDP response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.openwall.com/lists/oss-security/2017/07/14/3", - "refsource" : "MISC", - "url" : "http://www.openwall.com/lists/oss-security/2017/07/14/3" - }, - { - "name" : "https://asuswrt.lostrealm.ca/changelog", - "refsource" : "CONFIRM", - "url" : "https://asuswrt.lostrealm.ca/changelog" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device description XML document (that includes a serviceType element) at a URL specified within a Location header in an SSDP response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://asuswrt.lostrealm.ca/changelog", + "refsource": "CONFIRM", + "url": "https://asuswrt.lostrealm.ca/changelog" + }, + { + "name": "http://www.openwall.com/lists/oss-security/2017/07/14/3", + "refsource": "MISC", + "url": "http://www.openwall.com/lists/oss-security/2017/07/14/3" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14067.json b/2017/14xxx/CVE-2017-14067.json index 1419b86002b..92eeb74766e 100644 --- a/2017/14xxx/CVE-2017-14067.json +++ b/2017/14xxx/CVE-2017-14067.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14067", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14067", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14605.json b/2017/14xxx/CVE-2017-14605.json index 28a6b2f3efa..8b8f016868f 100644 --- a/2017/14xxx/CVE-2017-14605.json +++ b/2017/14xxx/CVE-2017-14605.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14605", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14605", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14707.json b/2017/14xxx/CVE-2017-14707.json index ae4b416bae3..70f9edd9d0b 100644 --- a/2017/14xxx/CVE-2017-14707.json +++ b/2017/14xxx/CVE-2017-14707.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14707", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14707", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14848.json b/2017/14xxx/CVE-2017-14848.json index 9ba08fa2872..7d3113032f9 100644 --- a/2017/14xxx/CVE-2017-14848.json +++ b/2017/14xxx/CVE-2017-14848.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42924", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42924/" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8929", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42924", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42924/" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8929", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8929" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15033.json b/2017/15xxx/CVE-2017-15033.json index f55ce607e56..b7dd9969e31 100644 --- a/2017/15xxx/CVE-2017-15033.json +++ b/2017/15xxx/CVE-2017-15033.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/ef8f40689ac452398026c07da41656a7c87e4683", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/ef8f40689ac452398026c07da41656a7c87e4683" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/ef8f40689ac452398026c07da41656a7c87e4683", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/ef8f40689ac452398026c07da41656a7c87e4683" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15500.json b/2017/15xxx/CVE-2017-15500.json index ae136ec4ba2..2e3c157b9d8 100644 --- a/2017/15xxx/CVE-2017-15500.json +++ b/2017/15xxx/CVE-2017-15500.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15500", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15500", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15508.json b/2017/15xxx/CVE-2017-15508.json index 8b2f6aa1a94..0f780e63e28 100644 --- a/2017/15xxx/CVE-2017-15508.json +++ b/2017/15xxx/CVE-2017-15508.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15508", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15508", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15702.json b/2017/15xxx/CVE-2017-15702.json index 937d2f38f9f..bfdca2d9fd2 100644 --- a/2017/15xxx/CVE-2017-15702.json +++ b/2017/15xxx/CVE-2017-15702.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2017-11-30T00:00:00", - "ID" : "CVE-2017-15702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Qpid Broker-J", - "version" : { - "version_data" : [ - { - "version_value" : "0.18 through 0.32" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authentication vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2017-11-30T00:00:00", + "ID": "CVE-2017-15702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Qpid Broker-J", + "version": { + "version_data": [ + { + "version_value": "0.18 through 0.32" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dev] 20171130 [SECURITY] [CVE-2017-15702] Apache Qpid Broker-J Authentication Vulnerability on HTTP Ports", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/59d241e30db23b8b0af26bb273f789aa1f08515d3dc1a3868d3ba090@%3Cdev.qpid.apache.org%3E" - }, - { - "name" : "https://issues.apache.org/jira/browse/QPID-8039", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/QPID-8039" - }, - { - "name" : "https://qpid.apache.org/cves/CVE-2017-15702.html", - "refsource" : "CONFIRM", - "url" : "https://qpid.apache.org/cves/CVE-2017-15702.html" - }, - { - "name" : "102040", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://issues.apache.org/jira/browse/QPID-8039", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/QPID-8039" + }, + { + "name": "102040", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102040" + }, + { + "name": "[dev] 20171130 [SECURITY] [CVE-2017-15702] Apache Qpid Broker-J Authentication Vulnerability on HTTP Ports", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/59d241e30db23b8b0af26bb273f789aa1f08515d3dc1a3868d3ba090@%3Cdev.qpid.apache.org%3E" + }, + { + "name": "https://qpid.apache.org/cves/CVE-2017-15702.html", + "refsource": "CONFIRM", + "url": "https://qpid.apache.org/cves/CVE-2017-15702.