diff --git a/2003/0xxx/CVE-2003-0999.json b/2003/0xxx/CVE-2003-0999.json index 3e695dee40f..099aecea49e 100644 --- a/2003/0xxx/CVE-2003-0999.json +++ b/2003/0xxx/CVE-2003-0999.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0999", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "57451", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57451" - }, - { - "name" : "oval:org.mitre.oval:def:4098", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57451", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57451" + }, + { + "name": "oval:org.mitre.oval:def:4098", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4098" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1267.json b/2003/1xxx/CVE-2003-1267.json index a15c4d4623b..48533ea6159 100644 --- a/2003/1xxx/CVE-2003-1267.json +++ b/2003/1xxx/CVE-2003-1267.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GuildFTPd 0.999 allows remote attackers to cause a denial of service (crash) via a GET request for MS-DOS device names such as lpt1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/windowsntfocus/5SP030A8UO.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/5SP030A8UO.html" - }, - { - "name" : "1005864", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1005864" - }, - { - "name" : "guildftpd-aux-port-dos(10964)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10964.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GuildFTPd 0.999 allows remote attackers to cause a denial of service (crash) via a GET request for MS-DOS device names such as lpt1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securiteam.com/windowsntfocus/5SP030A8UO.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/5SP030A8UO.html" + }, + { + "name": "1005864", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1005864" + }, + { + "name": "guildftpd-aux-port-dos(10964)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10964.php" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1278.json b/2003/1xxx/CVE-2003-1278.json index b42d2993ba3..057ba9e2250 100644 --- a/2003/1xxx/CVE-2003-1278.json +++ b/2003/1xxx/CVE-2003-1278.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into IMG tags." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030104 OpenTopic security hole", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/305232" - }, - { - "name" : "opentopic-img-xss(10985)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10985.php" - }, - { - "name" : "6523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6523" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into IMG tags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6523" + }, + { + "name": "20030104 OpenTopic security hole", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/305232" + }, + { + "name": "opentopic-img-xss(10985)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10985.php" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1580.json b/2003/1xxx/CVE-2003-1580.json index a3447856032..aef26c2b527 100644 --- a/2003/1xxx/CVE-2003-1580.json +++ b/2003/1xxx/CVE-2003-1580.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030304 Log corruption on multiple webservers, log analyzers,...", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/313867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030304 Log corruption on multiple webservers, log analyzers,...", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/313867" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0450.json b/2004/0xxx/CVE-2004-0450.json index e9ce5f4cfd1..924226367e9 100644 --- a/2004/0xxx/CVE-2004-0450.json +++ b/2004/0xxx/CVE-2004-0450.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the printlog function in log2mail before 0.2.5.2 allows local users or remote attackers to execute arbitrary code via format string specifiers in a logfile monitored by log2mail." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://felinemenace.org/~jaguar/advisories/log2mail.txt", - "refsource" : "MISC", - "url" : "http://felinemenace.org/~jaguar/advisories/log2mail.txt" - }, - { - "name" : "DSA-513", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-513" - }, - { - "name" : "10460", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10460" - }, - { - "name" : "6711", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/6711" - }, - { - "name" : "11768", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11768" - }, - { - "name" : "11769", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11769" - }, - { - "name" : "log2mail-syslog-format-string(16311)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16311" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the printlog function in log2mail before 0.2.5.2 allows local users or remote attackers to execute arbitrary code via format string specifiers in a logfile monitored by log2mail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10460", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10460" + }, + { + "name": "DSA-513", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-513" + }, + { + "name": "http://felinemenace.org/~jaguar/advisories/log2mail.txt", + "refsource": "MISC", + "url": "http://felinemenace.org/~jaguar/advisories/log2mail.txt" + }, + { + "name": "6711", + "refsource": "OSVDB", + "url": "http://osvdb.org/6711" + }, + { + "name": "11769", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11769" + }, + { + "name": "log2mail-syslog-format-string(16311)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16311" + }, + { + "name": "11768", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11768" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0631.json b/2004/0xxx/CVE-2004-0631.json index 364fff8a911..6979b787da2 100644 --- a/2004/0xxx/CVE-2004-0631.json +++ b/2004/0xxx/CVE-2004-0631.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via a long filename for the PDF file that is provided to the uudecode command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040812 Adobe Acrobat Reader (Unix) 5.0 Uudecode Filename Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=125&type=vulnerabilities" - }, - { - "name" : "http://www.adobe.com/support/techdocs/322914.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/techdocs/322914.html" - }, - { - "name" : "GLSA-200408-14", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200408-14.xml" - }, - { - "name" : "RHSA-2004:432", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-432.html" - }, - { - "name" : "10932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10932" - }, - { - "name" : "adobe-acrobat-uudecode-bo(16972)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via a long filename for the PDF file that is provided to the uudecode command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "adobe-acrobat-uudecode-bo(16972)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16972" + }, + { + "name": "10932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10932" + }, + { + "name": "RHSA-2004:432", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-432.html" + }, + { + "name": "http://www.adobe.com/support/techdocs/322914.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/techdocs/322914.html" + }, + { + "name": "20040812 Adobe Acrobat Reader (Unix) 5.0 Uudecode Filename Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=125&type=vulnerabilities" + }, + { + "name": "GLSA-200408-14", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200408-14.xml" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0686.json b/2004/0xxx/CVE-2004-0686.json index ff21f45ac67..4dd95d57c1b 100644 --- a/2004/0xxx/CVE-2004-0686.json +++ b/2004/0xxx/CVE-2004-0686.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the \"mangling method = hash\" option is enabled in smb.conf, has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040722 Security Release - Samba 3.0.5 and 2.2.10", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109051340810458&w=2" - }, - { - "name" : "CLA-2004:851", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000851" - }, - { - "name" : "CLA-2004:854", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000854" - }, - { - "name" : "FLSA:2102", - "refsource" : "FEDORA", - "url" : "http://marc.info/?l=bugtraq&m=109785827607823&w=2" - }, - { - "name" : "GLSA-200407-21", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200407-21.xml" - }, - { - "name" : "SSRT4782", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=109094272328981&w=2" - }, - { - "name" : "MDKSA-2004:071", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:071" - }, - { - "name" : "RHSA-2004:259", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-259.html" - }, - { - "name" : "101584", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101584-1" - }, - { - "name" : "57664", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57664-1" - }, - { - "name" : "SUSE-SA:2004:022", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_22_samba.html" - }, - { - "name" : "2004-0039", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2004/0039/" - }, - { - "name" : "20040722 [OpenPKG-SA-2004.033] OpenPKG Security Advisory (samba)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109051533021376&w=2" - }, - { - "name" : "20040722 TSSA-2004-014 - samba", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109052891507263&w=2" - }, - { - "name" : "oval:org.mitre.oval:def:10461", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10461" - }, - { - "name" : "samba-mangling-method-bo(16786)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16786" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the \"mangling method = hash\" option is enabled in smb.conf, has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2004-0039", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2004/0039/" + }, + { + "name": "CLA-2004:851", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000851" + }, + { + "name": "RHSA-2004:259", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-259.html" + }, + { + "name": "20040722 TSSA-2004-014 - samba", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109052891507263&w=2" + }, + { + "name": "CLA-2004:854", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000854" + }, + { + "name": "20040722 [OpenPKG-SA-2004.033] OpenPKG Security Advisory (samba)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109051533021376&w=2" + }, + { + "name": "SUSE-SA:2004:022", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_22_samba.html" + }, + { + "name": "20040722 Security Release - Samba 3.0.5 and 2.2.10", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109051340810458&w=2" + }, + { + "name": "MDKSA-2004:071", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:071" + }, + { + "name": "FLSA:2102", + "refsource": "FEDORA", + "url": "http://marc.info/?l=bugtraq&m=109785827607823&w=2" + }, + { + "name": "samba-mangling-method-bo(16786)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16786" + }, + { + "name": "SSRT4782", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=109094272328981&w=2" + }, + { + "name": "GLSA-200407-21", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200407-21.xml" + }, + { + "name": "57664", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57664-1" + }, + { + "name": "101584", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101584-1" + }, + { + "name": "oval:org.mitre.oval:def:10461", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10461" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0789.json b/2004/0xxx/CVE-2004-0789.json index cceb9cd10c4..17b352e4724 100644 --- a/2004/0xxx/CVE-2004-0789.json +++ b/2004/0xxx/CVE-2004-0789.