diff --git a/2004/0xxx/CVE-2004-0039.json b/2004/0xxx/CVE-2004-0039.json index dc73389b792..e6442407734 100644 --- a/2004/0xxx/CVE-2004-0039.json +++ b/2004/0xxx/CVE-2004-0039.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040204 Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/xforce/alerts/id/162" - }, - { - "name" : "20040205 Two checkpoint fw-1/vpn-1 vulns", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107604682227031&w=2" - }, - { - "name" : "http://www.checkpoint.com/techsupport/alerts/security_server.html", - "refsource" : "CONFIRM", - "url" : "http://www.checkpoint.com/techsupport/alerts/security_server.html" - }, - { - "name" : "TA04-036A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA04-036A.html" - }, - { - "name" : "VU#790771", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/790771" - }, - { - "name" : "O-072", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-072.shtml" - }, - { - "name" : "fw1-format-string(14149)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14149" - }, - { - "name" : "9581", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9581" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040204 Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities", + "refsource": "ISS", + "url": "http://xforce.iss.net/xforce/alerts/id/162" + }, + { + "name": "VU#790771", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/790771" + }, + { + "name": "20040205 Two checkpoint fw-1/vpn-1 vulns", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107604682227031&w=2" + }, + { + "name": "fw1-format-string(14149)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14149" + }, + { + "name": "O-072", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-072.shtml" + }, + { + "name": "http://www.checkpoint.com/techsupport/alerts/security_server.html", + "refsource": "CONFIRM", + "url": "http://www.checkpoint.com/techsupport/alerts/security_server.html" + }, + { + "name": "9581", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9581" + }, + { + "name": "TA04-036A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA04-036A.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0219.json b/2004/0xxx/CVE-2004-0219.json index c2f297b0f73..a5d2c566a1c 100644 --- a/2004/0xxx/CVE-2004-0219.json +++ b/2004/0xxx/CVE-2004-0219.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a malformed IPSEC SA payload, as demonstrated by the Striker ISAKMP Protocol Test Suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040323 R7-0018: OpenBSD isakmpd payload handling denial-of-service vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108008530028019&w=2" - }, - { - "name" : "http://www.rapid7.com/advisories/R7-0018.html", - "refsource" : "MISC", - "url" : "http://www.rapid7.com/advisories/R7-0018.html" - }, - { - "name" : "20040317 015: RELIABILITY FIX: March 17, 2004", - "refsource" : "OPENBSD", - "url" : "http://www.openbsd.org/errata.html" - }, - { - "name" : "VU#785945", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/785945" - }, - { - "name" : "9907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9907" - }, - { - "name" : "1009468", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2004/Mar/1009468.html" - }, - { - "name" : "openbsd-isakmp-ipsec-dos(15628)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a malformed IPSEC SA payload, as demonstrated by the Striker ISAKMP Protocol Test Suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openbsd-isakmp-ipsec-dos(15628)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15628" + }, + { + "name": "1009468", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2004/Mar/1009468.html" + }, + { + "name": "9907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9907" + }, + { + "name": "20040317 015: RELIABILITY FIX: March 17, 2004", + "refsource": "OPENBSD", + "url": "http://www.openbsd.org/errata.html" + }, + { + "name": "20040323 R7-0018: OpenBSD isakmpd payload handling denial-of-service vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108008530028019&w=2" + }, + { + "name": "VU#785945", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/785945" + }, + { + "name": "http://www.rapid7.com/advisories/R7-0018.html", + "refsource": "MISC", + "url": "http://www.rapid7.com/advisories/R7-0018.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0237.json b/2004/0xxx/CVE-2004-0237.json index 73c783f530f..6a5c9f9cfbf 100644 --- a/2004/0xxx/CVE-2004-0237.json +++ b/2004/0xxx/CVE-2004-0237.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in Aprox PHP Portal allows remote attackers to read arbitrary files via a full pathname in the show parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040131 Directory Traversal in Aprox PHP Portal.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107577555527321&w=2" - }, - { - "name" : "9540", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9540" - }, - { - "name" : "10859", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10859" - }, - { - "name" : "1008915", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008915" - }, - { - "name" : "aproxphpportal-index-directory-traversal(15014)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15014" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in Aprox PHP Portal allows remote attackers to read arbitrary files via a full pathname in the show parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "aproxphpportal-index-directory-traversal(15014)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15014" + }, + { + "name": "1008915", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008915" + }, + { + "name": "10859", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10859" + }, + { + "name": "9540", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9540" + }, + { + "name": "20040131 Directory Traversal in Aprox PHP Portal.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107577555527321&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0417.json b/2004/0xxx/CVE-2004-0417.json index 4176fa2a221..f33a4c6963e 100644 --- a/2004/0xxx/CVE-2004-0417.json +++ b/2004/0xxx/CVE-2004-0417.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0417", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the \"Max-dotdot\" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0417", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040609 Advisory 09/2004: More CVS remote vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html" - }, - { - "name" : "http://security.e-matters.de/advisories/092004.html", - "refsource" : "MISC", - "url" : "http://security.e-matters.de/advisories/092004.html" - }, - { - "name" : "DSA-519", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-519" - }, - { - "name" : "GLSA-200406-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200406-06.xml" - }, - { - "name" : "RHSA-2004:233", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-233.html" - }, - { - "name" : "MDKSA-2004:058", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058" - }, - { - "name" : "20040605-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc" - }, - { - "name" : "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108716553923643&w=2" - }, - { - "name" : "oval:org.mitre.oval:def:1001", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1001" - }, - { - "name" : "oval:org.mitre.oval:def:11145", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11145" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the \"Max-dotdot\" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:11145", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11145" + }, + { + "name": "DSA-519", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-519" + }, + { + "name": "http://security.e-matters.de/advisories/092004.html", + "refsource": "MISC", + "url": "http://security.e-matters.de/advisories/092004.html" + }, + { + "name": "20040605-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc" + }, + { + "name": "20040611 [OpenPKG-SA-2004.027] OpenPKG Security Advisory (cvs)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108716553923643&w=2" + }, + { + "name": "RHSA-2004:233", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-233.html" + }, + { + "name": "MDKSA-2004:058", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:058" + }, + { + "name": "GLSA-200406-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200406-06.xml" + }, + { + "name": "oval:org.mitre.oval:def:1001", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1001" + }, + { + "name": "20040609 Advisory 09/2004: More CVS remote vulnerabilities", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1010.json b/2004/1xxx/CVE-2004-1010.json index e3e9d9e797c..30060741921 100644 --- a/2004/1xxx/CVE-2004-1010.json +++ b/2004/1xxx/CVE-2004-1010.