From cebdbfa93610a9c4f0d0eaef47f1a4e94f4a25e6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:09:15 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/0xxx/CVE-2004-0756.json | 34 +-- 2004/0xxx/CVE-2004-0784.json | 180 +++++++------- 2004/0xxx/CVE-2004-0797.json | 310 ++++++++++++------------ 2004/1xxx/CVE-2004-1174.json | 160 ++++++------- 2004/1xxx/CVE-2004-1372.json | 180 +++++++------- 2004/1xxx/CVE-2004-1546.json | 190 +++++++-------- 2004/1xxx/CVE-2004-1579.json | 130 +++++----- 2008/3xxx/CVE-2008-3125.json | 170 ++++++------- 2008/3xxx/CVE-2008-3402.json | 170 ++++++------- 2008/3xxx/CVE-2008-3983.json | 160 ++++++------- 2008/4xxx/CVE-2008-4194.json | 150 ++++++------ 2008/4xxx/CVE-2008-4791.json | 150 ++++++------ 2008/6xxx/CVE-2008-6193.json | 130 +++++----- 2008/6xxx/CVE-2008-6463.json | 140 +++++------ 2008/6xxx/CVE-2008-6892.json | 150 ++++++------ 2008/7xxx/CVE-2008-7283.json | 130 +++++----- 2008/7xxx/CVE-2008-7318.json | 34 +-- 2013/2xxx/CVE-2013-2300.json | 130 +++++----- 2013/2xxx/CVE-2013-2333.json | 140 +++++------ 2013/2xxx/CVE-2013-2492.json | 200 ++++++++-------- 2013/2xxx/CVE-2013-2495.json | 130 +++++----- 2013/2xxx/CVE-2013-2862.json | 150 ++++++------ 2013/2xxx/CVE-2013-2917.json | 190 +++++++-------- 2013/6xxx/CVE-2013-6485.json | 190 +++++++-------- 2013/6xxx/CVE-2013-6861.json | 150 ++++++------ 2017/11xxx/CVE-2017-11273.json | 140 +++++------ 2017/11xxx/CVE-2017-11356.json | 140 +++++------ 2017/11xxx/CVE-2017-11391.json | 142 +++++------ 2017/14xxx/CVE-2017-14000.json | 130 +++++----- 2017/14xxx/CVE-2017-14529.json | 140 +++++------ 2017/14xxx/CVE-2017-14782.json | 34 +-- 2017/14xxx/CVE-2017-14928.json | 120 +++++----- 2017/15xxx/CVE-2017-15019.json | 120 +++++----- 2017/15xxx/CVE-2017-15051.json | 130 +++++----- 2017/15xxx/CVE-2017-15154.json | 34 +-- 2017/15xxx/CVE-2017-15182.json | 34 +-- 2017/15xxx/CVE-2017-15438.json | 34 +-- 2017/15xxx/CVE-2017-15447.json | 34 +-- 2017/15xxx/CVE-2017-15612.json | 120 +++++----- 2017/9xxx/CVE-2017-9109.json | 34 +-- 2017/9xxx/CVE-2017-9542.json | 140 +++++------ 2017/9xxx/CVE-2017-9732.json | 150 ++++++------ 2018/0xxx/CVE-2018-0365.json | 130 +++++----- 2018/0xxx/CVE-2018-0805.json | 142 +++++------ 2018/0xxx/CVE-2018-0998.json | 176 +++++++------- 2018/1000xxx/CVE-2018-1000623.json | 126 +++++----- 2018/1000xxx/CVE-2018-1000846.json | 136 +++++------ 2018/12xxx/CVE-2018-12041.json | 130 +++++----- 2018/12xxx/CVE-2018-12050.json | 34 +-- 2018/12xxx/CVE-2018-12140.json | 34 +-- 2018/12xxx/CVE-2018-12366.json | 372 ++++++++++++++--------------- 2018/12xxx/CVE-2018-12795.json | 140 +++++------ 2018/14xxx/CVE-2018-14486.json | 53 +++- 2018/16xxx/CVE-2018-16181.json | 130 +++++----- 2018/16xxx/CVE-2018-16776.json | 120 +++++----- 2018/4xxx/CVE-2018-4140.json | 140 +++++------ 2018/4xxx/CVE-2018-4586.json | 34 +-- 2018/4xxx/CVE-2018-4596.json | 34 +-- 2018/4xxx/CVE-2018-4903.json | 140 +++++------ 59 files changed, 3822 insertions(+), 3773 deletions(-) diff --git a/2004/0xxx/CVE-2004-0756.json b/2004/0xxx/CVE-2004-0756.json index cf0de968dc7..cb79db19482 100644 --- a/2004/0xxx/CVE-2004-0756.json +++ b/2004/0xxx/CVE-2004-0756.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0756", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2004-0756", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0784.json b/2004/0xxx/CVE-2004-0784.json index 7f75705af92..36d5929a1b2 100644 --- a/2004/0xxx/CVE-2004-0784.json +++ b/2004/0xxx/CVE-2004-0784.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The smiley theme functionality in Gaim before 0.82 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of the tar file that is dragged to the smiley selector." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gaim.sourceforge.net/security/?id=1", - "refsource" : "CONFIRM", - "url" : "http://gaim.sourceforge.net/security/?id=1" - }, - { - "name" : "FEDORA-2004-278", - "refsource" : "FEDORA", - "url" : "http://www.fedoranews.org/updates/FEDORA-2004-278.shtml" - }, - { - "name" : "FEDORA-2004-279", - "refsource" : "FEDORA", - "url" : "http://www.fedoranews.org/updates/FEDORA-2004-279.shtml" - }, - { - "name" : "GLSA-200408-27", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200408-27.xml" - }, - { - "name" : "RHSA-2004:400", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-400.html" - }, - { - "name" : "oval:org.mitre.oval:def:10008", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10008" - }, - { - "name" : "gaim-smiley-command-execution(17144)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The smiley theme functionality in Gaim before 0.82 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of the tar file that is dragged to the smiley selector." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2004-278", + "refsource": "FEDORA", + "url": "http://www.fedoranews.org/updates/FEDORA-2004-278.shtml" + }, + { + "name": "FEDORA-2004-279", + "refsource": "FEDORA", + "url": "http://www.fedoranews.org/updates/FEDORA-2004-279.shtml" + }, + { + "name": "GLSA-200408-27", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-27.xml" + }, + { + "name": "http://gaim.sourceforge.net/security/?id=1", + "refsource": "CONFIRM", + "url": "http://gaim.sourceforge.net/security/?id=1" + }, + { + "name": "oval:org.mitre.oval:def:10008", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10008" + }, + { + "name": "RHSA-2004:400", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-400.html" + }, + { + "name": "gaim-smiley-command-execution(17144)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17144" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0797.json b/2004/0xxx/CVE-2004-0797.json index 5c6f2501739..4bb65d4ba65 100644 --- a/2004/0xxx/CVE-2004-0797.json +++ b/2004/0xxx/CVE-2004-0797.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=252253", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=252253" - }, - { - "name" : "20040825 [OpenPKG-SA-2004.038] OpenPKG Security Advisory (zlib)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109353792914900&w=2" - }, - { - "name" : "CLA-2004:865", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000865" - }, - { - "name" : "CLA-2004:878", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000878" - }, - { - "name" : "FLSA:2043", - "refsource" : "FEDORA", - "url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2043" - }, - { - "name" : "GLSA-200408-26", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200408-26.xml" - }, - { - "name" : "MDKSA-2004:090", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:090" - }, - { - "name" : "SCOSA-2004.17", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.17/SCOSA-2004.17.txt" - }, - { - "name" : "SCOSA-2006.6", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt" - }, - { - "name" : "SSA:2004-278", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.319160" - }, - { - "name" : "SUSE-SA:2004:029", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_29_zlib.html" - }, - { - "name" : "VU#238678", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/238678" - }, - { - "name" : "11051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11051" - }, - { - "name" : "9360", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/9360" - }, - { - "name" : "9361", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/9361" - }, - { - "name" : "11129", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11129" - }, - { - "name" : "1011085", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011085" - }, - { - "name" : "18377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18377" - }, - { - "name" : "17054", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17054" - }, - { - "name" : "zlib-inflate-inflateback-dos(17119)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11051" + }, + { + "name": "9361", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/9361" + }, + { + "name": "9360", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/9360" + }, + { + "name": "GLSA-200408-26", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200408-26.xml" + }, + { + "name": "17054", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17054" + }, + { + "name": "CLA-2004:865", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000865" + }, + { + "name": "zlib-inflate-inflateback-dos(17119)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17119" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=252253", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=252253" + }, + { + "name": "VU#238678", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/238678" + }, + { + "name": "SUSE-SA:2004:029", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_29_zlib.html" + }, + { + "name": "1011085", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011085" + }, + { + "name": "CLA-2004:878", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000878" + }, + { + "name": "MDKSA-2004:090", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:090" + }, + { + "name": "11129", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11129" + }, + { + "name": "SSA:2004-278", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.319160" + }, + { + "name": "SCOSA-2006.6", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt" + }, + { + "name": "18377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18377" + }, + { + "name": "FLSA:2043", + "refsource": "FEDORA", + "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2043" + }, + { + "name": "20040825 [OpenPKG-SA-2004.038] OpenPKG Security Advisory (zlib)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109353792914900&w=2" + }, + { + "name": "SCOSA-2004.17", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.17/SCOSA-2004.17.