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en", - "refsource" : "MISC", - "url" : "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en" - }, - { - "name" : "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf", - "refsource" : "MISC", - "url" : "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf" - }, - { - "name" : "http://www.posadis.org/advisories/pos_adv_006.txt", - "refsource" : "CONFIRM", - "url" : "http://www.posadis.org/advisories/pos_adv_006.txt" - }, - { - "name" : "11642", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11642" - }, - { - "name" : "1012157", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012157" - }, - { - "name" : "13145", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13145" - }, - { - "name" : "dns-localhost-dos(17997)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13145", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13145" + }, + { + "name": "dns-localhost-dos(17997)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17997" + }, + { + "name": "1012157", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012157" + }, + { + "name": "11642", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11642" + }, + { + "name": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en", + "refsource": "MISC", + "url": "http://www.niscc.gov.uk/niscc/docs/al-20041130-00862.html?lang=en" + }, + { + "name": "http://www.posadis.org/advisories/pos_adv_006.txt", + "refsource": "CONFIRM", + "url": "http://www.posadis.org/advisories/pos_adv_006.txt" + }, + { + "name": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf", + "refsource": "MISC", + "url": "http://www.niscc.gov.uk/niscc/docs/re-20041109-00957.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1023.json b/2004/1xxx/CVE-2004-1023.json index d13e05eb8d0..a9f837dba9b 100644 --- a/2004/1xxx/CVE-2004-1023.json +++ b/2004/1xxx/CVE-2004-1023.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041214 [CAN-2004-1023] Insecure default file system permissions on Microsoft versions of Kerio Software", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110305387813002&w=2" - }, - { - "name" : "kerio-insecure-permissions(18471)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18471" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "kerio-insecure-permissions(18471)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18471" + }, + { + "name": "20041214 [CAN-2004-1023] Insecure default file system permissions on Microsoft versions of Kerio Software", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110305387813002&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1169.json b/2004/1xxx/CVE-2004-1169.json index 6de6d50b11f..3e649bd925a 100644 --- a/2004/1xxx/CVE-2004-1169.json +++ b/2004/1xxx/CVE-2004-1169.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (application crash) via an HTTP GET request for a file that does not exist, followed by two carriage returns, which causes a NULL dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041207 MaxDB WebTools <= 7.5.00.18 buffer overflow and Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110244542000340&w=2" - }, - { - "name" : "maxdb-dos(18387)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18387" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (application crash) via an HTTP GET request for a file that does not exist, followed by two carriage returns, which causes a NULL dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041207 MaxDB WebTools <= 7.5.00.18 buffer overflow and Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110244542000340&w=2" + }, + { + "name": "maxdb-dos(18387)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18387" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1266.json b/2004/1xxx/CVE-2004-1266.json index 31c3300c9fc..10db496e77b 100644 --- a/2004/1xxx/CVE-2004-1266.json +++ b/2004/1xxx/CVE-2004-1266.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the get_field_headers function in csv2xml.cpp for csv2xml 0.5.1 allows remote attackers to execute arbitrary code via a crafted CSV file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tigger.uic.edu/~jlongs2/holes/csv2xml.txt", - "refsource" : "MISC", - "url" : "http://tigger.uic.edu/~jlongs2/holes/csv2xml.txt" - }, - { - "name" : "csv2xml-getfieldheaders-bo(18602)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the get_field_headers function in csv2xml.cpp for csv2xml 0.5.1 allows remote attackers to execute arbitrary code via a crafted CSV file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tigger.uic.edu/~jlongs2/holes/csv2xml.txt", + "refsource": "MISC", + "url": "http://tigger.uic.edu/~jlongs2/holes/csv2xml.txt" + }, + { + "name": "csv2xml-getfieldheaders-bo(18602)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18602" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1563.json b/2004/1xxx/CVE-2004-1563.json index b1d0a295333..555d433fe51 100644 --- a/2004/1xxx/CVE-2004-1563.json +++ b/2004/1xxx/CVE-2004-1563.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forgot_password.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040930 Multiple vulnerabilities in w-agora forum", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109655691512298&w=2" - }, - { - "name" : "20040930 Multiple vulnerabilities in w-agora forum", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/027040.html" - }, - { - "name" : "11283", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11283" - }, - { - "name" : "1011463", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011463" - }, - { - "name" : "12695", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12695" - }, - { - "name" : "wagora-get-post-xss(17553)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17553" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forgot_password.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wagora-get-post-xss(17553)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17553" + }, + { + "name": "1011463", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011463" + }, + { + "name": "12695", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12695" + }, + { + "name": "11283", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11283" + }, + { + "name": "20040930 Multiple vulnerabilities in w-agora forum", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109655691512298&w=2" + }, + { + "name": "20040930 Multiple vulnerabilities in w-agora forum", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/027040.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1990.json b/2004/1xxx/CVE-2004-1990.json index f8d87a98222..d33da702026 100644 --- a/2004/1xxx/CVE-2004-1990.json +++ b/2004/1xxx/CVE-2004-1990.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1990", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive information via an arbitrary character, which reveals the full path and the user running the aweb process, possibly due to a malformed request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040503 Multible_Vulnerabilites_in_Aldos_Webserver", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108360629031227&w=2" - }, - { - "name" : "http://www.oliverkarow.de/research/AldosWebserverMultipleVulns.txt", - "refsource" : "MISC", - "url" : "http://www.oliverkarow.de/research/AldosWebserverMultipleVulns.txt" - }, - { - "name" : "10262", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10262" - }, - { - "name" : "5880", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5880" - }, - { - "name" : "11542", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11542" - }, - { - "name" : "aweb-path-disclosure(16047)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive information via an arbitrary character, which reveals the full path and the user running the aweb process, possibly due to a malformed request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10262", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10262" + }, + { + "name": "20040503 Multible_Vulnerabilites_in_Aldos_Webserver", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108360629031227&w=2" + }, + { + "name": "11542", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11542" + }, + { + "name": "5880", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5880" + }, + { + "name": "aweb-path-disclosure(16047)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16047" + }, + { + "name": "http://www.oliverkarow.de/research/AldosWebserverMultipleVulns.txt", + "refsource": "MISC", + "url": "http://www.oliverkarow.de/research/AldosWebserverMultipleVulns.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2039.json b/2004/2xxx/CVE-2004-2039.json index dcdeb6585fe..6136ea752ab 100644 --- a/2004/2xxx/CVE-2004-2039.json +++ b/2004/2xxx/CVE-2004-2039.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108588043007224&w=2" - }, - { - "name" : "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=108586723116427&w=2" - }, - { - "name" : "http://www.waraxe.us/index.php?modname=sa&id=31", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/index.php?modname=sa&id=31" - }, - { - "name" : "10436", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10436" - }, - { - "name" : "6525", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6525" - }, - { - "name" : "11740", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11740" - }, - { - "name" : "e107-multiplescripts-path-disclosure(16277)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "e107-multiplescripts-path-disclosure(16277)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16277" + }, + { + "name": "http://www.waraxe.us/index.php?modname=sa&id=31", + "refsource": "MISC", + "url": "http://www.waraxe.us/index.php?modname=sa&id=31" + }, + { + "name": "10436", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10436" + }, + { + "name": "6525", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6525" + }, + { + "name": "11740", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11740" + }, + { + "name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108588043007224&w=2" + }, + { + "name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=108586723116427&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2240.json b/2004/2xxx/CVE-2004-2240.json index 15c0b2c85ee..c4066340dfe 100644 --- a/2004/2xxx/CVE-2004-2240.json +++ b/2004/2xxx/CVE-2004-2240.