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1010", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041103 [HV-MED] Zip/Linux long path buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109958840611053&w=2" - }, - { - "name" : "20041103 [HV-MED] Zip/Linux long path buffer overflow", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028379.html" - }, - { - "name" : "http://www.hexview.com/docs/20041103-1.txt", - "refsource" : "MISC", - "url" : "http://www.hexview.com/docs/20041103-1.txt" - }, - { - "name" : "http://www.info-zip.org/FAQ.html", - "refsource" : "CONFIRM", - "url" : "http://www.info-zip.org/FAQ.html" - }, - { - "name" : "DSA-624", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-624" - }, - { - "name" : "FLSA:2255", - "refsource" : "FEDORA", - "url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2255" - }, - { - "name" : "GLSA-200411-16", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200411-16.xml" - }, - { - "name" : "MDKSA-2004:141", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:141" - }, - { - "name" : "RHSA-2004:634", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-634.html" - }, - { - "name" : "TLSA-2005-18", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.com/security/2005/TLSA-2005-18.txt" - }, - { - "name" : "USN-18-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/18-1/" - }, - { - "name" : "P-072", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-072.shtml" - }, - { - "name" : "11603", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11603" - }, - { - "name" : "oval:org.mitre.oval:def:9848", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9848" - }, - { - "name" : "13094", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13094/" - }, - { - "name" : "infozip-compressed-folder-bo(17956)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11603", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11603" + }, + { + "name": "P-072", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-072.shtml" + }, + { + "name": "oval:org.mitre.oval:def:9848", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9848" + }, + { + "name": "infozip-compressed-folder-bo(17956)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17956" + }, + { + "name": "http://www.info-zip.org/FAQ.html", + "refsource": "CONFIRM", + "url": "http://www.info-zip.org/FAQ.html" + }, + { + "name": "http://www.hexview.com/docs/20041103-1.txt", + "refsource": "MISC", + "url": "http://www.hexview.com/docs/20041103-1.txt" + }, + { + "name": "FLSA:2255", + "refsource": "FEDORA", + "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2255" + }, + { + "name": "TLSA-2005-18", + "refsource": "TURBO", + "url": "http://www.turbolinux.com/security/2005/TLSA-2005-18.txt" + }, + { + "name": "DSA-624", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-624" + }, + { + "name": "GLSA-200411-16", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200411-16.xml" + }, + { + "name": "RHSA-2004:634", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-634.html" + }, + { + "name": "13094", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13094/" + }, + { + "name": "MDKSA-2004:141", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:141" + }, + { + "name": "USN-18-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/18-1/" + }, + { + "name": "20041103 [HV-MED] Zip/Linux long path buffer overflow", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028379.html" + }, + { + "name": "20041103 [HV-MED] Zip/Linux long path buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109958840611053&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1022.json b/2004/1xxx/CVE-2004-1022.json index 83ff507334c..e97db50ef8d 100644 --- a/2004/1xxx/CVE-2004-1022.json +++ b/2004/1xxx/CVE-2004-1022.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041214 [CAN-2004-1022] Insecure Credential Storage on Kerio Software", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110304957607578&w=2" - }, - { - "name" : "kerio-weak-encryption(18470)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041214 [CAN-2004-1022] Insecure Credential Storage on Kerio Software", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110304957607578&w=2" + }, + { + "name": "kerio-weak-encryption(18470)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18470" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1280.json b/2004/1xxx/CVE-2004-1280.json index b1ff35090bb..ebcbce6bfc5 100644 --- a/2004/1xxx/CVE-2004-1280.json +++ b/2004/1xxx/CVE-2004-1280.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 allows remote malicious FTP servers to execute arbitrary commands via shell metacharacters in a filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tigger.uic.edu/~jlongs2/holes/junkie.txt", - "refsource" : "MISC", - "url" : "http://tigger.uic.edu/~jlongs2/holes/junkie.txt" - }, - { - "name" : "junkie-command-execution(18567)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18567" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 allows remote malicious FTP servers to execute arbitrary commands via shell metacharacters in a filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "junkie-command-execution(18567)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18567" + }, + { + "name": "http://tigger.uic.edu/~jlongs2/holes/junkie.txt", + "refsource": "MISC", + "url": "http://tigger.uic.edu/~jlongs2/holes/junkie.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1971.json b/2004/1xxx/CVE-2004-1971.json index 28017d2b41c..c7d5616f1b5 100644 --- a/2004/1xxx/CVE-2004-1971.json +++ b/2004/1xxx/CVE-2004-1971.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid (1) catid or (2) clipid parameter, which reveals the full path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040426 Multiple vulnerabilities PHP-Nuke Video Gallery Module for PHP-Nuke", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108308660628557&w=2" - }, - { - "name" : "video-gallery-error-path-disclosure(15978)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15978" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid (1) catid or (2) clipid parameter, which reveals the full path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040426 Multiple vulnerabilities PHP-Nuke Video Gallery Module for PHP-Nuke", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108308660628557&w=2" + }, + { + "name": "video-gallery-error-path-disclosure(15978)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15978" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2344.json b/2008/2xxx/CVE-2008-2344.json index 69f2077abd1..a85e2a18531 100644 --- a/2008/2xxx/CVE-2008-2344.json +++ b/2008/2xxx/CVE-2008-2344.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2344", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2344", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080515-2/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080515-2/" - }, - { - "name" : "airfilemanager-unspecified-xss(42448)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42448" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "airfilemanager-unspecified-xss(42448)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42448" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20080515-2/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080515-2/" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2398.json b/2008/2xxx/CVE-2008-2398.json index 980afea4005..20c636796c2 100644 --- a/2008/2xxx/CVE-2008-2398.json +++ b/2008/2xxx/CVE-2008-2398.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2398", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080520 AppServ Open Project < = 2.5.10 Remote XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492271/100/0/threaded" - }, - { - "name" : "29291", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29291" - }, - { - "name" : "30333", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30333" - }, - { - "name" : "3896", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3896" - }, - { - "name" : "appserv-index-xss(42546)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42546" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30333", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30333" + }, + { + "name": "appserv-index-xss(42546)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42546" + }, + { + "name": "20080520 AppServ Open Project < = 2.5.10 Remote XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492271/100/0/threaded" + }, + { + "name": "3896", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3896" + }, + { + "name": "29291", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29291" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2614.json b/2008/2xxx/CVE-2008-2614.json index 9c62cdcb996..4f69684c395 100644 --- a/2008/2xxx/CVE-2008-2614.json +++ b/2008/2xxx/CVE-2008-2614.