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1174.json b/2004/1xxx/CVE-2004-1174.json index 6d21e232caf..366e02d41a5 100644 --- a/2004/1xxx/CVE-2004-1174.json +++ b/2004/1xxx/CVE-2004-1174.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by \"manipulating non-existing file handles.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-639", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-639" - }, - { - "name" : "RHSA-2005:512", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-512.html" - }, - { - "name" : "1012903", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012903" - }, - { - "name" : "13863", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13863/" - }, - { - "name" : "midnight-commander-direntry-dos(18909)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18909" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by \"manipulating non-existing file handles.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "13863", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13863/" + }, + { + "name": "1012903", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012903" + }, + { + "name": "DSA-639", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-639" + }, + { + "name": "midnight-commander-direntry-dos(18909)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18909" + }, + { + "name": "RHSA-2005:512", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-512.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1372.json b/2004/1xxx/CVE-2004-1372.json index 24587a4e053..cec44cf6230 100644 --- a/2004/1xxx/CVE-2004-1372.json +++ b/2004/1xxx/CVE-2004-1372.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary code via (1) a long third argument to the rec2xml function or (2) a long filename argument to the generate_distfile procedure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041223 IBM DB2 rec2xml buffer overflow vulnerability (#NISR2122004J)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110382730431065&w=2" - }, - { - "name" : "http://www.ngssoftware.com/advisories/db223122004K.txt", - "refsource" : "MISC", - "url" : "http://www.ngssoftware.com/advisories/db223122004K.txt" - }, - { - "name" : "20041223 IBM DB2 generate_distfile buffer overflow vulnerability (#NISR2122004L)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110382462924162&w=2" - }, - { - "name" : "http://www.ngssoftware.com/advisories/db223122004L.txt", - "refsource" : "MISC", - "url" : "http://www.ngssoftware.com/advisories/db223122004L.txt" - }, - { - "name" : "11089", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11089" - }, - { - "name" : "db2-rec2xml-bo(18682)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18682" - }, - { - "name" : "db2-generatedistfile-bo(18663)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18663" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary code via (1) a long third argument to the rec2xml function or (2) a long filename argument to the generate_distfile procedure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041223 IBM DB2 generate_distfile buffer overflow vulnerability (#NISR2122004L)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110382462924162&w=2" + }, + { + "name": "20041223 IBM DB2 rec2xml buffer overflow vulnerability (#NISR2122004J)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110382730431065&w=2" + }, + { + "name": "db2-rec2xml-bo(18682)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18682" + }, + { + "name": "db2-generatedistfile-bo(18663)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18663" + }, + { + "name": "11089", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11089" + }, + { + "name": "http://www.ngssoftware.com/advisories/db223122004L.txt", + "refsource": "MISC", + "url": "http://www.ngssoftware.com/advisories/db223122004L.txt" + }, + { + "name": "http://www.ngssoftware.com/advisories/db223122004K.txt", + "refsource": "MISC", + "url": "http://www.ngssoftware.com/advisories/db223122004K.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1546.json b/2004/1xxx/CVE-2004-1546.json index 273593a1a03..91077d9239a 100644 --- a/2004/1xxx/CVE-2004-1546.json +++ b/2004/1xxx/CVE-2004-1546.