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9031.json b/2017/9xxx/CVE-2017-9031.json index a118db793d7..683ce52baf0 100644 --- a/2017/9xxx/CVE-2017-9031.json +++ b/2017/9xxx/CVE-2017-9031.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15", - "refsource" : "CONFIRM", - "url" : "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15" - }, - { - "name" : "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd", - "refsource" : "CONFIRM", - "url" : "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd" - }, - { - "name" : "https://bugs.debian.org/862611", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/862611" - }, - { - "name" : "DSA-3856", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3856" - }, - { - "name" : "99099", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99099", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99099" + }, + { + "name": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15", + "refsource": "CONFIRM", + "url": "http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15" + }, + { + "name": "DSA-3856", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3856" + }, + { + "name": "https://bugs.debian.org/862611", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/862611" + }, + { + "name": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd", + "refsource": "CONFIRM", + "url": "http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9902.json b/2017/9xxx/CVE-2017-9902.json index 3e79853deab..d61665dfcff 100644 --- a/2017/9xxx/CVE-2017-9902.json +++ b/2017/9xxx/CVE-2017-9902.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to \"Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e91.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9902", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9902" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to \"Data from Faulting Address controls Code Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e91.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9902", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9902" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0004.json b/2018/0xxx/CVE-2018-0004.json index dd3b5832d8d..fe7935d27a2 100644 --- a/2018/0xxx/CVE-2018-0004.json +++ b/2018/0xxx/CVE-2018-0004.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2018-01-10T17:00:00.000Z", - "ID" : "CVE-2018-0004", - "STATE" : "PUBLIC", - "TITLE" : "Junos OS: Kernel Denial of Service Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Junos OS", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_name" : "12.1X46", - "version_value" : "12.1X46-D50" - }, - { - "affected" : "<", - "version_name" : "12.3X48", - "version_value" : "12.3X48-D30" - }, - { - "affected" : "<", - "version_name" : "12.3R", - "version_value" : "12.3R12-S7" - }, - { - "affected" : "<", - "version_name" : "14.1", - "version_value" : "14.1R8-S4, 14.1R9" - }, - { - "affected" : "<", - "version_name" : "14.1X53", - "version_value" : "14.1X53-D30, 14.1X53-D34" - }, - { - "affected" : "<", - "version_name" : "14.2", - "version_value" : "14.2R8" - }, - { - "affected" : "<", - "version_name" : "15.1", - "version_value" : "15.1F6, 15.1R3" - }, - { - "affected" : "<", - "version_name" : "15.1X49", - "version_value" : "15.1X49-D40" - }, - { - "affected" : "<", - "version_name" : "15.1X53", - "version_value" : "15.1X53-D31, 15.1X53-D33, 15.1X53-D60" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A sustained sequence of different types of normal transit traffic can trigger a high CPU consumption denial of service condition in the Junos OS register and schedule software interrupt handler subsystem when a specific command is issued to the device. This affects one or more threads and conversely one or more running processes running on the system. Once this occurs, the high CPU event(s) affects either or both the forwarding and control plane. As a result of this condition the device can become inaccessible in either or both the control and forwarding plane and stops forwarding traffic until the device is rebooted. The issue will reoccur after reboot upon receiving further transit traffic. Score: 5.7 MEDIUM (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) For network designs utilizing layer 3 forwarding agents or other ARP through layer 3 technologies, the score is slightly higher. Score: 6.5 MEDIUM (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) If the following entry exists in the RE message logs then this may indicate the issue is present. This entry may or may not appear when this issue occurs. /kernel: Expensive timeout(9) function: Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D50; 12.3X48 versions prior to 12.3X48-D30; 12.3R versions prior to 12.3R12-S7; 14.1 versions prior to 14.1R8-S4, 14.1R9; 14.1X53 versions prior to 14.1X53-D30, 14.1X53-D34; 14.2 versions prior to 14.2R8; 15.1 versions prior to 15.1F6, 15.1R3; 15.1X49 versions prior to 15.1X49-D40; 15.1X53 versions prior to 15.1X53-D31, 15.1X53-D33, 15.1X53-D60. No other Juniper Networks products or platforms are affected by this issue." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." - } - ], - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 6.5, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "High CPU consumption\nDistributed Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2018-01-10T17:00:00.000Z", + "ID": "CVE-2018-0004", + "STATE": "PUBLIC", + "TITLE": "Junos OS: Kernel Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "12.1X46", + "version_value": "12.1X46-D50" + }, + { + "affected": "<", + "version_name": "12.3X48", + "version_value": "12.3X48-D30" + }, + { + "affected": "<", + "version_name": "12.3R", + "version_value": "12.3R12-S7" + }, + { + "affected": "<", + "version_name": "14.1", + "version_value": "14.1R8-S4, 14.1R9" + }, + { + "affected": "<", + "version_name": "14.1X53", + "version_value": "14.1X53-D30, 14.1X53-D34" + }, + { + "affected": "<", + "version_name": "14.2", + "version_value": "14.2R8" + }, + { + "affected": "<", + "version_name": "15.1", + "version_value": "15.1F6, 15.1R3" + }, + { + "affected": "<", + "version_name": "15.1X49", + "version_value": "15.1X49-D40" + }, + { + "affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D31, 15.1X53-D33, 15.1X53-D60" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10832", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10832" - }, - { - "name" : "1040183", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040183" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "The following software releases have been updated to resolve this specific issue: 12.1X46-D50, 12.3R12-S7, 12.3X48-D30, 14.1R8-S4, 14.1R9, 14.1X53-D30, 14.1X53-D34, 14.2R8, 15.1F6, 15.1R3, 15.1X49-D40, 15.1X53-D31, 15.1X53-D33, 15.1X53-D60, 16.1R1, and all subsequent releases.\n" - } - ], - "source" : { - "advisory" : "JSA10832", - "defect" : [ - "1145306" - ], - "discovery" : "USER" - }, - "work_around" : [ - { - "lang" : "eng", - "value" : "There are no viable workarounds for this issue.\n" - } - ] -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A sustained sequence of different types of normal transit traffic can trigger a high CPU consumption denial of service condition in the Junos OS register and schedule software interrupt handler subsystem when a specific command is issued to the device. This affects one or more threads and conversely one or more running processes running on the system. Once this occurs, the high CPU event(s) affects either or both the forwarding and control plane. As a result of this condition the device can become inaccessible in either or both the control and forwarding plane and stops forwarding traffic until the device is rebooted. The issue will reoccur after reboot upon receiving further transit traffic. Score: 5.7 MEDIUM (CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) For network designs utilizing layer 3 forwarding agents or other ARP through layer 3 technologies, the score is slightly higher. Score: 6.5 MEDIUM (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) If the following entry exists in the RE message logs then this may indicate the issue is present. This entry may or may not appear when this issue occurs. /kernel: Expensive timeout(9) function: Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D50; 12.3X48 versions prior to 12.3X48-D30; 12.3R versions prior to 12.3R12-S7; 14.1 versions prior to 14.1R8-S4, 14.1R9; 14.1X53 versions prior to 14.1X53-D30, 14.1X53-D34; 14.2 versions prior to 14.2R8; 15.1 versions prior to 15.1F6, 15.1R3; 15.1X49 versions prior to 15.1X49-D40; 15.1X53 versions prior to 15.1X53-D31, 15.1X53-D33, 15.1X53-D60. No other Juniper Networks products or platforms are affected by this issue." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "High CPU consumption\nDistributed Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040183", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040183" + }, + { + "name": "https://kb.juniper.net/JSA10832", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10832" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D50, 12.3R12-S7, 12.3X48-D30, 14.1R8-S4, 14.1R9, 14.1X53-D30, 14.1X53-D34, 14.2R8, 15.1F6, 15.1R3, 15.1X49-D40, 15.1X53-D31, 15.1X53-D33, 15.1X53-D60, 16.1R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10832", + "defect": [ + "1145306" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no viable workarounds for this issue.\n" + } + ] +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0834.json b/2018/0xxx/CVE-2018-0834.json index 3b45a2e99f6..844320025c6 100644 --- a/2018/0xxx/CVE-2018-0834.json +++ b/2018/0xxx/CVE-2018-0834.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-02-13T00:00:00", - "ID" : "CVE-2018-0834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge, ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Critical" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-02-13T00:00:00", + "ID": "CVE-2018-0834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge, ChakraCore", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44078", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44078/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0834", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0834" - }, - { - "name" : "102859", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102859" - }, - { - "name" : "1040372", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Critical" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0834", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0834" + }, + { + "name": "102859", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102859" + }, + { + "name": "44078", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44078/" + }, + { + "name": "1040372", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040372" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000063.json