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle HTTP Server component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.3.3 has unknown impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "ADV-2008-2115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2115" - }, - { - "name" : "ADV-2008-2109", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2109/references" - }, - { - "name" : "1020494", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020494" - }, - { - "name" : "31113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31113" - }, - { - "name" : "31087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle HTTP Server component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.3.3 has unknown impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" + }, + { + "name": "ADV-2008-2115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2115" + }, + { + "name": "1020494", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020494" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "ADV-2008-2109", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2109/references" + }, + { + "name": "31087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31087" + }, + { + "name": "31113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31113" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2899.json b/2008/2xxx/CVE-2008-2899.json index e667ba61a06..537662235ce 100644 --- a/2008/2xxx/CVE-2008-2899.json +++ b/2008/2xxx/CVE-2008-2899.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in includes/classes/page.php in j00lean-CMS 1.03 has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=608171", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=608171" - }, - { - "name" : "29885", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29885" - }, - { - "name" : "30703", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30703" - }, - { - "name" : "j00leancms-page-unspecified(43288)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43288" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in includes/classes/page.php in j00lean-CMS 1.03 has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "j00leancms-page-unspecified(43288)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43288" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=608171", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=608171" + }, + { + "name": "29885", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29885" + }, + { + "name": "30703", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30703" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2960.json b/2008/2xxx/CVE-2008-2960.json index 5268bde2e44..db61529ffb0 100644 --- a/2008/2xxx/CVE-2008-2960.json +++ b/2008/2xxx/CVE-2008-2960.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080716 Re: CVE request: phpmyadmin < 2.11.7.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/07/16/11" - }, - { - "name" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-4", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-4" - }, - { - "name" : "http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0", - "refsource" : "CONFIRM", - "url" : "http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0" - }, - { - "name" : "MDVSA-2008:131", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:131" - }, - { - "name" : "SUSE-SR:2009:003", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html" - }, - { - "name" : "ADV-2008-1904", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1904/references" - }, - { - "name" : "30813", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30813" - }, - { - "name" : "30816", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30816" - }, - { - "name" : "33822", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33822" - }, - { - "name" : "phpmyadmin-libraryfiles-xss(43320)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpmyadmin-libraryfiles-xss(43320)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43320" + }, + { + "name": "http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0" + }, + { + "name": "SUSE-SR:2009:003", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html" + }, + { + "name": "30813", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30813" + }, + { + "name": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-4", + "refsource": "CONFIRM", + "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-4" + }, + { + "name": "30816", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30816" + }, + { + "name": "ADV-2008-1904", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1904/references" + }, + { + "name": "33822", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33822" + }, + { + "name": "[oss-security] 20080716 Re: CVE request: phpmyadmin < 2.11.7.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/07/16/11" + }, + { + "name": "MDVSA-2008:131", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:131" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3234.json b/2008/3xxx/CVE-2008-3234.json index 2eff71470f6..754b6f260eb 100644 --- a/2008/3xxx/CVE-2008-3234.json +++ b/2008/3xxx/CVE-2008-3234.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6094", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6094" - }, - { - "name" : "30276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30276" - }, - { - "name" : "openssh-sshd-selinuxrole-unauth-access(44037)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44037" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openssh-sshd-selinuxrole-unauth-access(44037)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44037" + }, + { + "name": "6094", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6094" + }, + { + "name": "30276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30276" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3531.json b/2008/3xxx/CVE-2008-3531.json index 814756f14b7..44875f978cc 100644 --- a/2008/3xxx/CVE-2008-3531.json +++ b/2008/3xxx/CVE-2008-3531.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in FreeBSD 7.0 and 7.1, when vfs.usermount is enabled, allows local users to gain privileges via a crafted (1) mount or (2) nmount system call, related to copying of \"user defined data\" in \"certain error conditions.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-08:08", - "refsource" : "FREEBSD", - "url" : "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:08.nmount.asc" - }, - { - "name" : "31002", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31002" - }, - { - "name" : "1020816", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020816" - }, - { - "name" : "freebsd-vfsmount-bo(45143)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in FreeBSD 7.0 and 7.1, when vfs.usermount is enabled, allows local users to gain privileges via a crafted (1) mount or (2) nmount system call, related to copying of \"user defined data\" in \"certain error conditions.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31002", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31002" + }, + { + "name": "1020816", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020816" + }, + { + "name": "freebsd-vfsmount-bo(45143)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45143" + }, + { + "name": "FreeBSD-SA-08:08", + "refsource": "FREEBSD", + "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:08.nmount.asc" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3600.json b/2008/3xxx/CVE-2008-3600.json index 4e66b959f8d..f60fc66d086 100644 --- a/2008/3xxx/CVE-2008-3600.json +++ b/2008/3xxx/CVE-2008-3600.