diff --git a/2003/1xxx/CVE-2003-1184.json b/2003/1xxx/CVE-2003-1184.json index cc4310ff9f1..06bfcd8199a 100644 --- a/2003/1xxx/CVE-2003-1184.json +++ b/2003/1xxx/CVE-2003-1184.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta 2.8 and 2.81 allow remote attackers to inject arbitrary web script or HTML via (1) time in board.php, (2) the profile Homepage-Feld, (3) pictures, and (4) other \"Diverse XSS Bugs.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=195009", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=195009" - }, - { - "name" : "8959", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8959" - }, - { - "name" : "3077", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3077" - }, - { - "name" : "4825", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4825" - }, - { - "name" : "4826", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4826" - }, - { - "name" : "4827", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4827" - }, - { - "name" : "4828", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4828" - }, - { - "name" : "4829", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4829" - }, - { - "name" : "10120", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10120" - }, - { - "name" : "thwboard-multiple-fields-xss(13582)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13582" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta 2.8 and 2.81 allow remote attackers to inject arbitrary web script or HTML via (1) time in board.php, (2) the profile Homepage-Feld, (3) pictures, and (4) other \"Diverse XSS Bugs.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10120", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10120" + }, + { + "name": "thwboard-multiple-fields-xss(13582)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13582" + }, + { + "name": "4825", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4825" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=195009", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=195009" + }, + { + "name": "4828", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4828" + }, + { + "name": "8959", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8959" + }, + { + "name": "4829", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4829" + }, + { + "name": "4827", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4827" + }, + { + "name": "4826", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4826" + }, + { + "name": "3077", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3077" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1208.json b/2003/1xxx/CVE-2003-1208.json index 891bdd1027a..45284cb1ece 100644 --- a/2003/1xxx/CVE-2003-1208.json +++ b/2003/1xxx/CVE-2003-1208.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040205 Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0030.html" - }, - { - "name" : "http://www.nextgenss.com/advisories/ora_from_tz.txt", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/advisories/ora_from_tz.txt" - }, - { - "name" : "http://www.nextgenss.com/advisories/ora_numtodsinterval.txt", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/advisories/ora_numtodsinterval.txt" - }, - { - "name" : "http://www.nextgenss.com/advisories/ora_numtoyminterval.txt", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/advisories/ora_numtoyminterval.txt" - }, - { - "name" : "http://www.nextgenss.com/advisories/ora_time_zone.txt", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/advisories/ora_time_zone.txt" - }, - { - "name" : "VU#240174", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/240174" - }, - { - "name" : "VU#399806", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/399806" - }, - { - "name" : "VU#819126", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/819126" - }, - { - "name" : "VU#846582", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/846582" - }, - { - "name" : "O-093", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-093.shtml" - }, - { - "name" : "9587", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9587" - }, - { - "name" : "3837", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3837" - }, - { - "name" : "3838", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3838" - }, - { - "name" : "3839", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3839" - }, - { - "name" : "3840", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3840" - }, - { - "name" : "10805", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10805" - }, - { - "name" : "oracle-multiple-function-bo(15060)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oracle-multiple-function-bo(15060)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15060" + }, + { + "name": "VU#399806", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/399806" + }, + { + "name": "3840", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3840" + }, + { + "name": "O-093", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-093.shtml" + }, + { + "name": "10805", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10805" + }, + { + "name": "VU#819126", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/819126" + }, + { + "name": "3838", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3838" + }, + { + "name": "VU#240174", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/240174" + }, + { + "name": "20040205 Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0030.html" + }, + { + "name": "9587", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9587" + }, + { + "name": "3839", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3839" + }, + { + "name": "VU#846582", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/846582" + }, + { + "name": "3837", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3837" + }, + { + "name": "http://www.nextgenss.com/advisories/ora_numtodsinterval.txt", + "refsource": "MISC", + "url": "http://www.nextgenss.com/advisories/ora_numtodsinterval.txt" + }, + { + "name": "http://www.nextgenss.com/advisories/ora_from_tz.txt", + "refsource": "MISC", + "url": "http://www.nextgenss.com/advisories/ora_from_tz.txt" + }, + { + "name": "http://www.nextgenss.com/advisories/ora_numtoyminterval.txt", + "refsource": "MISC", + "url": "http://www.nextgenss.com/advisories/ora_numtoyminterval.txt" + }, + { + "name": "http://www.nextgenss.com/advisories/ora_time_zone.txt", + "refsource": "MISC", + "url": "http://www.nextgenss.com/advisories/ora_time_zone.txt" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1461.json b/2003/1xxx/CVE-2003-1461.json index ebe0a879c9a..4eab803f305 100644 --- a/2003/1xxx/CVE-2003-1461.json +++ b/2003/1xxx/CVE-2003-1461.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030502 HP-UX 11.0 /usr/lbin/rwrite", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/320323" - }, - { - "name" : "20030503 rwrite buffer overflow in hp-ux", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/320371" - }, - { - "name" : "7489", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7489" - }, - { - "name" : "oval:org.mitre.oval:def:4897", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4897" - }, - { - "name" : "3283", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3283" - }, - { - "name" : "hp-rwrite-bo(11919)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11919" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7489", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7489" + }, + { + "name": "20030503 rwrite buffer overflow in hp-ux", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/320371" + }, + { + "name": "20030502 HP-UX 11.0 /usr/lbin/rwrite", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/320323" + }, + { + "name": "3283", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3283" + }, + { + "name": "oval:org.mitre.oval:def:4897", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4897" + }, + { + "name": "hp-rwrite-bo(11919)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11919" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0007.json b/2004/0xxx/CVE-2004-0007.json index bfade2d0b39..15e702f1530 100644 --- a/2004/0xxx/CVE-2004-0007.json +++ b/2004/0xxx/CVE-2004-0007.