b/2018/1000xxx/CVE-2018-1000063.json index e408b335a6c..7e6fb2661c3 100644 --- a/2018/1000xxx/CVE-2018-1000063.json +++ b/2018/1000xxx/CVE-2018-1000063.json @@ -1,20 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_ASSIGNED" : "2018-02-09", - "ID" : "CVE-2018-1000063", - "REQUESTER" : "kurt@seifried.org", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-5379. Reason: This candidate is a reservation duplicate of CVE-2018-5379. Notes: All CVE users should reference CVE-2018-5379 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-1000063", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-5379. Reason: This candidate is a reservation duplicate of CVE-2018-5379. Notes: All CVE users should reference CVE-2018-5379 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12277.json b/2018/12xxx/CVE-2018-12277.json index 122e24ea332..c48ce982d0a 100644 --- a/2018/12xxx/CVE-2018-12277.json +++ b/2018/12xxx/CVE-2018-12277.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12277", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12277", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12288.json b/2018/12xxx/CVE-2018-12288.json index b343be20a37..63fb47e3443 100644 --- a/2018/12xxx/CVE-2018-12288.json +++ b/2018/12xxx/CVE-2018-12288.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12288", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12288", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12307.json b/2018/12xxx/CVE-2018-12307.json index 5136f711c73..8b1f946e1da 100644 --- a/2018/12xxx/CVE-2018-12307.json +++ b/2018/12xxx/CVE-2018-12307.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the \"name\" POST parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc", - "refsource" : "MISC", - "url" : "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root via the \"name\" POST parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc", + "refsource": "MISC", + "url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12442.json b/2018/12xxx/CVE-2018-12442.json index e93719f597a..b35e6a898b9 100644 --- a/2018/12xxx/CVE-2018-12442.json +++ b/2018/12xxx/CVE-2018-12442.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12442", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12442", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12635.json b/2018/12xxx/CVE-2018-12635.json index d47a578c95a..090b30f201b 100644 --- a/2018/12xxx/CVE-2018-12635.json +++ b/2018/12xxx/CVE-2018-12635.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.seebug.org/vuldb/ssvid-97353", - "refsource" : "MISC", - "url" : "https://www.seebug.org/vuldb/ssvid-97353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.seebug.org/vuldb/ssvid-97353", + "refsource": "MISC", + "url": "https://www.seebug.org/vuldb/ssvid-97353" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13086.json b/2018/13xxx/CVE-2018-13086.json index b35d87f3907..4f8496eaaed 100644 --- a/2018/13xxx/CVE-2018-13086.json +++ b/2018/13xxx/CVE-2018-13086.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/VenusADLab/EtherTokens/blob/master/IADOWR/IADOWR.md", - "refsource" : "MISC", - "url" : "https://github.com/VenusADLab/EtherTokens/blob/master/IADOWR/IADOWR.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/VenusADLab/EtherTokens/blob/master/IADOWR/IADOWR.md", + "refsource": "MISC", + "url": "https://github.com/VenusADLab/EtherTokens/blob/master/IADOWR/IADOWR.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16068.json b/2018/16xxx/CVE-2018-16068.json index c34368935a9..0799b95438d 100644 --- a/2018/16xxx/CVE-2018-16068.json +++ b/2018/16xxx/CVE-2018-16068.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-16068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "69.0.3497.81" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out of bounds read and write" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-16068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "69.0.3497.81" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/877182", - "refsource" : "MISC", - "url" : "https://crbug.com/877182" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4289", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4289" - }, - { - "name" : "GLSA-201811-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-10" - }, - { - "name" : "RHSA-2018:2666", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2666" - }, - { - "name" : "105215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Missing validation in Mojo in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds read and write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105215" + }, + { + "name": "DSA-4289", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4289" + }, + { + "name": "https://crbug.com/877182", + "refsource": "MISC", + "url": "https://crbug.com/877182" + }, + { + "name": "RHSA-2018:2666", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2666" + }, + { + "name": "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201811-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-10" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16071.json b/2018/16xxx/CVE-2018-16071.json index c89e6c946c9..a7919fe5cc3 100644 --- a/2018/16xxx/CVE-2018-16071.json +++ b/2018/16xxx/CVE-2018-16071.