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3600", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter within a modload action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3600", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080808 [DSECRG-08-035] Local File Include Vulnerability in Gallery 1.5.7, 1.6-alpha3", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495284/100/0/threaded" - }, - { - "name" : "6222", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6222" - }, - { - "name" : "http://gallery.menalto.com/gallery_1.5.8_released", - "refsource" : "CONFIRM", - "url" : "http://gallery.menalto.com/gallery_1.5.8_released" - }, - { - "name" : "GLSA-200811-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200811-02.xml" - }, - { - "name" : "32662", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32662" - }, - { - "name" : "4142", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4142" - }, - { - "name" : "gallery-modules-file-include(44373)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter within a modload action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200811-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml" + }, + { + "name": "http://gallery.menalto.com/gallery_1.5.8_released", + "refsource": "CONFIRM", + "url": "http://gallery.menalto.com/gallery_1.5.8_released" + }, + { + "name": "32662", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32662" + }, + { + "name": "gallery-modules-file-include(44373)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44373" + }, + { + "name": "4142", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4142" + }, + { + "name": "20080808 [DSECRG-08-035] Local File Include Vulnerability in Gallery 1.5.7, 1.6-alpha3", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495284/100/0/threaded" + }, + { + "name": "6222", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6222" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3807.json b/2008/3xxx/CVE-2008-3807.json index edf229de750..ef9706d6532 100644 --- a/2008/3xxx/CVE-2008-3807.json +++ b/2008/3xxx/CVE-2008-3807.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3807", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with \"private\" as the community, which allows remote attackers to obtain administrative access by guessing this community and sending SNMP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2008-3807", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080924 Cisco uBR10012 Series Devices SNMP Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a014b1.shtml" - }, - { - "name" : "oval:org.mitre.oval:def:5452", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5452" - }, - { - "name" : "1020941", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020941" - }, - { - "name" : "ADV-2008-2670", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2670" - }, - { - "name" : "31990", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with \"private\" as the community, which allows remote attackers to obtain administrative access by guessing this community and sending SNMP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31990", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31990" + }, + { + "name": "oval:org.mitre.oval:def:5452", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5452" + }, + { + "name": "1020941", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020941" + }, + { + "name": "ADV-2008-2670", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2670" + }, + { + "name": "20080924 Cisco uBR10012 Series Devices SNMP Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a014b1.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4541.json b/2008/4xxx/CVE-2008-4541.json index 7b996c3268a..2d174a64d4a 100644 --- a/2008/4xxx/CVE-2008-4541.json +++ b/2008/4xxx/CVE-2008-4541.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081009 Sun Java Web Proxy Server FTP Resource Handling Heap-Based Buffer Overflow", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=747" - }, - { - "name" : "242986", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242986-1" - }, - { - "name" : "31691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31691" - }, - { - "name" : "ADV-2008-2781", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2781" - }, - { - "name" : "1021038", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1021038" - }, - { - "name" : "32227", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32227" - }, - { - "name" : "sun-webproxy-ftp-bo(45782)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45782" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sun-webproxy-ftp-bo(45782)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45782" + }, + { + "name": "31691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31691" + }, + { + "name": "32227", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32227" + }, + { + "name": "1021038", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1021038" + }, + { + "name": "ADV-2008-2781", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2781" + }, + { + "name": "20081009 Sun Java Web Proxy Server FTP Resource Handling Heap-Based Buffer Overflow", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=747" + }, + { + "name": "242986", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242986-1" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4872.json b/2008/4xxx/CVE-2008-4872.json index b945cac5569..e5262e9a0ce 100644 --- a/2008/4xxx/CVE-2008-4872.json +++ b/2008/4xxx/CVE-2008-4872.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "28780", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28780" - }, - { - "name" : "itechbids-bidhistory-xss(46320)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46320" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "itechbids-bidhistory-xss(46320)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46320" + }, + { + "name": "28780", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28780" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6333.json b/2008/6xxx/CVE-2008-6333.json index b15d737354e..4343d1e4f00 100644 --- a/2008/6xxx/CVE-2008-6333.json +++ b/2008/6xxx/CVE-2008-6333.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6333", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in news.php in RSS Simple News (RSSSN), when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the pid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7541", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7541" - }, - { - "name" : "32962", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32962" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in news.php in RSS Simple News (RSSSN), when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the pid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32962", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32962" + }, + { + "name": "7541", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7541" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6505.json b/2008/6xxx/CVE-2008-6505.json index 53ddfe34856..2eda99b8d55 100644 --- a/2008/6xxx/CVE-2008-6505.json +++ b/2008/6xxx/CVE-2008-6505.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://issues.apache.org/struts/browse/WW-2779", - "refsource" : "CONFIRM", - "url" : "http://issues.apache.org/struts/browse/WW-2779" - }, - { - "name" : "http://struts.apache.org/2.x/docs/s2-004.html", - "refsource" : "CONFIRM", - "url" : "http://struts.apache.org/2.x/docs/s2-004.html" - }, - { - "name" : "32104", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32104" - }, - { - "name" : "49733", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49733" - }, - { - "name" : "49734", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49734" - }, - { - "name" : "32497", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32497" - }, - { - "name" : "ADV-2008-3003", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://issues.apache.org/struts/browse/WW-2779", + "refsource": "CONFIRM", + "url": "http://issues.apache.org/struts/browse/WW-2779" + }, + { + "name": "http://struts.apache.org/2.x/docs/s2-004.html", + "refsource": "CONFIRM", + "url": "http://struts.apache.org/2.x/docs/s2-004.html" + }, + { + "name": "ADV-2008-3003", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3003" + }, + { + "name": "32497", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32497" + }, + { + "name": "32104", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32104" + }, + { + "name": "49733", + "refsource": "OSVDB", + "url": "http://osvdb.org/49733" + }, + { + "name": "49734", + "refsource": "OSVDB", + "url": "http://osvdb.org/49734" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6803.json b/2008/6xxx/CVE-2008-6803.json index c4810edb068..6f4d10d9cfb 100644 --- a/2008/6xxx/CVE-2008-6803.json +++ b/2008/6xxx/CVE-2008-6803.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in diziler.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "31849", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31849" - }, - { - "name" : "diziportali-diziler-sql-injection(46310)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46310" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in diziler.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "diziportali-diziler-sql-injection(46310)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46310" + }, + { + "name": "31849", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31849" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6960.json b/2008/6xxx/CVE-2008-6960.json index 24981a74d55..5970112c24e 100644 --- a/2008/6xxx/CVE-2008-6960.json +++ b/2008/6xxx/CVE-2008-6960.