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.maxpatrol.com/advdetails.asp?id=15", - "refsource" : "MISC", - "url" : "http://www.maxpatrol.com/advdetails.asp?id=15" - }, - { - "name" : "http://www.maxpatrol.com/mp_advisory.asp", - "refsource" : "MISC", - "url" : "http://www.maxpatrol.com/mp_advisory.asp" - }, - { - "name" : "http://phorum.org/cvs-changelog-5.txt", - "refsource" : "CONFIRM", - "url" : "http://phorum.org/cvs-changelog-5.txt" - }, - { - "name" : "11538", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11538" - }, - { - "name" : "11129", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11129" - }, - { - "name" : "1011921", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011921" - }, - { - "name" : "12980", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12980" - }, - { - "name" : "phorum-sql-injection(17847)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.maxpatrol.com/mp_advisory.asp", + "refsource": "MISC", + "url": "http://www.maxpatrol.com/mp_advisory.asp" + }, + { + "name": "http://phorum.org/cvs-changelog-5.txt", + "refsource": "CONFIRM", + "url": "http://phorum.org/cvs-changelog-5.txt" + }, + { + "name": "11538", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11538" + }, + { + "name": "http://www.maxpatrol.com/advdetails.asp?id=15", + "refsource": "MISC", + "url": "http://www.maxpatrol.com/advdetails.asp?id=15" + }, + { + "name": "1011921", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011921" + }, + { + "name": "11129", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11129" + }, + { + "name": "phorum-sql-injection(17847)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17847" + }, + { + "name": "12980", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12980" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2455.json b/2004/2xxx/CVE-2004-2455.json index dea0a04ca20..f76f389a576 100644 --- a/2004/2xxx/CVE-2004-2455.json +++ b/2004/2xxx/CVE-2004-2455.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows remote attackers to obtain sensitive information and gain privileges by using TFTP to download the nvram file, then extracting the username, password, and other data from the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040512 Sweex 802.11g router/accesspoint config disclosure / remote config", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0574.html" - }, - { - "name" : "10339", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10339" - }, - { - "name" : "6109", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6109" - }, - { - "name" : "1010143", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/alerts/2004/May/1010143.html" - }, - { - "name" : "11603", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11603" - }, - { - "name" : "sweex-router-obtain-information(16140)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows remote attackers to obtain sensitive information and gain privileges by using TFTP to download the nvram file, then extracting the username, password, and other data from the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10339", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10339" + }, + { + "name": "6109", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6109" + }, + { + "name": "sweex-router-obtain-information(16140)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16140" + }, + { + "name": "11603", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11603" + }, + { + "name": "1010143", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/alerts/2004/May/1010143.html" + }, + { + "name": "20040512 Sweex 802.11g router/accesspoint config disclosure / remote config", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0574.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2019.json b/2008/2xxx/CVE-2008-2019.json index 5d85e1ba300..0a375c7fc07 100644 --- a/2008/2xxx/CVE-2008-2019.json +++ b/2008/2xxx/CVE-2008-2019.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Simple Machines Forum (SMF), probably 1.1.4, relies on \"randomly generated static\" to hinder brute-force attacks on the WAV file (aka audio) CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated attack that considers Hamming distances. NOTE: this issue reportedly exists because of an insufficient fix for CVE-2007-3308." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080419 Deciphering the Simple Machines Forum audio Captcha", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491128/100/0/threaded" - }, - { - "name" : "http://www.rooksecurity.com/blog/?p=6", - "refsource" : "MISC", - "url" : "http://www.rooksecurity.com/blog/?p=6" - }, - { - "name" : "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3&topic=236816.0", - "refsource" : "CONFIRM", - "url" : "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3&topic=236816.0" - }, - { - "name" : "28866", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28866" - }, - { - "name" : "3836", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3836" - }, - { - "name" : "smf-captcha-weak-security(42150)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Simple Machines Forum (SMF), probably 1.1.4, relies on \"randomly generated static\" to hinder brute-force attacks on the WAV file (aka audio) CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated attack that considers Hamming distances. NOTE: this issue reportedly exists because of an insufficient fix for CVE-2007-3308." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "smf-captcha-weak-security(42150)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42150" + }, + { + "name": "3836", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3836" + }, + { + "name": "28866", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28866" + }, + { + "name": "20080419 Deciphering the Simple Machines Forum audio Captcha", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491128/100/0/threaded" + }, + { + "name": "http://www.rooksecurity.com/blog/?p=6", + "refsource": "MISC", + "url": "http://www.rooksecurity.com/blog/?p=6" + }, + { + "name": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3&topic=236816.0", + "refsource": "CONFIRM", + "url": "http://www.simplemachines.org/community/index.php?P=c3696c2022b54fa50c5f341bf5710aa3&topic=236816.0" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2136.json b/2008/2xxx/CVE-2008-2136.json index 74267e934d1..9b80e3c0372 100644 --- a/2008/2xxx/CVE-2008-2136.json +++ b/2008/2xxx/CVE-2008-2136.json @@ -1,252 +1,252 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20080509 Re: When should kfree_skb be used?", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=linux-netdev&m=121031533024912&w=2" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3" - }, - { - "name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0169", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0169" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-362.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-362.htm" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.5", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.5" - }, - { - "name" : "DSA-1588", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1588" - }, - { - "name" : "FEDORA-2008-3949", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00294.html" - }, - { - "name" : "MDVSA-2008:167", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:167" - }, - { - "name" : "MDVSA-2008:174", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:174" - }, - { - "name" : "RHSA-2008:0607", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0607.html" - }, - { - "name" : "RHSA-2008:0612", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0612.html" - }, - { - "name" : "RHSA-2008:0585", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0585.html" - }, - { - "name" : "RHSA-2008:0973", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0973.html" - }, - { - "name" : "RHSA-2008:0787", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0787.html" - }, - { - "name" : "SUSE-SA:2008:030", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html" - }, - { - "name" : "SUSE-SA:2008:032", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html" - }, - { - "name" : "USN-625-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-625-1" - }, - { - "name" : "29235", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29235" - }, - { - "name" : "oval:org.mitre.oval:def:11038", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11038" - }, - { - "name" : "oval:org.mitre.oval:def:6503", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6503" - }, - { - "name" : "30499", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30499" - }, - { - "name" : "ADV-2008-1543", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1543/references" - }, - { - "name" : "1020118", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020118" - }, - { - "name" : "30198", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30198" - }, - { - "name" : "30241", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30241" - }, - { - "name" : "30276", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30276" - }, - { - "name" : "30368", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30368" - }, - { - "name" : "30818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30818" - }, - { - "name" : "30962", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30962" - }, - { - "name" : "31107", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31107" - }, - { - "name" : "31198", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31198" - }, - { - "name" : "31341", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31341" - }, - { - "name" : "31628", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31628" - }, - { - "name" : "31689", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31689" - }, - { - "name" : "33201", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33201" - }, - { - "name" : "33280", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33280" - }, - { - "name" : "ADV-2008-1716", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1716/references" - }, - { - "name" : "linux-kernel-ipip6rcv-dos(42451)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42451" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020118", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020118" + }, + { + "name": "30276", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30276" + }, + { + "name": "30962", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30962" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0169", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0169" + }, + { + "name": "31198", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31198" + }, + { + "name": "30368", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30368" + }, + { + "name": "MDVSA-2008:167", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:167" + }, + { + "name": "31341", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31341" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.5", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.5" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.3" + }, + { + "name": "ADV-2008-1716", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1716/references" + }, + { + "name": "RHSA-2008:0607", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0607.html" + }, + { + "name": "30499", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30499" + }, + { + "name": "linux-kernel-ipip6rcv-dos(42451)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42451" + }, + { + "name": "30198", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30198" + }, + { + "name": "DSA-1588", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1588" + }, + { + "name": "33280", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33280" + }, + { + "name": "31689", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31689" + }, + { + "name": "29235", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29235" + }, + { + "name": "RHSA-2008:0585", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0585.html" + }, + { + "name": "oval:org.mitre.oval:def:6503", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6503" + }, + { + "name": "oval:org.mitre.oval:def:11038", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11038" + }, + { + "name": "[linux-kernel] 20080509 Re: When should kfree_skb be used?", + "refsource": "MLIST", + "url": "http://marc.info/?l=linux-netdev&m=121031533024912&w=2" + }, + { + "name": "30241", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30241" + }, + { + "name": "MDVSA-2008:174", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:174" + }, + { + "name": "31107", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31107" + }, + { + "name": "RHSA-2008:0973", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0973.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-362.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-362.htm" + }, + { + "name": "RHSA-2008:0612", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0612.html" + }, + { + "name": "31628", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31628" + }, + { + "name": "USN-625-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-625-1" + }, + { + "name": "FEDORA-2008-3949", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00294.html" + }, + { + "name": "RHSA-2008:0787", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0787.html" + }, + { + "name": "ADV-2008-1543", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1543/references" + }, + { + "name": "SUSE-SA:2008:030", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html" + }, + { + "name": "30818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30818" + }, + { + "name": "33201", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33201" + }, + { + "name": "SUSE-SA:2008:032", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2483.json b/2008/2xxx/CVE-2008-2483.json index 98f094f31a8..9d448d011d1 100644 --- a/2008/2xxx/CVE-2008-2483.json +++ b/2008/2xxx/CVE-2008-2483.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in Xomol CMS 1.20071213 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the op parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5673", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5673" - }, - { - "name" : "29359", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29359" - }, - { - "name" : "ADV-2008-1644", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1644/references" - }, - { - "name" : "30374", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30374" - }, - { - "name" : "xomolcms-index-file-include(42632)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in Xomol CMS 1.20071213 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the op parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29359", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29359" + }, + { + "name": "5673", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5673" + }, + { + "name": "ADV-2008-1644", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1644/references" + }, + { + "name": "xomolcms-index-file-include(42632)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42632" + }, + { + "name": "30374", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30374" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6133.json b/2008/6xxx/CVE-2008-6133.json index 1b6ad9dd89c..5e7a6487944 100644 --- a/2008/6xxx/CVE-2008-6133.json +++ b/2008/6xxx/CVE-2008-6133.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in arsaprint.php in Full PHP Emlak Script allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3942." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6659", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6659" - }, - { - "name" : "fullphpemlak-arsaprint-sql-injection(45643)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45643" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in arsaprint.php in Full PHP Emlak Script allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3942." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6659", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6659" + }, + { + "name": "fullphpemlak-arsaprint-sql-injection(45643)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45643" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6209.json b/2008/6xxx/CVE-2008-6209.json index 39c9969973f..254efff62fc 100644 --- a/2008/6xxx/CVE-2008-6209.json +++ b/2008/6xxx/CVE-2008-6209.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in view_product.php in Vastal I-Tech Software Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5359", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5359" - }, - { - "name" : "6377", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6377" - }, - { - "name" : "28620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28620" - }, - { - "name" : "softwarezone-viewproduct-sql-injection(41666)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41666" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in view_product.php in Vastal I-Tech Software Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6377", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6377" + }, + { + "name": "5359", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5359" + }, + { + "name": "28620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28620" + }, + { + "name": "softwarezone-viewproduct-sql-injection(41666)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41666" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6583.json b/2008/6xxx/CVE-2008-6583.json index 2a80d495527..8d98552f3f2 100644 --- a/2008/6xxx/CVE-2008-6583.json +++ b/2008/6xxx/CVE-2008-6583.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in BS.player 2.27 build 959 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .SRT file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5455", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5455" - }, - { - "name" : "28811", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28811" - }, - { - "name" : "ADV-2008-1243", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1243/references" - }, - { - "name" : "bsplayer-srt-bo(41841)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41841" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in BS.player 2.27 build 959 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .SRT file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28811", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28811" + }, + { + "name": "5455", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5455" + }, + { + "name": "bsplayer-srt-bo(41841)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41841" + }, + { + "name": "ADV-2008-1243", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1243/references" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6724.json b/2008/6xxx/CVE-2008-6724.json index 139c5dd60af..572be4a4cc6 100644 --- a/2008/6xxx/CVE-2008-6724.json +++ b/2008/6xxx/CVE-2008-6724.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.pl in Perl Nopaste 1.0 allows remote attackers to inject arbitrary web script or HTML via the language parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=237095&release_id=649688", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=237095&release_id=649688" - }, - { - "name" : "33036", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33036" - }, - { - "name" : "51010", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51010" - }, - { - "name" : "33251", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33251" - }, - { - "name" : "perlnopaste-index-xss(47627)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.pl in Perl Nopaste 1.0 allows remote attackers to inject arbitrary web script or HTML via the language parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51010", + "refsource": "OSVDB", + "url": "http://osvdb.org/51010" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=237095&release_id=649688", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=237095&release_id=649688" + }, + { + "name": "33251", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33251" + }, + { + "name": "perlnopaste-index-xss(47627)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47627" + }, + { + "name": "33036", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33036" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6928.json b/2008/6xxx/CVE-2008-6928.json index 35ab9058cda..f63a64e2b2f 100644 --- a/2008/6xxx/CVE-2008-6928.json +++ b/2008/6xxx/CVE-2008-6928.