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040126 Advisory 01/2004: 12 x Gaim remote overflows", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107513690306318&w=2" - }, - { - "name" : "20040126 Advisory 01/2004: 12 x Gaim remote overflows", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html" - }, - { - "name" : "http://security.e-matters.de/advisories/012004.html", - "refsource" : "MISC", - "url" : "http://security.e-matters.de/advisories/012004.html" - }, - { - "name" : "20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107522432613022&w=2" - }, - { - "name" : "http://ultramagnetic.sourceforge.net/advisories/001.html", - "refsource" : "CONFIRM", - "url" : "http://ultramagnetic.sourceforge.net/advisories/001.html" - }, - { - "name" : "CLA-2004:813", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813" - }, - { - "name" : "DSA-434", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-434" - }, - { - "name" : "GLSA-200401-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200401-04.xml" - }, - { - "name" : "MDKSA-2004:006", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:006" - }, - { - "name" : "RHSA-2004:032", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-032.html" - }, - { - "name" : "RHSA-2004:033", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-033.html" - }, - { - "name" : "SSA:2004-026", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158" - }, - { - "name" : "SuSE-SA:2004:004", - "refsource" : "SUSE", - "url" : "http://www.securityfocus.com/advisories/6281" - }, - { - "name" : "VU#197142", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/197142" - }, - { - "name" : "9489", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9489" - }, - { - "name" : "3733", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3733" - }, - { - "name" : "oval:org.mitre.oval:def:819", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A819" - }, - { - "name" : "oval:org.mitre.oval:def:9906", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9906" - }, - { - "name" : "1008850", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1008850" - }, - { - "name" : "gaim-extractinfo-bo(14946)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14946" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9489", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9489" + }, + { + "name": "DSA-434", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-434" + }, + { + "name": "RHSA-2004:032", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-032.html" + }, + { + "name": "oval:org.mitre.oval:def:9906", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9906" + }, + { + "name": "SSA:2004-026", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158" + }, + { + "name": "20040126 Advisory 01/2004: 12 x Gaim remote overflows", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107513690306318&w=2" + }, + { + "name": "http://ultramagnetic.sourceforge.net/advisories/001.html", + "refsource": "CONFIRM", + "url": "http://ultramagnetic.sourceforge.net/advisories/001.html" + }, + { + "name": "GLSA-200401-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200401-04.xml" + }, + { + "name": "1008850", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1008850" + }, + { + "name": "20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107522432613022&w=2" + }, + { + "name": "http://security.e-matters.de/advisories/012004.html", + "refsource": "MISC", + "url": "http://security.e-matters.de/advisories/012004.html" + }, + { + "name": "RHSA-2004:033", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-033.html" + }, + { + "name": "3733", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3733" + }, + { + "name": "MDKSA-2004:006", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:006" + }, + { + "name": "oval:org.mitre.oval:def:819", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A819" + }, + { + "name": "VU#197142", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/197142" + }, + { + "name": "20040126 Advisory 01/2004: 12 x Gaim remote overflows", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html" + }, + { + "name": "SuSE-SA:2004:004", + "refsource": "SUSE", + "url": "http://www.securityfocus.com/advisories/6281" + }, + { + "name": "CLA-2004:813", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813" + }, + { + "name": "gaim-extractinfo-bo(14946)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14946" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0278.json b/2004/0xxx/CVE-2004-0278.json index 8e4fee16b39..378bd9640f1 100644 --- a/2004/0xxx/CVE-2004-0278.json +++ b/2004/0xxx/CVE-2004-0278.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Ratbag game engine, as used in products such as Dirt Track Racing, Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet that specifies the length of data to read and then sends a second TCP packet that contains less data than specified, which causes Ratbag to repeatedly check the socket for more data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040211 Denial of Service in Ratbag's game engine", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107655269820530&w=2" - }, - { - "name" : "ratbag-data-length-dos(15188)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15188" - }, - { - "name" : "9644", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9644" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ratbag game engine, as used in products such as Dirt Track Racing, Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet that specifies the length of data to read and then sends a second TCP packet that contains less data than specified, which causes Ratbag to repeatedly check the socket for more data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9644", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9644" + }, + { + "name": "ratbag-data-length-dos(15188)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15188" + }, + { + "name": "20040211 Denial of Service in Ratbag's game engine", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107655269820530&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0332.json b/2004/0xxx/CVE-2004-0332.json index 6eab9cdadb6..8092767051b 100644 --- a/2004/0xxx/CVE-2004-0332.json +++ b/2004/0xxx/CVE-2004-0332.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0332", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Extremail 1.5.9 does not check passwords correctly when they are all digits or begin with a digit, which allows remote attackers to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0332", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040226 Extremail Security Problem", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107783767517850&w=2" - }, - { - "name" : "extremail-password-gain-access(15329)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15329" - }, - { - "name" : "9754", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9754" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Extremail 1.5.9 does not check passwords correctly when they are all digits or begin with a digit, which allows remote attackers to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "extremail-password-gain-access(15329)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15329" + }, + { + "name": "9754", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9754" + }, + { + "name": "20040226 Extremail Security Problem", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107783767517850&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0422.json b/2004/0xxx/CVE-2004-0422.json index fafc9a0571c..a511867da1e 100644 --- a/2004/0xxx/CVE-2004-0422.json +++ b/2004/0xxx/CVE-2004-0422.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "flim before 1.14.3 creates temporary files insecurely, which allows local users to overwrite arbitrary files of the Emacs user via a symlink attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-500", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-500" - }, - { - "name" : "RHSA-2004:344", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-344.html" - }, - { - "name" : "flim-insecure-temporary-file(16027)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "flim before 1.14.3 creates temporary files insecurely, which allows local users to overwrite arbitrary files of the Emacs user via a symlink attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2004:344", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-344.html" + }, + { + "name": "DSA-500", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-500" + }, + { + "name": "flim-insecure-temporary-file(16027)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16027" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0837.json b/2004/0xxx/CVE-2004-0837.json index b1691dde12e..e2eaef03694 100644 --- a/2004/0xxx/CVE-2004-0837.json +++ b/2004/0xxx/CVE-2004-0837.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CLA-2004:892", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892" - }, - { - "name" : "DSA-562", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-562" - }, - { - "name" : "GLSA-200410-22", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml" - }, - { - "name" : "http://bugs.mysql.com/2408", - "refsource" : "MISC", - "url" : "http://bugs.mysql.com/2408" - }, - { - "name" : "http://lists.mysql.com/internals/16168", - "refsource" : "MISC", - "url" : "http://lists.mysql.com/internals/16168" - }, - { - "name" : "http://lists.mysql.com/internals/16173", - "refsource" : "MISC", - "url" : "http://lists.mysql.com/internals/16173" - }, - { - "name" : "http://lists.mysql.com/internals/16174", - "refsource" : "MISC", - "url" : "http://lists.mysql.com/internals/16174" - }, - { - "name" : "http://mysql.bkbits.net:8080/mysql-3.23/diffs/myisammrg/myrg_open.c@1.15", - "refsource" : "MISC", - "url" : "http://mysql.bkbits.net:8080/mysql-3.23/diffs/myisammrg/myrg_open.c@1.15" - }, - { - "name" : "RHSA-2004:597", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-597.html" - }, - { - "name" : "RHSA-2004:611", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-611.html" - }, - { - "name" : "101864", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1" - }, - { - "name" : "2004-0054", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2004/0054/" - }, - { - "name" : "20041125 [USN-32-1] mysql vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110140517515735&w=2" - }, - { - "name" : "P-018", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-018.shtml" - }, - { - "name" : "11357", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11357" - }, - { - "name" : "1011606", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011606" - }, - { - "name" : "12783", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12783/" - }, - { - "name" : "mysql-union-dos(17667)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17667" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lists.mysql.com/internals/16174", + "refsource": "MISC", + "url": "http://lists.mysql.com/internals/16174" + }, + { + "name": "RHSA-2004:611", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-611.html" + }, + { + "name": "12783", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12783/" + }, + { + "name": "DSA-562", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-562" + }, + { + "name": "20041125 [USN-32-1] mysql vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110140517515735&w=2" + }, + { + "name": "http://lists.mysql.com/internals/16173", + "refsource": "MISC", + "url": "http://lists.mysql.com/internals/16173" + }, + { + "name": "mysql-union-dos(17667)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17667" + }, + { + "name": "101864", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1" + }, + { + "name": "11357", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11357" + }, + { + "name": "CLA-2004:892", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892" + }, + { + "name": "RHSA-2004:597", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-597.html" + }, + { + "name": "P-018", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-018.shtml" + }, + { + "name": "http://lists.mysql.com/internals/16168", + "refsource": "MISC", + "url": "http://lists.mysql.com/internals/16168" + }, + { + "name": "GLSA-200410-22", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml" + }, + { + "name": "2004-0054", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2004/0054/" + }, + { + "name": "http://bugs.mysql.com/2408", + "refsource": "MISC", + "url": "http://bugs.mysql.com/2408" + }, + { + "name": "1011606", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011606" + }, + { + "name": "http://mysql.bkbits.net:8080/mysql-3.23/diffs/myisammrg/myrg_open.c@1.15", + "refsource": "MISC", + "url": "http://mysql.bkbits.net:8080/mysql-3.23/diffs/myisammrg/myrg_open.c@1.15" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0885.json b/2004/0xxx/CVE-2004-0885.json index ad0a7fe8091..e1e8368a295 100644 --- a/2004/0xxx/CVE-2004-0885.json +++ b/2004/0xxx/CVE-2004-0885.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0885", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the \"SSLCipherSuite\" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0885", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.apacheweek.com/features/security-20", - "refsource" : "CONFIRM", - "url" : "http://www.apacheweek.com/features/security-20" - }, - { - "name" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=31505", - "refsource" : "CONFIRM", - "url" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=31505" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm" - }, - { - "name" : "APPLE-SA-2005-08-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2005-08-17", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" - }, - { - "name" : "HPSBUX01123", - "refsource" : "HP", - "url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01123" - }, - { - "name" : "RHSA-2004:600", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-600.html" - }, - { - "name" : "RHSA-2004:562", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-562.html" - }, - { - "name" : "RHSA-2005:816", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-816.html" - }, - { - "name" : "RHSA-2008:0261", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0261.html" - }, - { - "name" : "102198", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1" - }, - { - "name" : "USN-177-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-177-1" - }, - { - "name" : "20041015 [OpenPKG-SA-2004.044] OpenPKG Security Advisory (modssl)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109786159119069&w=2" - }, - { - "name" : "11360", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11360" - }, - { - "name" : "oval:org.mitre.oval:def:10384", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10384" - }, - { - "name" : "ADV-2006-0789", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0789" - }, - { - "name" : "19072", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19072" - }, - { - "name" : "apache-sslciphersuite-restriction-bypass(17671)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the \"SSLCipherSuite\" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11360", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11360" + }, + { + "name": "RHSA-2004:562", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-562.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm" + }, + { + "name": "USN-177-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-177-1" + }, + { + "name": "20041015 [OpenPKG-SA-2004.044] OpenPKG Security Advisory (modssl)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109786159119069&w=2" + }, + { + "name": "RHSA-2005:816", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-816.html" + }, + { + "name": "oval:org.mitre.oval:def:10384", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10384" + }, + { + "name": "19072", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19072" + }, + { + "name": "HPSBUX01123", + "refsource": "HP", + "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01123" + }, + { + "name": "apache-sslciphersuite-restriction-bypass(17671)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17671" + }, + { + "name": "APPLE-SA-2005-08-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" + }, + { + "name": "RHSA-2008:0261", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" + }, + { + "name": "RHSA-2004:600", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-600.html" + }, + { + "name": "APPLE-SA-2005-08-17", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" + }, + { + "name": "102198", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1" + }, + { + "name": "http://issues.apache.org/bugzilla/show_bug.cgi?id=31505", + "refsource": "CONFIRM", + "url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=31505" + }, + { + "name": "ADV-2006-0789", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0789" + }, + { + "name": "http://www.apacheweek.com/features/security-20", + "refsource": "CONFIRM", + "url": "http://www.apacheweek.com/features/security-20" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1201.json b/2004/1xxx/CVE-2004-1201.json index 6499e30694f..3118ac4da17 100644 --- a/2004/1xxx/CVE-2004-1201.json +++ b/2004/1xxx/CVE-2004-1201.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1201", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041125 Re: MSIE flaws: nested array sort() loop Stack overflow exception", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=110141347502530&w=2" - }, - { - "name" : "20041125 Re: Opera flaws: nested array sort() loop Stack overflow exception", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=110144136213993&w=2" - }, - { - "name" : "11762", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11762" - }, - { - "name" : "web-browser-array-dos(18282)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "web-browser-array-dos(18282)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18282" + }, + { + "name": "20041125 Re: Opera flaws: nested array sort() loop Stack overflow exception", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=110144136213993&w=2" + }, + { + "name": "20041125 Re: MSIE flaws: nested array sort() loop Stack overflow exception", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=110141347502530&w=2" + }, + { + "name": "11762", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11762" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1791.json b/2004/1xxx/CVE-2004-1791.json index 23e8e30aec5..21753b2c11c 100644 --- a/2004/1xxx/CVE-2004-1791.json +++ b/2004/1xxx/CVE-2004-1791.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web management interface in Edimax AR-6004 ADSL Routers uses a default administrator name and password, which also appear as the default login text for the management interface, which allows remote attackers to gain access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040106 EDIMAX AR-6004 Full Rate ADSL Router Cross Site Scripting Vulnerabillity", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/349089" - }, - { - "name" : "3511", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3511" - }, - { - "name" : "1008643", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web management interface in Edimax AR-6004 ADSL Routers uses a default administrator name and password, which also appear as the default login text for the management interface, which allows remote attackers to gain access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040106 EDIMAX AR-6004 Full Rate ADSL Router Cross Site Scripting Vulnerabillity", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/349089" + }, + { + "name": "3511", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3511" + }, + { + "name": "1008643", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008643" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1805.json b/2004/1xxx/CVE-2004-1805.json index d936318b1b4..286286c715c 100644 --- a/2004/1xxx/CVE-2004-1805.json +++ b/2004/1xxx/CVE-2004-1805.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in games using the Epic Games Unreal Engine 436 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in class names." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040310 Format string bug in EpicGames Unreal engine", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107893764406905&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/unrfs-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/unrfs-adv.txt" - }, - { - "name" : "20040311 Re: Format string bug in EpicGames Unreal engine", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107902755204583&w=2" - }, - { - "name" : "9840", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9840" - }, - { - "name" : "11108", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11108" - }, - { - "name" : "ut-class-format-string(15430)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15430" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in games using the Epic Games Unreal Engine 436 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in class names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ut-class-format-string(15430)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15430" + }, + { + "name": "20040310 Format string bug in EpicGames Unreal engine", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107893764406905&w=2" + }, + { + "name": "http://aluigi.altervista.org/adv/unrfs-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/unrfs-adv.txt" + }, + { + "name": "11108", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11108" + }, + { + "name": "9840", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9840" + }, + { + "name": "20040311 Re: Format string bug in EpicGames Unreal engine", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107902755204583&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2299.json b/2004/2xxx/CVE-2004-2299.json index afe6fdf3af1..7e900485854 100644 --- a/2004/2xxx/CVE-2004-2299.json +++ b/2004/2xxx/CVE-2004-2299.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote attackers to execute arbitrary code via an HTTP GET request with a long Range header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040518 Overflow@OmniHTTPd", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/363651" - }, - { - "name" : "10376", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10376" - }, - { - "name" : "12944", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/12944" - }, - { - "name" : "omnithttpd-range-header-bo(16190)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote attackers to execute arbitrary code via an HTTP GET request with a long Range header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10376", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10376" + }, + { + "name": "omnithttpd-range-header-bo(16190)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16190" + }, + { + "name": "20040518 Overflow@OmniHTTPd", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/363651" + }, + { + "name": "12944", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/12944" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2340.json b/2004/2xxx/CVE-2004-2340.json index 257748dbbb7..b9fc3a2d28f 100644 --- a/2004/2xxx/CVE-2004-2340.json +++ b/2004/2xxx/CVE-2004-2340.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** UNVERIFIABLE ** SQL injection vulnerability in PunkBuster Screenshot Database (PB-DB) Alpha 6 allows remote attackers to execute arbitrary SQL commands via the username and password fields of the login form. NOTE: the original vulnerability report contains several significant inconsistencies that make it unclear whether the report is accurate, including (1) PB-DB is really the \"PunkBuster Screenshot Database\" and not \"PunkBuster\" itself; (2) there is no apparent association between PunkBuster and \"Punky Brewster\"; (3) the claimed source code is not anywhere in Alpha 6." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040219 PunkBuster SQL Injection Attack", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/354453" - }, - { - "name" : "9697", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9697" - }, - { - "name" : "18981", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/18981" - }, - { - "name" : "1009145", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009145" - }, - { - "name" : "punkbuster-login-sql-injection(15267)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15267" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** UNVERIFIABLE ** SQL injection vulnerability in PunkBuster Screenshot Database (PB-DB) Alpha 6 allows remote attackers to execute arbitrary SQL commands via the username and password fields of the login form. NOTE: the original vulnerability report contains several significant inconsistencies that make it unclear whether the report is accurate, including (1) PB-DB is really the \"PunkBuster Screenshot Database\" and not \"PunkBuster\" itself; (2) there is no apparent association between PunkBuster and \"Punky Brewster\"; (3) the claimed source code is not anywhere in Alpha 6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9697", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9697" + }, + { + "name": "punkbuster-login-sql-injection(15267)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15267" + }, + { + "name": "1009145", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009145" + }, + { + "name": "20040219 PunkBuster SQL Injection Attack", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/354453" + }, + { + "name": "18981", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/18981" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2218.json b/2008/2xxx/CVE-2008-2218.json index 1e4fe30b3cf..088573d8038 100644 --- a/2008/2xxx/CVE-2008-2218.json +++ b/2008/2xxx/CVE-2008-2218.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Multimedia PC Client in Nortel Multimedia Communication Server (MCS) before Maintenance Release 3.5.8.3 and 4.0.25.3 allows remote attackers to cause a denial of service (crash) via a flood of \"extraneous\" messages, as demonstrated by the Nessus \"Generic flood\" denial of service plugin." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=719698", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=719698" - }, - { - "name" : "28994", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28994" - }, - { - "name" : "ADV-2008-1404", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1404/references" - }, - { - "name" : "1019957", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019957" - }, - { - "name" : "30038", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30038" - }, - { - "name" : "nortel-mcs-client-bo(42115)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Multimedia PC Client in Nortel Multimedia Communication Server (MCS) before Maintenance Release 3.5.8.3 and 4.0.25.3 allows remote attackers to cause a denial of service (crash) via a flood of \"extraneous\" messages, as demonstrated by the Nessus \"Generic flood\" denial of service plugin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1404", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1404/references" + }, + { + "name": "30038", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30038" + }, + { + "name": "nortel-mcs-client-bo(42115)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42115" + }, + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=719698", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=719698" + }, + { + "name": "28994", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28994" + }, + { + "name": "1019957", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019957" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2732.json b/2008/2xxx/CVE-2008-2732.json index 53fd9a50135..b5aec1f041a 100644 --- a/2008/2xxx/CVE-2008-2732.json +++ b/2008/2xxx/CVE-2008-2732.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7, 8.0 before 8.0(3)20, and 8.1 before 8.1(1)8 allow remote attackers to cause a denial of service (device reload) via unknown vectors, aka Bug IDs CSCsq07867, CSCsq57091, CSCsk60581, and CSCsq39315." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2008-2732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080903 Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml" - }, - { - "name" : "20080903 Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa" - }, - { - "name" : "30998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30998" - }, - { - "name" : "1020808", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020808" - }, - { - "name" : "1020809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020809" - }, - { - "name" : "31730", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31730" - }, - { - "name" : "cisco-pix-asa-sipinspection-dos(44866)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44866" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the SIP inspection functionality in Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.0 before 7.0(7)16, 7.1 before 7.1(2)71, 7.2 before 7.2(4)7, 8.0 before 8.0(3)20, and 8.1 before 8.1(1)8 allow remote attackers to cause a denial of service (device reload) via unknown vectors, aka Bug IDs CSCsq07867, CSCsq57091, CSCsk60581, and CSCsq39315." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020808", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020808" + }, + { + "name": "20080903 Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml" + }, + { + "name": "20080903 Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa" + }, + { + "name": "31730", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31730" + }, + { + "name": "cisco-pix-asa-sipinspection-dos(44866)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44866" + }, + { + "name": "1020809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020809" + }, + { + "name": "30998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30998" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2779.json b/2008/2xxx/CVE-2008-2779.json index 57871c4c53d..f215da447fe 100644 --- a/2008/2xxx/CVE-2008-2779.json +++ b/2008/2xxx/CVE-2008-2779.