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7074", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7074" - }, - { - "name" : "32227", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32227" - }, - { - "name" : "49797", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49797" - }, - { - "name" : "32537", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32537" - }, - { - "name" : "ADV-2008-3062", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3062" - }, - { - "name" : "x10automaticmp3-url-info-disclosure(46489)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46489" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7074", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7074" + }, + { + "name": "32227", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32227" + }, + { + "name": "32537", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32537" + }, + { + "name": "ADV-2008-3062", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3062" + }, + { + "name": "x10automaticmp3-url-info-disclosure(46489)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46489" + }, + { + "name": "49797", + "refsource": "OSVDB", + "url": "http://osvdb.org/49797" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6973.json b/2008/6xxx/CVE-2008-6973.json index c0a72978679..37fcc0ea067 100644 --- a/2008/6xxx/CVE-2008-6973.json +++ b/2008/6xxx/CVE-2008-6973.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 before 6.0.0.7 have unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://publib.boulder.ibm.com/infocenter/wchelp/v6r0m0/topic/com.ibm.commerce.admin.doc/refs/rig_new_and_changed.htm", - "refsource" : "CONFIRM", - "url" : "http://publib.boulder.ibm.com/infocenter/wchelp/v6r0m0/topic/com.ibm.commerce.admin.doc/refs/rig_new_and_changed.htm" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24021397", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24021397" - }, - { - "name" : "LI74127", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1LI74127" - }, - { - "name" : "websphere-commerce-multiple-unspecified(53084)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 before 6.0.0.7 have unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "websphere-commerce-multiple-unspecified(53084)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53084" + }, + { + "name": "http://publib.boulder.ibm.com/infocenter/wchelp/v6r0m0/topic/com.ibm.commerce.admin.doc/refs/rig_new_and_changed.htm", + "refsource": "CONFIRM", + "url": "http://publib.boulder.ibm.com/infocenter/wchelp/v6r0m0/topic/com.ibm.commerce.admin.doc/refs/rig_new_and_changed.htm" + }, + { + "name": "LI74127", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LI74127" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24021397", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24021397" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7013.json b/2008/7xxx/CVE-2008-7013.json index aab8a8ac04a..834eab414bb 100644 --- a/2008/7xxx/CVE-2008-7013.json +++ b/2008/7xxx/CVE-2008-7013.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7013", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetService.dll in Baidu Hi IM allows remote servers to cause a denial of service (client crash) via a crafted login response that triggers a divide-by-zero error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080914 Baidu Hi IM client software DoS bug, div zero make client crash", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496353/100/0/threaded" - }, - { - "name" : "51697", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetService.dll in Baidu Hi IM allows remote servers to cause a denial of service (client crash) via a crafted login response that triggers a divide-by-zero error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080914 Baidu Hi IM client software DoS bug, div zero make client crash", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496353/100/0/threaded" + }, + { + "name": "51697", + "refsource": "OSVDB", + "url": "http://osvdb.org/51697" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7031.json b/2008/7xxx/CVE-2008-7031.json index 69b692bb31c..4d5fbc8bb44 100644 --- a/2008/7xxx/CVE-2008-7031.json +++ b/2008/7xxx/CVE-2008-7031.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080219 Two heap overflow in Foxit WAC Server 2.0 Build 3503", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/488366/100/200/threaded" - }, - { - "name" : "http://aluigi.org/adv/wachof-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.org/adv/wachof-adv.txt" - }, - { - "name" : "27873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/27873" - }, - { - "name" : "50997", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50997" - }, - { - "name" : "28272", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28272" - }, - { - "name" : "wacserver-ssh-bo(40608)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wacserver-ssh-bo(40608)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40608" + }, + { + "name": "50997", + "refsource": "OSVDB", + "url": "http://osvdb.org/50997" + }, + { + "name": "http://aluigi.org/adv/wachof-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.org/adv/wachof-adv.txt" + }, + { + "name": "27873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/27873" + }, + { + "name": "20080219 Two heap overflow in Foxit WAC Server 2.0 Build 3503", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/488366/100/200/threaded" + }, + { + "name": "28272", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28272" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2482.json b/2013/2xxx/CVE-2013-2482.json index 1438c5fd1b8..f33925cc0dd 100644 --- a/2013/2xxx/CVE-2013-2482.json +++ b/2013/2xxx/CVE-2013-2482.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html" - }, - { - "name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2013-17.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2013-17.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8337", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8337" - }, - { - "name" : "openSUSE-SU-2013:0494", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00065.html" - }, - { - "name" : "openSUSE-SU-2013:0506", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00077.html" - }, - { - "name" : "oval:org.mitre.oval:def:16677", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16677" - }, - { - "name" : "52471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.wireshark.org/security/wnpa-sec-2013-17.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2013-17.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8337", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8337" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.6.14.html" + }, + { + "name": "openSUSE-SU-2013:0494", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00065.html" + }, + { + "name": "52471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52471" + }, + { + "name": "oval:org.mitre.oval:def:16677", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16677" + }, + { + "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html" + }, + { + "name": "openSUSE-SU-2013:0506", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00077.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11349.json b/2017/11xxx/CVE-2017-11349.json index ee5faa9132f..a3474702dd8 100644 --- a/2017/11xxx/CVE-2017-11349.json +++ b/2017/11xxx/CVE-2017-11349.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11349", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nullku7.github.io/stuff/exposure/industrial/2017/05/02/Thermofisher-dataTaker.html", - "refsource" : "MISC", - "url" : "https://nullku7.github.io/stuff/exposure/industrial/2017/05/02/Thermofisher-dataTaker.html" - }, - { - "name" : "https://twitter.com/nullku7/status/859238295959609344", - "refsource" : "MISC", - "url" : "https://twitter.com/nullku7/status/859238295959609344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs or schedules, for purposes such as sending e-mail messages or making outbound connections to FTP servers for uploading data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://twitter.com/nullku7/status/859238295959609344", + "refsource": "MISC", + "url": "https://twitter.com/nullku7/status/859238295959609344" + }, + { + "name": "https://nullku7.github.io/stuff/exposure/industrial/2017/05/02/Thermofisher-dataTaker.html", + "refsource": "MISC", + "url": "https://nullku7.github.io/stuff/exposure/industrial/2017/05/02/Thermofisher-dataTaker.