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in PHPStore Complete Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in classifieds1/yellow_images/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7084", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7084" - }, - { - "name" : "50294", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50294" - }, - { - "name" : "32626", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32626" - }, - { - "name" : "ADV-2008-3100", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3100" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in PHPStore Complete Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in classifieds1/yellow_images/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50294", + "refsource": "OSVDB", + "url": "http://osvdb.org/50294" + }, + { + "name": "32626", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32626" + }, + { + "name": "7084", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7084" + }, + { + "name": "ADV-2008-3100", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3100" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1661.json b/2012/1xxx/CVE-2012-1661.json index d8069125560..76abf45ee29 100644 --- a/2012/1xxx/CVE-2012-1661.json +++ b/2012/1xxx/CVE-2012-1661.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "19138", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/19138" - }, - { - "name" : "http://packetstormsecurity.org/files/113644/ESRI-ArcMap-Arbitrary-Code-Execution.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/113644/ESRI-ArcMap-Arbitrary-Code-Execution.html" - }, - { - "name" : "http://www.cs.umb.edu/~joecohen/exploits/CVE-2012-1661/", - "refsource" : "MISC", - "url" : "http://www.cs.umb.edu/~joecohen/exploits/CVE-2012-1661/" - }, - { - "name" : "82986", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/82986" - }, - { - "name" : "1027170", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027170" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "19138", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/19138" + }, + { + "name": "http://packetstormsecurity.org/files/113644/ESRI-ArcMap-Arbitrary-Code-Execution.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/113644/ESRI-ArcMap-Arbitrary-Code-Execution.html" + }, + { + "name": "http://www.cs.umb.edu/~joecohen/exploits/CVE-2012-1661/", + "refsource": "MISC", + "url": "http://www.cs.umb.edu/~joecohen/exploits/CVE-2012-1661/" + }, + { + "name": "1027170", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027170" + }, + { + "name": "82986", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/82986" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5238.json b/2012/5xxx/CVE-2012-5238.json index a9bbaed91f9..7683d2554f8 100644 --- a/2012/5xxx/CVE-2012-5238.json +++ b/2012/5xxx/CVE-2012-5238.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=42989&r2=42988&pathrev=42989", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=42989&r2=42988&pathrev=42989" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=44688&r2=44687&pathrev=44688", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=44688&r2=44687&pathrev=44688" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=42989", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=42989" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44688", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44688" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2012-27.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2012-27.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7316", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7316" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7668", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7668" - }, - { - "name" : "55754", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55754" - }, - { - "name" : "85883", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85883" - }, - { - "name" : "oval:org.mitre.oval:def:15593", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15593" - }, - { - "name" : "1027604", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027604" - }, - { - "name" : "wireshark-ppp-dissector-dos(79010)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7668", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7668" + }, + { + "name": "55754", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55754" + }, + { + "name": "oval:org.mitre.oval:def:15593", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15593" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44688", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44688" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2012-27.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2012-27.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7316", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7316" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=42989&r2=42988&pathrev=42989", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=42989&r2=42988&pathrev=42989" + }, + { + "name": "1027604", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027604" + }, + { + "name": "wireshark-ppp-dissector-dos(79010)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79010" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=44688&r2=44687&pathrev=44688", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ppp.c?r1=44688&r2=44687&pathrev=44688" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=42989", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=42989" + }, + { + "name": "85883", + "refsource": "OSVDB", + "url": "http://osvdb.org/85883" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5535.json b/2012/5xxx/CVE-2012-5535.json index 5dda1f85eba..0a4edcd7e01 100644 --- a/2012/5xxx/CVE-2012-5535.json +++ b/2012/5xxx/CVE-2012-5535.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5535", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5535", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5615.json b/2012/5xxx/CVE-2012-5615.json index 358f9e84dad..a5d42099c42 100644 --- a/2012/5xxx/CVE-2012-5615.json +++ b/2012/5xxx/CVE-2012-5615.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5615", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121201 MySQL Remote Preauth User Enumeration Zeroday", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2012/Dec/9" - }, - { - "name" : "[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/12/02/3" - }, - { - "name" : "[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/12/02/4" - }, - { - "name" : "https://mariadb.atlassian.net/browse/MDEV-3909", - "refsource" : "CONFIRM", - "url" : "https://mariadb.atlassian.net/browse/MDEV-3909" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" - }, - { - "name" : "GLSA-201308-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml" - }, - { - "name" : "MDVSA-2013:102", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102" - }, - { - "name" : "SUSE-SU-2013:0262", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html" - }, - { - "name" : "SUSE-SU-2015:0743", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" - }, - { - "name" : "53372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2013:102", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102" + }, + { + "name": "53372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53372" + }, + { + "name": "[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/12/02/3" + }, + { + "name": "20121201 MySQL Remote Preauth User Enumeration Zeroday", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2012/Dec/9" + }, + { + "name": "GLSA-201308-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml" + }, + { + "name": "[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/12/02/4" + }, + { + "name": "https://mariadb.atlassian.net/browse/MDEV-3909", + "refsource": "CONFIRM", + "url": "https://mariadb.atlassian.net/browse/MDEV-3909" + }, + { + "name": "SUSE-SU-2015:0743", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" + }, + { + "name": "SUSE-SU-2013:0262", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5754.json b/2012/5xxx/CVE-2012-5754.json index 54375722298..907aa428786 100644 --- a/2012/5xxx/CVE-2012-5754.json +++ b/2012/5xxx/CVE-2012-5754.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5754", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5754", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5761.json b/2012/5xxx/CVE-2012-5761.json index 047b5c8a1cc..472e3981eb4 100644 --- a/2012/5xxx/CVE-2012-5761.json +++ b/2012/5xxx/CVE-2012-5761.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-5761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21624568", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21624568" - }, - { - "name" : "netezza-persistent-xss(80138)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "netezza-persistent-xss(80138)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80138" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21624568", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21624568" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11198.json b/2017/11xxx/CVE-2017-11198.json index 172eb5754f7..9e71431aaa7 100644 --- a/2017/11xxx/CVE-2017-11198.json +++ b/2017/11xxx/CVE-2017-11198.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lorexxar.cn/2017/07/11/Some%20Vulnerability%20for%20FineCMS%20through%202017.7.11/#Reflected-XSS-in-get-image-php", - "refsource" : "MISC", - "url" : "http://lorexxar.cn/2017/07/11/Some%20Vulnerability%20for%20FineCMS%20through%202017.7.11/#Reflected-XSS-in-get-image-php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lorexxar.cn/2017/07/11/Some%20Vulnerability%20for%20FineCMS%20through%202017.7.11/#Reflected-XSS-in-get-image-php", + "refsource": "MISC", + "url": "http://lorexxar.cn/2017/07/11/Some%20Vulnerability%20for%20FineCMS%20through%202017.7.11/#Reflected-XSS-in-get-image-php" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11596.json b/2017/11xxx/CVE-2017-11596.json index 21073df543f..7be19b40282 100644 --- a/2017/11xxx/CVE-2017-11596.json +++ b/2017/11xxx/CVE-2017-11596.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11596", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11596", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11776.json b/2017/11xxx/CVE-2017-11776.json index bb884ba52c0..e28d8fe096b 100644 --- a/2017/11xxx/CVE-2017-11776.json +++ b/2017/11xxx/CVE-2017-11776.