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://vuln.sg/cuteftp820-en.html", - "refsource" : "MISC", - "url" : "http://vuln.sg/cuteftp820-en.html" - }, - { - "name" : "ADV-2008-1653", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1653/references" - }, - { - "name" : "1020113", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020113" - }, - { - "name" : "29760", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29760" - }, - { - "name" : "cuteftp-list-directory-traversal(42633)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\\ (dot dot backslash) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cuteftp-list-directory-traversal(42633)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42633" + }, + { + "name": "http://vuln.sg/cuteftp820-en.html", + "refsource": "MISC", + "url": "http://vuln.sg/cuteftp820-en.html" + }, + { + "name": "29760", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29760" + }, + { + "name": "1020113", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020113" + }, + { + "name": "ADV-2008-1653", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1653/references" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6288.json b/2008/6xxx/CVE-2008-6288.json index cbcda4dc763..76487a6f8a0 100644 --- a/2008/6xxx/CVE-2008-6288.json +++ b/2008/6xxx/CVE-2008-6288.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in download.php in Interface Medien ibase 2.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6126", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6126" - }, - { - "name" : "30362", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30362" - }, - { - "name" : "31210", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31210" - }, - { - "name" : "ibase-download-directory-traversal(43983)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43983" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in download.php in Interface Medien ibase 2.03 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30362", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30362" + }, + { + "name": "ibase-download-directory-traversal(43983)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43983" + }, + { + "name": "31210", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31210" + }, + { + "name": "6126", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6126" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6394.json b/2008/6xxx/CVE-2008-6394.json index 906708ab9bf..228258307e2 100644 --- a/2008/6xxx/CVE-2008-6394.json +++ b/2008/6xxx/CVE-2008-6394.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080902 CS-Cart <= 1.3.5 SQL Injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495907/100/0/threaded" - }, - { - "name" : "6352", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6352" - }, - { - "name" : "http://www.gulftech.org/?node=research&article_id=00128-09022008", - "refsource" : "MISC", - "url" : "http://www.gulftech.org/?node=research&article_id=00128-09022008" - }, - { - "name" : "30979", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30979" - }, - { - "name" : "31686", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31686" - }, - { - "name" : "cscart-user-sql-injection(44852)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44852" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6352", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6352" + }, + { + "name": "31686", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31686" + }, + { + "name": "http://www.gulftech.org/?node=research&article_id=00128-09022008", + "refsource": "MISC", + "url": "http://www.gulftech.org/?node=research&article_id=00128-09022008" + }, + { + "name": "20080902 CS-Cart <= 1.3.5 SQL Injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495907/100/0/threaded" + }, + { + "name": "cscart-user-sql-injection(44852)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44852" + }, + { + "name": "30979", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30979" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6720.json b/2008/6xxx/CVE-2008-6720.json index e9201669c19..2cdf57e1ca1 100644 --- a/2008/6xxx/CVE-2008-6720.json +++ b/2008/6xxx/CVE-2008-6720.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka the admin field)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7024", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7024" - }, - { - "name" : "32163", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32163" - }, - { - "name" : "phplinks-admlogin-sql-injection(50392)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50392" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka the admin field)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32163", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32163" + }, + { + "name": "phplinks-admlogin-sql-injection(50392)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50392" + }, + { + "name": "7024", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7024" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6759.json b/2008/6xxx/CVE-2008-6759.json index e146adb12ec..92d80f4df38 100644 --- a/2008/6xxx/CVE-2008-6759.json +++ b/2008/6xxx/CVE-2008-6759.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6759", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via a URL in the POST_DATA parameter to manuals_search.php, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081229 ViArt Shopping Cart v3.5 Multiple Remote Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499625/100/0/threaded" - }, - { - "name" : "33043", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33043" - }, - { - "name" : "53281", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/53281" - }, - { - "name" : "1021497", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain sensitive information via a URL in the POST_DATA parameter to manuals_search.php, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53281", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/53281" + }, + { + "name": "20081229 ViArt Shopping Cart v3.5 Multiple Remote Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499625/100/0/threaded" + }, + { + "name": "1021497", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021497" + }, + { + "name": "33043", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33043" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7141.json b/2008/7xxx/CVE-2008-7141.json index 3ddea132807..ba3670b7644 100644 --- a/2008/7xxx/CVE-2008-7141.json +++ b/2008/7xxx/CVE-2008-7141.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in setup.php in @lex Poll 2.1 allows remote attackers to inject arbitrary web script or HTML via the language_setup parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/28520.html", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/28520.html" - }, - { - "name" : "28520", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28520" - }, - { - "name" : "@lexpoll-setup-xss(41564)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41564" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in setup.php in @lex Poll 2.1 allows remote attackers to inject arbitrary web script or HTML via the language_setup parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "@lexpoll-setup-xss(41564)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41564" + }, + { + "name": "28520", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28520" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/28520.html", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28520.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1386.json b/2012/1xxx/CVE-2012-1386.json index d3b913ab7db..2bd8a50b38c 100644 --- a/2012/1xxx/CVE-2012-1386.json +++ b/2012/1xxx/CVE-2012-1386.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the YouMail Visual Voicemail Plus (com.youmail.android.vvm) application 2.0.45 and 2.1.43 for Android has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1386-vulnerability-in-YouMailVisualVoicemailPlus.html", - "refsource" : "MISC", - "url" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1386-vulnerability-in-YouMailVisualVoicemailPlus.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the YouMail Visual Voicemail Plus (com.youmail.android.vvm) application 2.0.45 and 2.1.43 for Android has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1386-vulnerability-in-YouMailVisualVoicemailPlus.html", + "refsource": "MISC", + "url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1386-vulnerability-in-YouMailVisualVoicemailPlus.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1562.json b/2012/1xxx/CVE-2012-1562.json index 3987dfc92e4..e98d62bc081 100644 --- a/2012/1xxx/CVE-2012-1562.json +++ b/2012/1xxx/CVE-2012-1562.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1562", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1562", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5026.json b/2012/5xxx/CVE-2012-5026.json index d6142a92061..68d26fed025 100644 --- a/2012/5xxx/CVE-2012-5026.json +++ b/2012/5xxx/CVE-2012-5026.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5026", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5026", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5497.json b/2012/5xxx/CVE-2012-5497.json index 4b296e4955b..3a2fa489822 100644 --- a/2012/5xxx/CVE-2012-5497.json +++ b/2012/5xxx/CVE-2012-5497.