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to cause a denial of service (application crash) via a long (1) SAML, SOML, SEND, or MAIL command to the SMTP server or (2) LIST command to the IMAP server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040922 Remote buffer overflow in MDaemon IMAP and SMTP server", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109591179510781&w=2" - }, - { - "name" : "20040922 Remote buffer overflow in MDaemon IMAP and SMTP server", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026770.html" - }, - { - "name" : "http://www.securitylab.ru/48146.html", - "refsource" : "MISC", - "url" : "http://www.securitylab.ru/48146.html" - }, - { - "name" : "11238", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11238" - }, - { - "name" : "10223", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10223" - }, - { - "name" : "10224", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10224" - }, - { - "name" : "mdaemon-imap-list-bo(17476)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17476" - }, - { - "name" : "mdaemon-smtp-bo(17477)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17477" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to cause a denial of service (application crash) via a long (1) SAML, SOML, SEND, or MAIL command to the SMTP server or (2) LIST command to the IMAP server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040922 Remote buffer overflow in MDaemon IMAP and SMTP server", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026770.html" + }, + { + "name": "10224", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10224" + }, + { + "name": "10223", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10223" + }, + { + "name": "mdaemon-smtp-bo(17477)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17477" + }, + { + "name": "mdaemon-imap-list-bo(17476)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17476" + }, + { + "name": "http://www.securitylab.ru/48146.html", + "refsource": "MISC", + "url": "http://www.securitylab.ru/48146.html" + }, + { + "name": "20040922 Remote buffer overflow in MDaemon IMAP and SMTP server", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109591179510781&w=2" + }, + { + "name": "11238", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11238" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1579.json b/2004/1xxx/CVE-2004-1579.json index 5c65181d5d6..8cd0ce9651a 100644 --- a/2004/1xxx/CVE-2004-1579.json +++ b/2004/1xxx/CVE-2004-1579.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid cat_id parameter, which reveals the full path in a PHP error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041006 Full path disclosure and sql injection on CubeCart 2.0.1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109713382400457&w=2" - }, - { - "name" : "cubecart-catid-path-disclosure(17630)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid cat_id parameter, which reveals the full path in a PHP error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041006 Full path disclosure and sql injection on CubeCart 2.0.1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109713382400457&w=2" + }, + { + "name": "cubecart-catid-path-disclosure(17630)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17630" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3125.json b/2008/3xxx/CVE-2008-3125.json index b297c845885..a62da1a77a9 100644 --- a/2008/3xxx/CVE-2008-3125.json +++ b/2008/3xxx/CVE-2008-3125.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Mole Group Lastminute Script 4.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6027", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6027" - }, - { - "name" : "6020", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6020" - }, - { - "name" : "30127", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30127" - }, - { - "name" : "ADV-2008-2034", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2034/references" - }, - { - "name" : "31004", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31004" - }, - { - "name" : "lastminutescript-index-sql-injection(43641)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43641" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Mole Group Lastminute Script 4.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6020", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6020" + }, + { + "name": "30127", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30127" + }, + { + "name": "ADV-2008-2034", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2034/references" + }, + { + "name": "31004", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31004" + }, + { + "name": "lastminutescript-index-sql-injection(43641)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43641" + }, + { + "name": "6027", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6027" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3402.json b/2008/3xxx/CVE-2008-3402.json index 02efc277995..8027c859f84 100644 --- a/2008/3xxx/CVE-2008-3402.json +++ b/2008/3xxx/CVE-2008-3402.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in HIOX Browser Statistics (HBS) 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the hm parameter to (1) hioxupdate.php and (2) hioxstats.