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-11776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Outlook", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Outlook 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka \"Microsoft Outlook Information Disclosure Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-11776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Outlook", + "version": { + "version_data": [ + { + "version_value": "Microsoft Outlook 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11776", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11776" - }, - { - "name" : "101106", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101106" - }, - { - "name" : "1039542", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039542" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka \"Microsoft Outlook Information Disclosure Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11776", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11776" + }, + { + "name": "101106", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101106" + }, + { + "name": "1039542", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039542" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11879.json b/2017/11xxx/CVE-2017-11879.json index 9bbee328546..a1bbb66e82e 100644 --- a/2017/11xxx/CVE-2017-11879.json +++ b/2017/11xxx/CVE-2017-11879.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-11-14T00:00:00", - "ID" : "CVE-2017-11879", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ASP.NET Core", - "version" : { - "version_data" : [ - { - "version_value" : "ASP.NET Core 2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka \"ASP.NET Core Elevation Of Privilege Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-11-14T00:00:00", + "ID": "CVE-2017-11879", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ASP.NET Core", + "version": { + "version_data": [ + { + "version_value": "ASP.NET Core 2.0" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11879", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11879" - }, - { - "name" : "101713", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101713" - }, - { - "name" : "1039793", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka \"ASP.NET Core Elevation Of Privilege Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11879", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11879" + }, + { + "name": "101713", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101713" + }, + { + "name": "1039793", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039793" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15463.json b/2017/15xxx/CVE-2017-15463.json index 24a593e845e..8a0f9680391 100644 --- a/2017/15xxx/CVE-2017-15463.json +++ b/2017/15xxx/CVE-2017-15463.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15463", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15463", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15758.json b/2017/15xxx/CVE-2017-15758.json index e427f70a1b6..64233b9a97f 100644 --- a/2017/15xxx/CVE-2017-15758.json +++ b/2017/15xxx/CVE-2017-15758.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to \"Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000004d75b.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15758", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15758" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to \"Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000004d75b.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15758", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15758" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15916.json b/2017/15xxx/CVE-2017-15916.json index 65eba6b3992..57e6788ab46 100644 --- a/2017/15xxx/CVE-2017-15916.json +++ b/2017/15xxx/CVE-2017-15916.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15916", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15916", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3052.json b/2017/3xxx/CVE-2017-3052.json index 68d57f25e9a..c661bd70ed0 100644 --- a/2017/3xxx/CVE-2017-3052.json +++ b/2017/3xxx/CVE-2017-3052.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3052", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of EMF - enhanced meta file format." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" - }, - { - "name" : "97554", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97554" - }, - { - "name" : "1038228", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of EMF - enhanced meta file format." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97554", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97554" + }, + { + "name": "1038228", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038228" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3120.json b/2017/3xxx/CVE-2017-3120.json index 6a9ddfeedd9..e60ef695c4a 100644 --- a/2017/3xxx/CVE-2017-3120.json +++ b/2017/3xxx/CVE-2017-3120.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-3120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Acrobat Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2017.009.20058 and earlier" - }, - { - "version_value" : "2017.008.30051 and earlier" - }, - { - "version_value" : "2015.006.30306 and earlier" - }, - { - "version_value" : "11.0.20 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe Systems Incorporated" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA parsing engine when handling certain types of internal instructions. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-3120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_value": "2017.009.20058 and earlier" + }, + { + "version_value": "2017.008.30051 and earlier" + }, + { + "version_value": "2015.006.30306 and earlier" + }, + { + "version_value": "11.0.20 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Adobe Systems Incorporated" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" - }, - { - "name" : "100182", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100182" - }, - { - "name" : "1039098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA parsing engine when handling certain types of internal instructions. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" + }, + { + "name": "1039098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039098" + }, + { + "name": "100182", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100182" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3296.json b/2017/3xxx/CVE-2017-3296.json index 30dd2ff5ef5..3b0199f177d 100644 --- a/2017/3xxx/CVE-2017-3296.json +++ b/2017/3xxx/CVE-2017-3296.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3296", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Commerce Platform", - "version" : { - "version_data" : [ - { - "version_value" : "10.0.3.5" - }, - { - "version_value" : "10.2.0.5" - }, - { - "version_value" : "11.2.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). Supported versions that are affected are 10.0.3.5, 10.2.0.5 and 11.2.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Commerce Platform accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3296", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Commerce Platform", + "version": { + "version_data": [ + { + "version_value": "10.0.3.5" + }, + { + "version_value": "10.2.0.5" + }, + { + "version_value": "11.2.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). Supported versions that are affected are 10.0.3.5, 10.2.0.5 and 11.2.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Commerce Platform accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3451.json b/2017/3xxx/CVE-2017-3451.json index bd2fda3a010..4c9502e1351 100644 --- a/2017/3xxx/CVE-2017-3451.json +++ b/2017/3xxx/CVE-2017-3451.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3451", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Retail Open Commerce Platform Cloud Service", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "4.0" - }, - { - "version_affected" : "=", - "version_value" : "5.0" - }, - { - "version_affected" : "=", - "version_value" : "5.1" - }, - { - "version_affected" : "=", - "version_value" : "5.3" - }, - { - "version_affected" : "=", - "version_value" : "6.0" - }, - { - "version_affected" : "=", - "version_value" : "6.1" - }, - { - "version_affected" : "=", - "version_value" : "15.0" - }, - { - "version_affected" : "=", - "version_value" : "16.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Web). Supported versions that are affected are 4.0, 5.0, 5.1, 5.3, 6.0,6.1, 15.0 and 16.0. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Open Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Open Commerce Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Open Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Retail Open Commerce Platform accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Open Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Open Commerce Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Open Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Retail Open Commerce Platform accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3451", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Open Commerce Platform Cloud Service", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "4.0" + }, + { + "version_affected": "=", + "version_value": "5.0" + }, + { + "version_affected": "=", + "version_value": "5.1" + }, + { + "version_affected": "=", + "version_value": "5.3" + }, + { + "version_affected": "=", + "version_value": "6.0" + }, + { + "version_affected": "=", + "version_value": "6.1" + }, + { + "version_affected": "=", + "version_value": "15.0" + }, + { + "version_affected": "=", + "version_value": "16.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97741", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97741" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Web). Supported versions that are affected are 4.0, 5.0, 5.1, 5.3, 6.0,6.1, 15.0 and 16.0. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Open Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Open Commerce Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Open Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Retail Open Commerce Platform accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Retail Open Commerce Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Open Commerce Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Open Commerce Platform accessible data as well as unauthorized read access to a subset of Oracle Retail Open Commerce Platform accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "97741", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97741" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3452.json b/2017/3xxx/CVE-2017-3452.json index 6f12adda967..f8518ecd653 100644 --- a/2017/3xxx/CVE-2017-3452.json +++ b/2017/3xxx/CVE-2017-3452.