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/10/1" - }, - { - "name" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", - "refsource" : "CONFIRM", - "url" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" - }, - { - "name" : "https://plone.org/products/plone-hotfix/releases/20121106", - "refsource" : "CONFIRM", - "url" : "https://plone.org/products/plone-hotfix/releases/20121106" - }, - { - "name" : "https://plone.org/products/plone/security/advisories/20121106/13", - "refsource" : "CONFIRM", - "url" : "https://plone.org/products/plone/security/advisories/20121106/13" - }, - { - "name" : "RHSA-2014:1194", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1194.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", + "refsource": "CONFIRM", + "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" + }, + { + "name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" + }, + { + "name": "https://plone.org/products/plone-hotfix/releases/20121106", + "refsource": "CONFIRM", + "url": "https://plone.org/products/plone-hotfix/releases/20121106" + }, + { + "name": "https://plone.org/products/plone/security/advisories/20121106/13", + "refsource": "CONFIRM", + "url": "https://plone.org/products/plone/security/advisories/20121106/13" + }, + { + "name": "RHSA-2014:1194", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5811.json b/2012/5xxx/CVE-2012-5811.json index d37c160a40c..8421f5422b3 100644 --- a/2012/5xxx/CVE-2012-5811.json +++ b/2012/5xxx/CVE-2012-5811.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Breezy application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", - "refsource" : "MISC", - "url" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Breezy application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", + "refsource": "MISC", + "url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11565.json b/2017/11xxx/CVE-2017-11565.json index 04f019c95f1..c026d1ffdb2 100644 --- a/2017/11xxx/CVE-2017-11565.json +++ b/2017/11xxx/CVE-2017-11565.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption that the specific pathname would remain the same forever), which allows attackers to bypass intended AppArmor restrictions by leveraging the silent loss of this protection mechanism. NOTE: this does not affect systems, such as default Debian stretch installations, on which Tor startup relies on a systemd unit file (instead of this tor.init script)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/869153", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/869153" - }, - { - "name" : "99933", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99933" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption that the specific pathname would remain the same forever), which allows attackers to bypass intended AppArmor restrictions by leveraging the silent loss of this protection mechanism. NOTE: this does not affect systems, such as default Debian stretch installations, on which Tor startup relies on a systemd unit file (instead of this tor.init script)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99933", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99933" + }, + { + "name": "https://bugs.debian.org/869153", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/869153" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11574.json b/2017/11xxx/CVE-2017-11574.json index 4a29238df8a..522c4aff55e 100644 --- a/2017/11xxx/CVE-2017-11574.json +++ b/2017/11xxx/CVE-2017-11574.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset (parsettf.c) resulting in DoS or code execution via a crafted otf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/fontforge/fontforge/issues/3090", - "refsource" : "MISC", - "url" : "https://github.com/fontforge/fontforge/issues/3090" - }, - { - "name" : "DSA-3958", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3958" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FontForge 20161012 is vulnerable to a heap-based buffer overflow in readcffset (parsettf.c) resulting in DoS or code execution via a crafted otf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/fontforge/fontforge/issues/3090", + "refsource": "MISC", + "url": "https://github.com/fontforge/fontforge/issues/3090" + }, + { + "name": "DSA-3958", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3958" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11675.json b/2017/11xxx/CVE-2017-11675.json index bc0f2bb41ef..d2b1a22dce9 100644 --- a/2017/11xxx/CVE-2017-11675.json +++ b/2017/11xxx/CVE-2017-11675.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/imp0wd3r/vuln-papers/tree/master/zencart-155e-auth-rce", - "refsource" : "MISC", - "url" : "https://github.com/imp0wd3r/vuln-papers/tree/master/zencart-155e-auth-rce" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of the admin_name array parameter to admin_dir/login.php, if there is an export of an error-log entry for that invalid array index." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/imp0wd3r/vuln-papers/tree/master/zencart-155e-auth-rce", + "refsource": "MISC", + "url": "https://github.com/imp0wd3r/vuln-papers/tree/master/zencart-155e-auth-rce" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11760.json b/2017/11xxx/CVE-2017-11760.json index 09489d9e6f3..76d892df011 100644 --- a/2017/11xxx/CVE-2017-11760.json +++ b/2017/11xxx/CVE-2017-11760.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://track.projeqtor.org/view/main.php?directAccess=true&objectClass=Ticket&objectId=2884", - "refsource" : "CONFIRM", - "url" : "https://track.projeqtor.org/view/main.php?directAccess=true&objectClass=Ticket&objectId=2884" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://track.projeqtor.org/view/main.php?directAccess=true&objectClass=Ticket&objectId=2884", + "refsource": "CONFIRM", + "url": "https://track.projeqtor.org/view/main.php?directAccess=true&objectClass=Ticket&objectId=2884" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15160.json b/2017/15xxx/CVE-2017-15160.json index a811e486fd0..bf46e5825e4 100644 --- a/2017/15xxx/CVE-2017-15160.json +++ b/2017/15xxx/CVE-2017-15160.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15160", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15160", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15229.json b/2017/15xxx/CVE-2017-15229.json index bc0164723e9..f3f810b2135 100644 --- a/2017/15xxx/CVE-2017-15229.json +++ b/2017/15xxx/CVE-2017-15229.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15229", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15229", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15515.json b/2017/15xxx/CVE-2017-15515.json index 9a651e8da20..63a7b1553c3 100644 --- a/2017/15xxx/CVE-2017-15515.json +++ b/2017/15xxx/CVE-2017-15515.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@netapp.com", - "DATE_PUBLIC" : "2019-03-04T00:00:00", - "ID" : "CVE-2017-15515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SnapCenter Server", - "version" : { - "version_data" : [ - { - "version_value" : "Versions prior to 4.0" - } - ] - } - } - ] - }, - "vendor_name" : "NetApp" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@netapp.com", + "DATE_PUBLIC": "2019-03-04T00:00:00", + "ID": "CVE-2017-15515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SnapCenter Server", + "version": { + "version_data": [ + { + "version_value": "Versions prior to 4.0" + } + ] + } + } + ] + }, + "vendor_name": "NetApp" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.netapp.com/advisory/ntap-20190304-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190304-0002/" - }, - { - "name" : "107272", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107272" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "107272", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107272" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190304-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190304-0002/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15936.json b/2017/15xxx/CVE-2017-15936.json index d4b0ebb75a8..7cd9dbf6a6e 100644 --- a/2017/15xxx/CVE-2017-15936.json +++ b/2017/15xxx/CVE-2017-15936.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/stolabs/security-issue-on-pandora-fms-enterprise-be630059a72d", - "refsource" : "MISC", - "url" : "https://medium.com/stolabs/security-issue-on-pandora-fms-enterprise-be630059a72d" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/stolabs/security-issue-on-pandora-fms-enterprise-be630059a72d", + "refsource": "MISC", + "url": "https://medium.com/stolabs/security-issue-on-pandora-fms-enterprise-be630059a72d" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3186.json b/2017/3xxx/CVE-2017-3186.json index ddcbed8c9cc..0132c65be2f 100644 --- a/2017/3xxx/CVE-2017-3186.json +++ b/2017/3xxx/CVE-2017-3186.