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080730 HIOX Browser Statistics 2.0 Remote File Inclusion Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494930/100/0/threaded" - }, - { - "name" : "6162", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6162" - }, - { - "name" : "30436", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30436" - }, - { - "name" : "31299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31299" - }, - { - "name" : "4083", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4083" - }, - { - "name" : "hioxwebbrowsers-multiple-file-include(44064)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in HIOX Browser Statistics (HBS) 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the hm parameter to (1) hioxupdate.php and (2) hioxstats.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6162", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6162" + }, + { + "name": "hioxwebbrowsers-multiple-file-include(44064)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44064" + }, + { + "name": "20080730 HIOX Browser Statistics 2.0 Remote File Inclusion Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494930/100/0/threaded" + }, + { + "name": "31299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31299" + }, + { + "name": "4083", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4083" + }, + { + "name": "30436", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30436" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3983.json b/2008/3xxx/CVE-2008-3983.json index f553b3b24b5..fbd6c9e4a0d 100644 --- a/2008/3xxx/CVE-2008-3983.json +++ b/2008/3xxx/CVE-2008-3983.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and CVE-2008-3984." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2008-3983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html" - }, - { - "name" : "ADV-2008-2825", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2825" - }, - { - "name" : "1021050", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021050" - }, - { - "name" : "32291", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32291" - }, - { - "name" : "oracle-database-workspace-priv-escalation2(45886)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and CVE-2008-3984." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html" + }, + { + "name": "32291", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32291" + }, + { + "name": "oracle-database-workspace-priv-escalation2(45886)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45886" + }, + { + "name": "1021050", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021050" + }, + { + "name": "ADV-2008-2825", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2825" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4194.json b/2008/4xxx/CVE-2008-4194.json index 03f74449490..86f85aea8df 100644 --- a/2008/4xxx/CVE-2008-4194.json +++ b/2008/4xxx/CVE-2008-4194.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4194", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a \"dangling pointer bug.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phys.uu.nl/~rombouts/pdnsd.html", - "refsource" : "CONFIRM", - "url" : "http://www.phys.uu.nl/~rombouts/pdnsd.html" - }, - { - "name" : "http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog" - }, - { - "name" : "ADV-2008-2582", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2582" - }, - { - "name" : "pdnsd-pexecquery-dos(45594)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45594" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a \"dangling pointer bug.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.phys.uu.nl/~rombouts/pdnsd.html", + "refsource": "CONFIRM", + "url": "http://www.phys.uu.nl/~rombouts/pdnsd.html" + }, + { + "name": "http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog", + "refsource": "CONFIRM", + "url": "http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog" + }, + { + "name": "pdnsd-pexecquery-dos(45594)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45594" + }, + { + "name": "ADV-2008-2582", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2582" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4791.json b/2008/4xxx/CVE-2008-4791.json index 6cbc86f8c82..ffc2183dbdd 100644 --- a/2008/4xxx/CVE-2008-4791.json +++ b/2008/4xxx/CVE-2008-4791.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081021 CVE req: drupal < 5.11/6.5", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/21/7" - }, - { - "name" : "http://drupal.org/node/318706", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/318706" - }, - { - "name" : "32201", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32201" - }, - { - "name" : "drupal-usermodule-security-bypass(45766)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45766" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/318706", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/318706" + }, + { + "name": "drupal-usermodule-security-bypass(45766)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45766" + }, + { + "name": "32201", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32201" + }, + { + "name": "[oss-security] 20081021 CVE req: drupal < 5.11/6.5", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/21/7" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6193.json b/2008/6xxx/CVE-2008-6193.json index b8e92520bcd..f2ea76d283f 100644 --- a/2008/6xxx/CVE-2008-6193.json +++ b/2008/6xxx/CVE-2008-6193.