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.6.35 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.6.35 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "RHSA-2017:2787", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2787" - }, - { - "name" : "97779", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97779" - }, - { - "name" : "1038287", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:2787", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2787" + }, + { + "name": "1038287", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038287" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "97779", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97779" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8018.json b/2017/8xxx/CVE-2017-8018.json index 7332e953cfd..51eb9b88e2a 100644 --- a/2017/8xxx/CVE-2017-8018.json +++ b/2017/8xxx/CVE-2017-8018.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-8018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EMC AppSync host plug-in versions 3.5 and below (Windows platform only)", - "version" : { - "version_data" : [ - { - "version_value" : "EMC AppSync host plug-in versions 3.5 and below (Windows platform only)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-8018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMC AppSync host plug-in versions 3.5 and below (Windows platform only)", + "version": { + "version_data": [ + { + "version_value": "EMC AppSync host plug-in versions 3.5 and below (Windows platform only)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Sep/75", - "refsource" : "CONFIRM", - "url" : "http://seclists.org/fulldisclosure/2017/Sep/75" - }, - { - "name" : "101016", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Sep/75", + "refsource": "CONFIRM", + "url": "http://seclists.org/fulldisclosure/2017/Sep/75" + }, + { + "name": "101016", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101016" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8044.json b/2017/8xxx/CVE-2017-8044.json index b951e5868ce..9f92db832ba 100644 --- a/2017/8xxx/CVE-2017-8044.json +++ b/2017/8xxx/CVE-2017-8044.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-8044", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Single Sign-On for PCF 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3", - "version" : { - "version_data" : [ - { - "version_value" : "Single Sign-On for PCF 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XSS vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-8044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Single Sign-On for PCF 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3", + "version": { + "version_data": [ + { + "version_value": "Single Sign-On for PCF 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pivotal.io/security/cve-2017-8044", - "refsource" : "CONFIRM", - "url" : "https://pivotal.io/security/cve-2017-8044" - }, - { - "name" : "100618", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100618" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pivotal.io/security/cve-2017-8044", + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2017-8044" + }, + { + "name": "100618", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100618" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8142.json b/2017/8xxx/CVE-2017-8142.json index 2106458fa65..24594277219 100644 --- a/2017/8xxx/CVE-2017-8142.json +++ b/2017/8xxx/CVE-2017-8142.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mate 9, Mate 9 Pro", - "version" : { - "version_data" : [ - { - "version_value" : "Versions earlier than MHA-AL00BC00B221, Versions earlier than LON-AL00BC00B221" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Trusted Execution Environment (TEE) module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free (UAF) vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to create and free specific memory, which could triggers access memory after free it and causes a system crash or arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mate 9, Mate 9 Pro", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than MHA-AL00BC00B221, Versions earlier than LON-AL00BC00B221" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170615-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170615-01-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Trusted Execution Environment (TEE) module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free (UAF) vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to create and free specific memory, which could triggers access memory after free it and causes a system crash or arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170615-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170615-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8209.json b/2017/8xxx/CVE-2017-8209.json index 855c19cf9f5..e5789a6cba8 100644 --- a/2017/8xxx/CVE-2017-8209.json +++ b/2017/8xxx/CVE-2017-8209.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "honor 5C,honor 6x", - "version" : { - "version_data" : [ - { - "version_value" : "Versions earlier than NEM-AL10C00B356,Versions earlier than Berlin-L21HNC432B360" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "honor 5C,honor 6x", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than NEM-AL10C00B356,Versions earlier than Berlin-L21HNC432B360" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8499.json b/2017/8xxx/CVE-2017-8499.json index 743c895c0bb..8b464b6829a 100644 --- a/2017/8xxx/CVE-2017-8499.json +++ b/2017/8xxx/CVE-2017-8499.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 1703." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8520, CVE-2017-8521, CVE-2017-8548, and CVE-2017-8549." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 1703." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8499", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8499" - }, - { - "name" : "98883", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98883" - }, - { - "name" : "1038661", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8520, CVE-2017-8521, CVE-2017-8548, and CVE-2017-8549." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98883", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98883" + }, + { + "name": "1038661", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038661" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8499", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8499" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8918.json b/2017/8xxx/CVE-2017-8918.json index 6cb45335aa3..8638d80f0dd 100644 --- a/2017/8xxx/CVE-2017-8918.json +++ b/2017/8xxx/CVE-2017-8918.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://thenopsled.com/Exploit-DB%20Writeup.txt", - "refsource" : "MISC", - "url" : "https://thenopsled.com/Exploit-DB%20Writeup.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://thenopsled.com/Exploit-DB%20Writeup.txt", + "refsource": "MISC", + "url": "https://thenopsled.com/Exploit-DB%20Writeup.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8994.json b/2017/8xxx/CVE-2017-8994.json index 0555a272dd9..72859f39276 100644 --- a/2017/8xxx/CVE-2017-8994.json +++ b/2017/8xxx/CVE-2017-8994.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2017-08-30T00:00:00", - "ID" : "CVE-2017-8994", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HPE Operations Orchestration", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to 10.80" - } - ] - } - } - ] - }, - "vendor_name" : "Micro Focus" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2017-08-30T00:00:00", + "ID": "CVE-2017-8994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HPE Operations Orchestration", + "version": { + "version_data": [ + { + "version_value": "All versions prior to 10.80" + } + ] + } + } + ] + }, + "vendor_name": "Micro Focus" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.tenable.com/security/research/tra-2017-25", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2017-25" - }, - { - "name" : "https://www.tenable.com/security/research/tra-2017-28", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2017-28" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03767en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03767en_us" - }, - { - "name" : "100588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A input validation vulnerability in HPE Operations Orchestration product all versions prior to 10.80, allows for the execution of code remotely." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03767en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03767en_us" + }, + { + "name": "https://www.tenable.com/security/research/tra-2017-28", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2017-28" + }, + { + "name": "https://www.tenable.com/security/research/tra-2017-25", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2017-25" + }, + { + "name": "100588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100588" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10297.json b/2018/10xxx/CVE-2018-10297.json index 80953f00c80..511b5341fd9 100644 --- a/2018/10xxx/CVE-2018-10297.json +++ b/2018/10xxx/CVE-2018-10297.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/", - "refsource" : "MISC", - "url" : "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/", + "refsource": "MISC", + "url": "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12291.json b/2018/12xxx/CVE-2018-12291.json index aed2ed1ae84..fe1656fa2df 100644 --- a/2018/12xxx/CVE-2018-12291.json +++ b/2018/12xxx/CVE-2018-12291.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/matrix-org/synapse/pull/3371", - "refsource" : "CONFIRM", - "url" : "https://github.com/matrix-org/synapse/pull/3371" - }, - { - "name" : "https://github.com/matrix-org/synapse/releases/tag/v0.31.1", - "refsource" : "CONFIRM", - "url" : "https://github.com/matrix-org/synapse/releases/tag/v0.31.1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/matrix-org/synapse/releases/tag/v0.31.1", + "refsource": "CONFIRM", + "url": "https://github.com/matrix-org/synapse/releases/tag/v0.31.1" + }, + { + "name": "https://github.com/matrix-org/synapse/pull/3371", + "refsource": "CONFIRM", + "url": "https://github.com/matrix-org/synapse/pull/3371" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12558.json b/2018/12xxx/CVE-2018-12558.json index 87c0e012975..6fb4a61c673 100644 --- a/2018/12xxx/CVE-2018-12558.json +++ b/2018/12xxx/CVE-2018-12558.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters (\"\\f\")." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20180619 CVE-2018-12558: DOS in perl module Email:ddress", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/06/19/3" - }, - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901873", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters (\"\\f\")." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20180619 CVE-2018-12558: DOS in perl module Email:ddress", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/06/19/3" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901873", + "refsource": "MISC", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901873" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12762.json b/2018/12xxx/CVE-2018-12762.json index d513b177b91..9cd2daaead3 100644 --- a/2018/12xxx/CVE-2018-12762.json +++ b/2018/12xxx/CVE-2018-12762.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "104699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104699" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "104699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104699" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13047.json b/2018/13xxx/CVE-2018-13047.json index f40a433a9f6..1b9ba9abe38 100644 --- a/2018/13xxx/CVE-2018-13047.json +++ b/2018/13xxx/CVE-2018-13047.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13047", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13047", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13137.json b/2018/13xxx/CVE-2018-13137.json index 40a98cc6edf..5122605a4e7 100644 --- a/2018/13xxx/CVE-2018-13137.json +++ b/2018/13xxx/CVE-2018-13137.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13137", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13137", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13468.json b/2018/13xxx/CVE-2018-13468.json index 1bed6f2c594..5b5f0acdc03 100644 --- a/2018/13xxx/CVE-2018-13468.json +++ b/2018/13xxx/CVE-2018-13468.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for Cavecoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Cavecoin", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Cavecoin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for Cavecoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Cavecoin", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Cavecoin" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16021.json b/2018/16xxx/CVE-2018-16021.json index 9bbbf7ae833..5b23169ac45 100644 --- a/2018/16xxx/CVE-2018-16021.json +++ b/2018/16xxx/CVE-2018-16021.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-16021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-16021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106158", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106158" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106158", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106158" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16403.json b/2018/16xxx/CVE-2018-16403.json index 7da2538f20e..d4266582dc4 100644 --- a/2018/16xxx/CVE-2018-16403.json +++ b/2018/16xxx/CVE-2018-16403.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23529" - }, - { - "name" : "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", - "refsource" : "MISC", - "url" : "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda", + "refsource": "MISC", + "url": "https://sourceware.org/git/?p=elfutils.git;a=commit;h=6983e59b727458a6c64d9659c85f08218bc4fcda" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23529", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23529" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16438.json b/2018/16xxx/CVE-2018-16438.json index b9d92a39467..99119ca5a0c 100644 --- a/2018/16xxx/CVE-2018-16438.json +++ b/2018/16xxx/CVE-2018-16438.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/TeamSeri0us/pocs/tree/master/hdf5/h5stat", - "refsource" : "MISC", - "url" : "https://github.com/TeamSeri0us/pocs/tree/master/hdf5/h5stat" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/TeamSeri0us/pocs/tree/master/hdf5/h5stat", + "refsource": "MISC", + "url": "https://github.com/TeamSeri0us/pocs/tree/master/hdf5/h5stat" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16845.json b/2018/16xxx/CVE-2018-16845.json index 364e0451f8d..792d09e5622 100644 --- a/2018/16xxx/CVE-2018-16845.json +++ b/2018/16xxx/CVE-2018-16845.json @@ -1,125 +1,125 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sfowler@redhat.com", - "ID" : "CVE-2018-16845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "nginx", - "version" : { - "version_data" : [ - { - "version_value" : "1.15.6" - }, - { - "version_value" : "1.14.1" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "8.2/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-400" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-16845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "nginx", + "version": { + "version_data": [ + { + "version_value": "1.15.6" + }, + { + "version_value": "1.14.1" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181108 [SECURITY] [DLA 1572-1] nginx security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00010.html" - }, - { - "name" : "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html", - "refsource" : "MISC", - "url" : "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16845", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16845" - }, - { - "name" : "DSA-4335", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4335" - }, - { - "name" : "RHSA-2018:3652", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3652" - }, - { - "name" : "RHSA-2018:3653", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3653" - }, - { - "name" : "RHSA-2018:3680", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3680" - }, - { - "name" : "RHSA-2018:3681", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3681" - }, - { - "name" : "USN-3812-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3812-1/" - }, - { - "name" : "105868", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105868" - }, - { - "name" : "1042039", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042039" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "8.2/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4335", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4335" + }, + { + "name": "RHSA-2018:3680", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3680" + }, + { + "name": "RHSA-2018:3681", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3681" + }, + { + "name": "105868", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105868" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16845", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16845" + }, + { + "name": "1042039", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042039" + }, + { + "name": "[debian-lts-announce] 20181108 [SECURITY] [DLA 1572-1] nginx security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00010.html" + }, + { + "name": "RHSA-2018:3653", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3653" + }, + { + "name": "RHSA-2018:3652", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3652" + }, + { + "name": "USN-3812-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3812-1/" + }, + { + "name": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html", + "refsource": "MISC", + "url": "http://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16974.json b/2018/16xxx/CVE-2018-16974.json index a5733577dd9..f8c283ff343 100644 --- a/2018/16xxx/CVE-2018-16974.json +++ b/2018/16xxx/CVE-2018-16974.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters (for bypassing the blacklist)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jbroadway/elefant/commit/49ba8cc24e9f009ce30d2c2eb9eefeb9be4ce1d0", - "refsource" : "MISC", - "url" : "https://github.com/jbroadway/elefant/commit/49ba8cc24e9f009ce30d2c2eb9eefeb9be4ce1d0" - }, - { - "name" : "https://github.com/jbroadway/elefant/issues/287", - "refsource" : "MISC", - "url" : "https://github.com/jbroadway/elefant/issues/287" - }, - { - "name" : "https://github.com/jbroadway/elefant/releases/tag/elefant_2_0_7_stable", - "refsource" : "MISC", - "url" : "https://github.com/jbroadway/elefant/releases/tag/elefant_2_0_7_stable" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters (for bypassing the blacklist)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jbroadway/elefant/releases/tag/elefant_2_0_7_stable", + "refsource": "MISC", + "url": "https://github.com/jbroadway/elefant/releases/tag/elefant_2_0_7_stable" + }, + { + "name": "https://github.com/jbroadway/elefant/commit/49ba8cc24e9f009ce30d2c2eb9eefeb9be4ce1d0", + "refsource": "MISC", + "url": "https://github.com/jbroadway/elefant/commit/49ba8cc24e9f009ce30d2c2eb9eefeb9be4ce1d0" + }, + { + "name": "https://github.com/jbroadway/elefant/issues/287", + "refsource": "MISC", + "url": "https://github.com/jbroadway/elefant/issues/287" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17025.json b/2018/17xxx/CVE-2018-17025.json index 714ef44393e..2c947637174 100644 --- a/2018/17xxx/CVE-2018-17025.json +++ b/2018/17xxx/CVE-2018-17025.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page action for a page with no special role." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/monstra-cms/monstra/issues/458", - "refsource" : "MISC", - "url" : "https://github.com/monstra-cms/monstra/issues/458" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page action for a page with no special role." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/monstra-cms/monstra/issues/458", + "refsource": "MISC", + "url": "https://github.com/monstra-cms/monstra/issues/458" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17113.json b/2018/17xxx/CVE-2018-17113.json index 805c9e5bcd7..8f12a860c24 100644 --- a/2018/17xxx/CVE-2018-17113.json +++ b/2018/17xxx/CVE-2018-17113.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/teameasy/EasyCMS/issues/7", - "refsource" : "MISC", - "url" : "https://github.com/teameasy/EasyCMS/issues/7" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf in EasyCMS 1.5 has XSS via the uploadifyID or movieName parameter, a related issue to CVE-2018-9173." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/teameasy/EasyCMS/issues/7", + "refsource": "MISC", + "url": "https://github.com/teameasy/EasyCMS/issues/7" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17147.json b/2018/17xxx/CVE-2018-17147.json index 0fe927cfed2..81fdb3e3cb0 100644 --- a/2018/17xxx/CVE-2018-17147.json +++ b/2018/17xxx/CVE-2018-17147.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17147", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17147", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17482.json b/2018/17xxx/CVE-2018-17482.json index 7d283c70325..62566b271b3 100644 --- a/2018/17xxx/CVE-2018-17482.json +++ b/2018/17xxx/CVE-2018-17482.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17482", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17482", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file