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11393.json b/2017/11xxx/CVE-2017-11393.json index d60c2fc17c5..eb8c927ba08 100644 --- a/2017/11xxx/CVE-2017-11393.json +++ b/2017/11xxx/CVE-2017-11393.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "DATE_PUBLIC" : "2017-07-20T00:00:00", - "ID" : "CVE-2017-11393", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro OfficeScan", - "version" : { - "version_data" : [ - { - "version_value" : "11, XG (12)" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Proxy Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "DATE_PUBLIC": "2017-07-20T00:00:00", + "ID": "CVE-2017-11393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro OfficeScan", + "version": { + "version_data": [ + { + "version_value": "11, XG (12)" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-522", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-522" - }, - { - "name" : "https://success.trendmicro.com/solution/1117769", - "refsource" : "MISC", - "url" : "https://success.trendmicro.com/solution/1117769" - }, - { - "name" : "100127", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100127" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the tr parameter within Proxy.php. Formerly ZDI-CAN-4543." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Proxy Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://success.trendmicro.com/solution/1117769", + "refsource": "MISC", + "url": "https://success.trendmicro.com/solution/1117769" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-522", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-522" + }, + { + "name": "100127", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100127" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11552.json b/2017/11xxx/CVE-2017-11552.json index 27dc8f45dfe..7f04730234c 100644 --- a/2017/11xxx/CVE-2017-11552.json +++ b/2017/11xxx/CVE-2017-11552.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service (memory corruption seen in a crash in the mad_decoder_run function in decoder.c in libmad) via a crafted MP3 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42409", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42409/" - }, - { - "name" : "http://seclists.org/fulldisclosure/2017/Jul/94", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jul/94" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870406", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870406" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service (memory corruption seen in a crash in the mad_decoder_run function in decoder.c in libmad) via a crafted MP3 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870406", + "refsource": "MISC", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870406" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Jul/94", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Jul/94" + }, + { + "name": "42409", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42409/" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11725.json b/2017/11xxx/CVE-2017-11725.json index dcaf5a7aee7..bbe1aba451f 100644 --- a/2017/11xxx/CVE-2017-11725.json +++ b/2017/11xxx/CVE-2017-11725.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://thycotic.com/products/secret-server/resources/advisories/thy-ss-009/", - "refsource" : "CONFIRM", - "url" : "https://thycotic.com/products/secret-server/resources/advisories/thy-ss-009/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://thycotic.com/products/secret-server/resources/advisories/thy-ss-009/", + "refsource": "CONFIRM", + "url": "https://thycotic.com/products/secret-server/resources/advisories/thy-ss-009/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14151.json b/2017/14xxx/CVE-2017-14151.json index e2558496a56..2fa914f26a8 100644 --- a/2017/14xxx/CVE-2017-14151.json +++ b/2017/14xxx/CVE-2017-14151.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14151", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_mqc_flush in lib/openjp2/mqc.c and opj_t1_encode_cblk in lib/openjp2/t1.c) or possibly remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14151", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/" - }, - { - "name" : "https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9", - "refsource" : "MISC", - "url" : "https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9" - }, - { - "name" : "https://github.com/uclouvain/openjpeg/issues/982", - "refsource" : "MISC", - "url" : "https://github.com/uclouvain/openjpeg/issues/982" - }, - { - "name" : "DSA-4013", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-4013" - }, - { - "name" : "100633", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100633" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_mqc_flush in lib/openjp2/mqc.c and opj_t1_encode_cblk in lib/openjp2/t1.c) or possibly remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/uclouvain/openjpeg/issues/982", + "refsource": "MISC", + "url": "https://github.com/uclouvain/openjpeg/issues/982" + }, + { + "name": "DSA-4013", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-4013" + }, + { + "name": "100633", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100633" + }, + { + "name": "https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9", + "refsource": "MISC", + "url": "https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14317.json b/2017/14xxx/CVE-2017-14317.json index 98937f7adf0..6d139732135 100644 --- a/2017/14xxx/CVE-2017-14317.json +++ b/2017/14xxx/CVE-2017-14317.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14317", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc.)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14317", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181018 [SECURITY] [DLA 1549-1] xen security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html" - }, - { - "name" : "http://xenbits.xen.org/xsa/advisory-233.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-233.html" - }, - { - "name" : "DSA-4050", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4050" - }, - { - "name" : "100826", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100826" - }, - { - "name" : "1039350", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it (including domain creation / destruction, ballooning, device changes, etc.)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039350", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039350" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-233.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-233.html" + }, + { + "name": "DSA-4050", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4050" + }, + { + "name": "[debian-lts-announce] 20181018 [SECURITY] [DLA 1549-1] xen security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html" + }, + { + "name": "100826", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100826" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14774.json b/2017/14xxx/CVE-2017-14774.json index 6271b04f4c6..c0688f3f70c 100644 --- a/2017/14xxx/CVE-2017-14774.json +++ b/2017/14xxx/CVE-2017-14774.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14774", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14774", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14863.json b/2017/14xxx/CVE-2017-14863.json index ad3c70fabb7..e55ef2cffcc 100644 --- a/2017/14xxx/CVE-2017-14863.json +++ b/2017/14xxx/CVE-2017-14863.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1494443", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1494443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A NULL pointer dereference was discovered in Exiv2::Image::printIFDStructure in image.cpp in Exiv2 0.26. The vulnerability causes a segmentation fault and application crash, which leads to denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1494443", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494443" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15017.json b/2017/15xxx/CVE-2017-15017.json index dd91541338e..ea06ae21ac2 100644 --- a/2017/15xxx/CVE-2017-15017.json +++ b/2017/15xxx/CVE-2017-15017.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/723", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/723" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/723", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/723" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15028.json b/2017/15xxx/CVE-2017-15028.json index e90aeef2903..14cf95e4c7a 100644 --- a/2017/15xxx/CVE-2017-15028.json +++ b/2017/15xxx/CVE-2017-15028.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15028", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15028", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15068.json b/2017/15xxx/CVE-2017-15068.json index 99f98cd5fd7..14b73656f7b 100644 --- a/2017/15xxx/CVE-2017-15068.json +++ b/2017/15xxx/CVE-2017-15068.