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-16071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "69.0.3497.81" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use after free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-16071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "69.0.3497.81" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45443", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45443/" - }, - { - "name" : "https://crbug.com/855211", - "refsource" : "MISC", - "url" : "https://crbug.com/855211" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html" - }, - { - "name" : "GLSA-201811-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-10" - }, - { - "name" : "RHSA-2018:2666", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2666" - }, - { - "name" : "105215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105215" + }, + { + "name": "RHSA-2018:2666", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2666" + }, + { + "name": "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201811-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-10" + }, + { + "name": "45443", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45443/" + }, + { + "name": "https://crbug.com/855211", + "refsource": "MISC", + "url": "https://crbug.com/855211" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16950.json b/2018/16xxx/CVE-2018-16950.json index 99da6661d16..1d0ca84232c 100644 --- a/2018/16xxx/CVE-2018-16950.json +++ b/2018/16xxx/CVE-2018-16950.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16950", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Inteno DG400 WU7U_ELION3.11.6-170614_1328 devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses, as demonstrated by macof." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://twitter.com/cyberarchconsul/status/1039682695826169857", - "refsource" : "MISC", - "url" : "https://twitter.com/cyberarchconsul/status/1039682695826169857" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Inteno DG400 WU7U_ELION3.11.6-170614_1328 devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses, as demonstrated by macof." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://twitter.com/cyberarchconsul/status/1039682695826169857", + "refsource": "MISC", + "url": "https://twitter.com/cyberarchconsul/status/1039682695826169857" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4170.json b/2018/4xxx/CVE-2018-4170.json index 445def6a408..b7f64fc2572 100644 --- a/2018/4xxx/CVE-2018-4170.json +++ b/2018/4xxx/CVE-2018-4170.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the \"Admin Framework\" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208692", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208692" - }, - { - "name" : "103582", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103582" - }, - { - "name" : "1040608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the \"Admin Framework\" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208692", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208692" + }, + { + "name": "103582", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103582" + }, + { + "name": "1040608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040608" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4318.json b/2018/4xxx/CVE-2018-4318.json index 1dd890c52bf..b522db6bc48 100644 --- a/2018/4xxx/CVE-2018-4318.json +++ b/2018/4xxx/CVE-2018-4318.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4318", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4318", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4671.json b/2018/4xxx/CVE-2018-4671.json index 3c97a8957d1..9226f2a9d37 100644 --- a/2018/4xxx/CVE-2018-4671.json +++ b/2018/4xxx/CVE-2018-4671.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4671", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4671", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4933.json b/2018/4xxx/CVE-2018-4933.json index 06527fc0c33..4d7c354a8c6 100644 --- a/2018/4xxx/CVE-2018-4933.json +++ b/2018/4xxx/CVE-2018-4933.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 29.0.0.113 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 29.0.0.113 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 29.0.0.113 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 29.0.0.113 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb18-08.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb18-08.html" - }, - { - "name" : "GLSA-201804-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201804-11" - }, - { - "name" : "RHSA-2018:1119", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1119" - }, - { - "name" : "103708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103708" - }, - { - "name" : "1040648", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040648" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103708" + }, + { + "name": "RHSA-2018:1119", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1119" + }, + { + "name": "1040648", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040648" + }, + { + "name": "GLSA-201804-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201804-11" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb18-08.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-08.html" + } + ] + } +} \ No newline at end of file