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2017-3186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ACTi D, B, I, and E series cameras", - "version" : { - "version_data" : [ - { - "version_value" : "A1D-500-V6.11.31-AC" - } - ] - } - } - ] - }, - "vendor_name" : "ACTi Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-521: Weak Password Requirements" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-3186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ACTi D, B, I, and E series cameras", + "version": { + "version_data": [ + { + "version_value": "A1D-500-V6.11.31-AC" + } + ] + } + } + ] + }, + "vendor_name": "ACTi Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://twitter.com/Hfuhs/status/839252357221330944", - "refsource" : "MISC", - "url" : "https://twitter.com/Hfuhs/status/839252357221330944" - }, - { - "name" : "https://twitter.com/hack3rsca/status/839599437907386368", - "refsource" : "MISC", - "url" : "https://twitter.com/hack3rsca/status/839599437907386368" - }, - { - "name" : "VU#355151", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/355151" - }, - { - "name" : "96720", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96720/info" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-521: Weak Password Requirements" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://twitter.com/hack3rsca/status/839599437907386368", + "refsource": "MISC", + "url": "https://twitter.com/hack3rsca/status/839599437907386368" + }, + { + "name": "96720", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96720/info" + }, + { + "name": "https://twitter.com/Hfuhs/status/839252357221330944", + "refsource": "MISC", + "url": "https://twitter.com/Hfuhs/status/839252357221330944" + }, + { + "name": "VU#355151", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/355151" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3785.json b/2017/3xxx/CVE-2017-3785.json index fb1a627692b..cb78d3f188f 100644 --- a/2017/3xxx/CVE-2017-3785.json +++ b/2017/3xxx/CVE-2017-3785.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3785", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-3785", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3887.json b/2017/3xxx/CVE-2017-3887.json index 39f6b722277..5cd4c710164 100644 --- a/2017/3xxx/CVE-2017-3887.json +++ b/2017/3xxx/CVE-2017-3887.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Firepower Detection Engine", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Firepower Detection Engine" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts. This vulnerability affects Cisco Firepower System Software prior to the first fixed release when it is configured with an SSL Decrypt-Resign policy. More Information: CSCvb62292. Known Affected Releases: 6.0.1 6.1.0 6.2.0. Known Fixed Releases: 6.2.0 6.1.0.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Firepower Detection Engine", + "version": { + "version_data": [ + { + "version_value": "Cisco Firepower Detection Engine" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw1", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw1" - }, - { - "name" : "97453", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97453" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts. This vulnerability affects Cisco Firepower System Software prior to the first fixed release when it is configured with an SSL Decrypt-Resign policy. More Information: CSCvb62292. Known Affected Releases: 6.0.1 6.1.0 6.2.0. Known Fixed Releases: 6.2.0 6.1.0.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97453", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97453" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw1", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cfpw1" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8045.json b/2017/8xxx/CVE-2017-8045.json index e4c374aea26..c367086f1f4 100644 --- a/2017/8xxx/CVE-2017-8045.json +++ b/2017/8xxx/CVE-2017-8045.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-8045", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Spring AMQP Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7", - "version" : { - "version_data" : [ - { - "version_value" : "Spring AMQP Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-8045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spring AMQP Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7", + "version": { + "version_data": [ + { + "version_value": "Spring AMQP Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2017-8045", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2017-8045" - }, - { - "name" : "100936", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100936" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an org.springframework.amqp.core.Message may be unsafely deserialized when being converted into a string. A malicious payload could be crafted to exploit this and enable a remote code execution attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pivotal.io/security/cve-2017-8045", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2017-8045" + }, + { + "name": "100936", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100936" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8075.json b/2017/8xxx/CVE-2017-8075.json index 26e270a97b2..21c6efde125 100644 --- a/2017/8xxx/CVE-2017-8075.json +++ b/2017/8xxx/CVE-2017-8075.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from \"Switch Info\" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link/", - "refsource" : "MISC", - "url" : "https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link/" - }, - { - "name" : "97983", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97983" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from \"Switch Info\" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link/", + "refsource": "MISC", + "url": "https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link/" + }, + { + "name": "97983", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97983" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8099.json b/2017/8xxx/CVE-2017-8099.json index f328030fbe8..7069139c2df 100644 --- a/2017/8xxx/CVE-2017-8099.json +++ b/2017/8xxx/CVE-2017-8099.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8099", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8099", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Apr/41", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Apr/41" - }, - { - "name" : "https://plugins.trac.wordpress.org/browser/whizz/trunk/change_log.txt", - "refsource" : "MISC", - "url" : "https://plugins.trac.wordpress.org/browser/whizz/trunk/change_log.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Apr/41", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Apr/41" + }, + { + "name": "https://plugins.trac.wordpress.org/browser/whizz/trunk/change_log.txt", + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/browser/whizz/trunk/change_log.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8118.json b/2017/8xxx/CVE-2017-8118.json index 997959ea789..7d1e91a00f4 100644 --- a/2017/8xxx/CVE-2017-8118.json +++ b/2017/8xxx/CVE-2017-8118.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "UMA", - "version" : { - "version_data" : [ - { - "version_value" : "V200R001 and V300R001" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "leak vulnerabilities" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "UMA", + "version": { + "version_data": [ + { + "version_value": "V200R001 and V300R001" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "leak vulnerabilities" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8190.json b/2017/8xxx/CVE-2017-8190.json index 47460a589f6..50931b4f830 100644 --- a/2017/8xxx/CVE-2017-8190.json +++ b/2017/8xxx/CVE-2017-8190.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FusionSphere OpenStack", - "version" : { - "version_data" : [ - { - "version_value" : "V100R006C00SPC102(NFV)" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high privilege may exploit this vulnerability to inject malicious software." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "improper verification of cryptographic signature" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FusionSphere OpenStack", + "version": { + "version_data": [ + { + "version_value": "V100R006C00SPC102(NFV)" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high privilege may exploit this vulnerability to inject malicious software." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "improper verification of cryptographic signature" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10653.json b/2018/10xxx/CVE-2018-10653.json index 401b9449e36..98d5326fbae 100644 --- a/2018/10xxx/CVE-2018-10653.json +++ b/2018/10xxx/CVE-2018-10653.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.citrix.com/article/CTX234879", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX234879" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.citrix.com/article/CTX234879", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX234879" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12031.json b/2018/12xxx/CVE-2018-12031.json index 9326329208c..906e94644b4 100644 --- a/2018/12xxx/CVE-2018-12031.json +++ b/2018/12xxx/CVE-2018-12031.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion", - "refsource" : "MISC", - "url" : "https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion", + "refsource": "MISC", + "url": "https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12179.json b/2018/12xxx/CVE-2018-12179.json index c770892798b..72c1118eced 100644 --- a/2018/12xxx/CVE-2018-12179.json +++ b/2018/12xxx/CVE-2018-12179.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12179", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12179", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12268.json b/2018/12xxx/CVE-2018-12268.json index a685ab074cd..8f6bddb7d35 100644 --- a/2018/12xxx/CVE-2018-12268.json +++ b/2018/12xxx/CVE-2018-12268.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://b3n7s.github.io/acccheck-command-injection.html", - "refsource" : "MISC", - "url" : "http://b3n7s.github.io/acccheck-command-injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "acccheck.pl in acccheck 0.2.1 allows Command Injection via shell metacharacters in a username or password file, as demonstrated by injection into an smbclient command line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://b3n7s.github.io/acccheck-command-injection.html", + "refsource": "MISC", + "url": "http://b3n7s.github.io/acccheck-command-injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12426.json b/2018/12xxx/CVE-2018-12426.json index 1bee2b809d6..ab751ed63c9 100644 --- a/2018/12xxx/CVE-2018-12426.json +++ b/2018/12xxx/CVE-2018-12426.