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15068", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15068", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15441.json b/2017/15xxx/CVE-2017-15441.json index 162304cfff1..3b091979c10 100644 --- a/2017/15xxx/CVE-2017-15441.json +++ b/2017/15xxx/CVE-2017-15441.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15441", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15441", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8224.json b/2017/8xxx/CVE-2017-8224.json index 98ab3bc2901..223032c22c8 100644 --- a/2017/8xxx/CVE-2017-8224.json +++ b/2017/8xxx/CVE-2017-8224.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Mar/23", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Mar/23" - }, - { - "name" : "https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html#backdoor-account", - "refsource" : "MISC", - "url" : "https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html#backdoor-account" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html#backdoor-account", + "refsource": "MISC", + "url": "https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html#backdoor-account" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Mar/23", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Mar/23" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8465.json b/2017/8xxx/CVE-2017-8465.json index e000821f306..4eebacd07a5 100644 --- a/2017/8xxx/CVE-2017-8465.json +++ b/2017/8xxx/CVE-2017-8465.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka \"Win32k Elevation of Privilege Vulnerability.\" This CVE ID is unique from CVE-2017-8468." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Windows", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8465", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8465" - }, - { - "name" : "98843", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98843" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka \"Win32k Elevation of Privilege Vulnerability.\" This CVE ID is unique from CVE-2017-8468." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8465", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8465" + }, + { + "name": "98843", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98843" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8614.json b/2017/8xxx/CVE-2017-8614.json index f0e4ab31c17..3e89a886d32 100644 --- a/2017/8xxx/CVE-2017-8614.json +++ b/2017/8xxx/CVE-2017-8614.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8614", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8614", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9298.json b/2017/9xxx/CVE-2017-9298.json index 80ffaa970cc..d61d831b2b3 100644 --- a/2017/9xxx/CVE-2017-9298.json +++ b/2017/9xxx/CVE-2017-9298.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9298", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9298", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-114/", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-114/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-114/", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-114/" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9969.json b/2017/9xxx/CVE-2017-9969.json index dbaef4513ba..b2011e7b7bf 100644 --- a/2017/9xxx/CVE-2017-9969.json +++ b/2017/9xxx/CVE-2017-9969.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@se.com", - "DATE_PUBLIC" : "2018-02-12T00:00:00", - "ID" : "CVE-2017-9969", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@schneider-electric.com", + "DATE_PUBLIC": "2018-02-12T00:00:00", + "ID": "CVE-2017-9969", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03" - }, - { - "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/", - "refsource" : "CONFIRM", - "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/" - }, - { - "name" : "103046", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in Schneider Electric's IGSS Mobile application version 3.01 and prior. Passwords are stored in clear text in the configuration which can result in exposure of sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103046", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103046" + }, + { + "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/", + "refsource": "CONFIRM", + "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000845.json b/2018/1000xxx/CVE-2018-1000845.json index 3d4ed6ed1ca..2e40e593a19 100644 --- a/2018/1000xxx/CVE-2018-1000845.json +++ b/2018/1000xxx/CVE-2018-1000845.json @@ -1,21 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "DATE_ASSIGNED" : "2018-11-27T13:54:33.482962", - "DATE_REQUESTED" : "2018-11-13T20:17:58", - "ID" : "CVE-2018-1000845", - "REQUESTER" : "krzysztof@burghardt.pl", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultID: CVE-2017-6519. Reason: This candidate is a duplicate of CVE-2017-6519. Notes: All CVE users should reference CVE-2017-6519 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-1000845", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultID: CVE-2017-6519. Reason: This candidate is a duplicate of CVE-2017-6519. Notes: All CVE users should reference CVE-2017-6519 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000877.json b/2018/1000xxx/CVE-2018-1000877.json index 13f8be713c2..ef1e1b893aa 100644 --- a/2018/1000xxx/CVE-2018-1000877.json +++ b/2018/1000xxx/CVE-2018-1000877.json @@ -1,95 +1,95 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-12-19T20:52:45.246062", - "DATE_REQUESTED" : "2018-12-13T08:59:54", - "ID" : "CVE-2018-1000877", - "REQUESTER" : "dja@axtens.net", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "libarchive", - "version" : { - "version_data" : [ - { - "version_value" : "commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards)" - } - ] - } - } - ] - }, - "vendor_name" : "libarchive" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-415: Double Free" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-12-19T20:52:45.246062", + "DATE_REQUESTED": "2018-12-13T08:59:54", + "ID": "CVE-2018-1000877", + "REQUESTER": "dja@axtens.net", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181221 [SECURITY] [DLA 1612-1] libarchive security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00011.html" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909" - }, - { - "name" : "https://github.com/libarchive/libarchive/pull/1105", - "refsource" : "MISC", - "url" : "https://github.com/libarchive/libarchive/pull/1105" - }, - { - "name" : "https://github.com/libarchive/libarchive/pull/1105/commits/021efa522ad729ff0f5806c4ce53e4a6cc1daa31", - "refsource" : "MISC", - "url" : "https://github.com/libarchive/libarchive/pull/1105/commits/021efa522ad729ff0f5806c4ce53e4a6cc1daa31" - }, - { - "name" : "DSA-4360", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4360" - }, - { - "name" : "USN-3859-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3859-1/" - }, - { - "name" : "106324", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3859-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3859-1/" + }, + { + "name": "[debian-lts-announce] 20181221 [SECURITY] [DLA 1612-1] libarchive security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00011.html" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909" + }, + { + "name": "DSA-4360", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4360" + }, + { + "name": "https://github.com/libarchive/libarchive/pull/1105/commits/021efa522ad729ff0f5806c4ce53e4a6cc1daa31", + "refsource": "MISC", + "url": "https://github.com/libarchive/libarchive/pull/1105/commits/021efa522ad729ff0f5806c4ce53e4a6cc1daa31" + }, + { + "name": "https://github.com/libarchive/libarchive/pull/1105", + "refsource": "MISC", + "url": "https://github.com/libarchive/libarchive/pull/1105" + }, + { + "name": "106324", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106324" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12047.json b/2018/12xxx/CVE-2018-12047.json index bdf5905a6c3..06211f2afbc 100644 --- a/2018/12xxx/CVE-2018-12047.json +++ b/2018/12xxx/CVE-2018-12047.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n, as demonstrated by n equal to 0 through 12." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/XIMDEX/ximdex/issues/147", - "refsource" : "MISC", - "url" : "https://github.com/XIMDEX/ximdex/issues/147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n, as demonstrated by n equal to 0 through 12." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/XIMDEX/ximdex/issues/147", + "refsource": "MISC", + "url": "https://github.com/XIMDEX/ximdex/issues/147" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12400.json b/2018/12xxx/CVE-2018-12400.json index 96e9421a951..0fff693c207 100644 --- a/2018/12xxx/CVE-2018-12400.json +++ b/2018/12xxx/CVE-2018-12400.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-12400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "63" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing sessions. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Favicons are cached in private browsing mode on Firefox for Android" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-12400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "63" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1448305", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1448305" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-26/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-26/" - }, - { - "name" : "105721", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105721" - }, - { - "name" : "1041944", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing sessions. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Favicons are cached in private browsing mode on Firefox for Android" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1448305", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1448305" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-26/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-26/" + }, + { + "name": "105721", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105721" + }, + { + "name": "1041944", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041944" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12843.json b/2018/12xxx/CVE-2018-12843.json index 2b700d60264..4abeefe76bd 100644 --- a/2018/12xxx/CVE-2018-12843.json +++ b/2018/12xxx/CVE-2018-12843.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105439" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "105439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105439" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12858.json b/2018/12xxx/CVE-2018-12858.json index 21f7aedf7f5..f2f84e707d1 100644 --- a/2018/12xxx/CVE-2018-12858.json +++ b/2018/12xxx/CVE-2018-12858.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Type Confusion" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105443", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105443" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "105443", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105443" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13862.json b/2018/13xxx/CVE-2018-13862.json index c73da777a93..b6052dc7054 100644 --- a/2018/13xxx/CVE-2018-13862.json +++ b/2018/13xxx/CVE-2018-13862.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attackers to reset the authentication via the \"/xml/system/setAttribute.xml\" URL, using the GET request \"?id=0&attr=protectAccess&newValue=0\" (a successful attack will allow attackers to login without authorization)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45063", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45063/" - }, - { - "name" : "https://vulncode.com/advisory/CVE-2018-13862", - "refsource" : "MISC", - "url" : "https://vulncode.com/advisory/CVE-2018-13862" - }, - { - "name" : "http://update.trivum.com/update/tp9-changes.html", - "refsource" : "CONFIRM", - "url" : "http://update.trivum.com/update/tp9-changes.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attackers to reset the authentication via the \"/xml/system/setAttribute.xml\" URL, using the GET request \"?id=0&attr=protectAccess&newValue=0\" (a successful attack will allow attackers to login without authorization)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45063", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45063/" + }, + { + "name": "http://update.trivum.com/update/tp9-changes.html", + "refsource": "CONFIRM", + "url": "http://update.trivum.com/update/tp9-changes.html" + }, + { + "name": "https://vulncode.com/advisory/CVE-2018-13862", + "refsource": "MISC", + "url": "https://vulncode.com/advisory/CVE-2018-13862" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16293.json b/2018/16xxx/CVE-2018-16293.json index 72cb4bcbe0f..f865e1de264 100644 --- a/2018/16xxx/CVE-2018-16293.json +++ b/2018/16xxx/CVE-2018-16293.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - }, - { - "name" : "1041769", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041769" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16294, CVE-2018-16295, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "1041769", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041769" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16647.json b/2018/16xxx/CVE-2018-16647.json index 986ad9e9285..4f6ddb7b52c 100644 --- a/2018/16xxx/CVE-2018-16647.json +++ b/2018/16xxx/CVE-2018-16647.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=699686", - "refsource" : "MISC", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=699686" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted pdf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=699686", + "refsource": "MISC", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=699686" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16770.json b/2018/16xxx/CVE-2018-16770.json index 1c088f8edcf..323760b3b7c 100644 --- a/2018/16xxx/CVE-2018-16770.json +++ b/2018/16xxx/CVE-2018-16770.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because a certain new_allocator allocate call fails." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AndrewScheidecker/WAVM/issues/100", - "refsource" : "MISC", - "url" : "https://github.com/AndrewScheidecker/WAVM/issues/100" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because a certain new_allocator allocate call fails." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AndrewScheidecker/WAVM/issues/100", + "refsource": "MISC", + "url": "https://github.com/AndrewScheidecker/WAVM/issues/100" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16848.json b/2018/16xxx/CVE-2018-16848.json index ff5b5e24760..1f989ba2cea 100644 --- a/2018/16xxx/CVE-2018-16848.json +++ b/2018/16xxx/CVE-2018-16848.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16848", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16848", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18898.json b/2018/18xxx/CVE-2018-18898.json index 284617bf02e..9a6e99da587 100644 --- a/2018/18xxx/CVE-2018-18898.json +++ b/2018/18xxx/CVE-2018-18898.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18898", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "FEDORA", + "name": "FEDORA-2019-73cbc02e14", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPJVDT77ZPRU5Z2BEMZM7EBY6WZHUATZ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-ef5551fcff", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YR46PPHBEM76DNN4DEQMAYIKLCO3TQU2/" + }, + { + "refsource": "CONFIRM", + "name": "https://bestpractical.com/download-page", + "url": "https://bestpractical.com/download-page" } ] } diff --git a/2018/4xxx/CVE-2018-4472.json b/2018/4xxx/CVE-2018-4472.json index f3e2120e082..56ccdab23a5 100644 --- a/2018/4xxx/CVE-2018-4472.json +++ b/2018/4xxx/CVE-2018-4472.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4472", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4472", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4980.json b/2018/4xxx/CVE-2018-4980.json index 0688472d57c..df31c76c611 100644 --- a/2018/4xxx/CVE-2018-4980.json +++ b/2018/4xxx/CVE-2018-4980.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4980", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" - }, - { - "name" : "104169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104169" - }, - { - "name" : "1040920", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104169" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" + }, + { + "name": "1040920", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040920" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4990.json b/2018/4xxx/CVE-2018-4990.json index 3fe1f3c0060..b5aceed865a 100644 --- a/2018/4xxx/CVE-2018-4990.json +++ b/2018/4xxx/CVE-2018-4990.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Double Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" - }, - { - "name" : "104167", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104167" - }, - { - "name" : "1040920", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Double Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" + }, + { + "name": "1040920", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040920" + }, + { + "name": "104167", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104167" + } + ] + } +} \ No newline at end of file