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/CodeCabin/wp-live-chat-support/blob/master/readme.txt", - "refsource" : "MISC", - "url" : "https://github.com/CodeCabin/wp-live-chat-support/blob/master/readme.txt" - }, - { - "name" : "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-12426", - "refsource" : "MISC", - "url" : "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-12426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the image/jpeg content type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-12426", + "refsource": "MISC", + "url": "https://github.com/RiieCco/write-ups/tree/master/CVE-2018-12426" + }, + { + "name": "https://github.com/CodeCabin/wp-live-chat-support/blob/master/readme.txt", + "refsource": "MISC", + "url": "https://github.com/CodeCabin/wp-live-chat-support/blob/master/readme.txt" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12623.json b/2018/12xxx/CVE-2018-12623.json index ab3974ab405..0bd7aae2195 100644 --- a/2018/12xxx/CVE-2018-12623.json +++ b/2018/12xxx/CVE-2018-12623.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12623", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12623", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12743.json b/2018/12xxx/CVE-2018-12743.json index e852922c1ba..8c4b9e9371f 100644 --- a/2018/12xxx/CVE-2018-12743.json +++ b/2018/12xxx/CVE-2018-12743.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12743", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12743", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13336.json b/2018/13xxx/CVE-2018-13336.json index c38f29d2637..49d34883970 100644 --- a/2018/13xxx/CVE-2018-13336.json +++ b/2018/13xxx/CVE-2018-13336.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the \"pwd\" parameter during user creation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a", - "refsource" : "MISC", - "url" : "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "System command injection in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute system commands via the \"pwd\" parameter during user creation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a", + "refsource": "MISC", + "url": "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13436.json b/2018/13xxx/CVE-2018-13436.json index fe27496f391..e8e36d936fc 100644 --- a/2018/13xxx/CVE-2018-13436.json +++ b/2018/13xxx/CVE-2018-13436.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13436", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13436", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13720.json b/2018/13xxx/CVE-2018-13720.json index 55e75ff9ff9..215b61f3ce0 100644 --- a/2018/13xxx/CVE-2018-13720.json +++ b/2018/13xxx/CVE-2018-13720.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for Antoken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Antoken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Antoken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for Antoken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Antoken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Antoken" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13982.json b/2018/13xxx/CVE-2018-13982.json index 805cb3727a4..6a1e9007e42 100644 --- a/2018/13xxx/CVE-2018-13982.json +++ b/2018/13xxx/CVE-2018-13982.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal", - "refsource" : "MISC", - "url" : "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal" - }, - { - "name" : "https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50", - "refsource" : "CONFIRM", - "url" : "https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50" - }, - { - "name" : "https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe", - "refsource" : "CONFIRM", - "url" : "https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe" - }, - { - "name" : "https://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531", - "refsource" : "CONFIRM", - "url" : "https://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531" - }, - { - "name" : "https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1", - "refsource" : "CONFIRM", - "url" : "https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1" - }, - { - "name" : "https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8", - "refsource" : "CONFIRM", - "url" : "https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50", + "refsource": "CONFIRM", + "url": "https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50" + }, + { + "name": "https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8", + "refsource": "CONFIRM", + "url": "https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8" + }, + { + "name": "https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1", + "refsource": "CONFIRM", + "url": "https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1" + }, + { + "name": "https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe", + "refsource": "CONFIRM", + "url": "https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe" + }, + { + "name": "https://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531", + "refsource": "CONFIRM", + "url": "https://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531" + }, + { + "name": "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal", + "refsource": "MISC", + "url": "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16000.json b/2018/16xxx/CVE-2018-16000.json index 062a1b1c51d..bf39f48e117 100644 --- a/2018/16xxx/CVE-2018-16000.json +++ b/2018/16xxx/CVE-2018-16000.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-16000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-16000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106172", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + }, + { + "name": "106172", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106172" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16823.json b/2018/16xxx/CVE-2018-16823.json index 2d514910db0..e87430382eb 100644 --- a/2018/16xxx/CVE-2018-16823.json +++ b/2018/16xxx/CVE-2018-16823.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16823", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16823", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16921.json b/2018/16xxx/CVE-2018-16921.json index 09a8537d25e..b413185c2aa 100644 --- a/2018/16xxx/CVE-2018-16921.json +++ b/2018/16xxx/CVE-2018-16921.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16921", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16921", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16941.json b/2018/16xxx/CVE-2018-16941.json index 1caaa65dd23..41f2c6caf2e 100644 --- a/2018/16xxx/CVE-2018-16941.json +++ b/2018/16xxx/CVE-2018-16941.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16941", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16941", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17000.json b/2018/17xxx/CVE-2018-17000.json index 422b0ce4c43..cc70627254e 100644 --- a/2018/17xxx/CVE-2018-17000.json +++ b/2018/17xxx/CVE-2018-17000.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190218 [SECURITY] [DLA 1680-1] tiff security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2811", - "refsource" : "MISC", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2811" - }, - { - "name" : "USN-3906-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3906-1/" - }, - { - "name" : "105342", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2811", + "refsource": "MISC", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2811" + }, + { + "name": "105342", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105342" + }, + { + "name": "USN-3906-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3906-1/" + }, + { + "name": "[debian-lts-announce] 20190218 [SECURITY] [DLA 1680-1] tiff security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00026.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17155.json b/2018/17xxx/CVE-2018-17155.json index 5c8b61b836d..b60544da8de 100644 --- a/2018/17xxx/CVE-2018-17155.json +++ b/2018/17xxx/CVE-2018-17155.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secteam@freebsd.org", - "DATE_PUBLIC" : "2018-09-27T00:00:00", - "ID" : "CVE-2018-17155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FreeBSD", - "version" : { - "version_data" : [ - { - "version_value" : "11.2 before 11.2-RELEASE-p4" - }, - { - "version_value" : "11.1 before 11.1-RELEASE-p15" - }, - { - "version_value" : "10.x before 10.4-RELEASE-p13" - } - ] - } - } - ] - }, - "vendor_name" : "FreeBSD" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Kernel memory disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secteam@freebsd.org", + "DATE_PUBLIC": "2018-09-27T00:00:00", + "ID": "CVE-2018-17155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "11.2 before 11.2-RELEASE-p4" + }, + { + "version_value": "11.1 before 11.1-RELEASE-p15" + }, + { + "version_value": "10.x before 10.4-RELEASE-p13" + } + ] + } + } + ] + }, + "vendor_name": "FreeBSD" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:12.mem.asc", - "refsource" : "CONFIRM", - "url" : "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:12.mem.asc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Kernel memory disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:12.mem.asc", + "refsource": "CONFIRM", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:12.mem.asc" + } + ] + } +} \ No newline at end of file