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sam Crew MyBlog stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5913", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5913" - }, - { - "name" : "myblog-password-information-disclosure(48843)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48843" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sam Crew MyBlog stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5913", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5913" + }, + { + "name": "myblog-password-information-disclosure(48843)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48843" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6463.json b/2008/6xxx/CVE-2008-6463.json index 3fc752c5121..6f7ad986fff 100644 --- a/2008/6xxx/CVE-2008-6463.json +++ b/2008/6xxx/CVE-2008-6463.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Diocese of Portsmouth Church Search (pd_churchsearch) extension before 0.1.1, and 0.2.10 and earlier 0.2.x versions, an extension for TYPO3, allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/" - }, - { - "name" : "31260", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31260" - }, - { - "name" : "48279", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/48279" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Diocese of Portsmouth Church Search (pd_churchsearch) extension before 0.1.1, and 0.2.10 and earlier 0.2.x versions, an extension for TYPO3, allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48279", + "refsource": "OSVDB", + "url": "http://osvdb.org/48279" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/" + }, + { + "name": "31260", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31260" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6892.json b/2008/6xxx/CVE-2008-6892.json index e47d360a2bc..19a5374ea15 100644 --- a/2008/6xxx/CVE-2008-6892.json +++ b/2008/6xxx/CVE-2008-6892.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in lire/index.php in Peel 3.1 allows remote attackers to execute arbitrary SQL commands via the rubid parameter. NOTE: this might be the same issue as CVE-2005-3572." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7395", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7395" - }, - { - "name" : "32715", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32715" - }, - { - "name" : "50604", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50604" - }, - { - "name" : "33073", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33073" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in lire/index.php in Peel 3.1 allows remote attackers to execute arbitrary SQL commands via the rubid parameter. NOTE: this might be the same issue as CVE-2005-3572." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33073", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33073" + }, + { + "name": "50604", + "refsource": "OSVDB", + "url": "http://osvdb.org/50604" + }, + { + "name": "32715", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32715" + }, + { + "name": "7395", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7395" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7283.json b/2008/7xxx/CVE-2008-7283.json index a37b2e9b120..22d1a0d5c7d 100644 --- a/2008/7xxx/CVE-2008-7283.json +++ b/2008/7xxx/CVE-2008-7283.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.otrs.org/show_bug.cgi?id=2544", - "refsource" : "CONFIRM", - "url" : "http://bugs.otrs.org/show_bug.cgi?id=2544" - }, - { - "name" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807", - "refsource" : "CONFIRM", - "url" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.otrs.org/show_bug.cgi?id=2544", + "refsource": "CONFIRM", + "url": "http://bugs.otrs.org/show_bug.cgi?id=2544" + }, + { + "name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807", + "refsource": "CONFIRM", + "url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7318.json b/2008/7xxx/CVE-2008-7318.json index e42fb096519..d0e910672d5 100644 --- a/2008/7xxx/CVE-2008-7318.json +++ b/2008/7xxx/CVE-2008-7318.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7318", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7318", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2300.json b/2013/2xxx/CVE-2013-2300.json index 7288c49b6ff..59c21bc6264 100644 --- a/2013/2xxx/CVE-2013-2300.json +++ b/2013/2xxx/CVE-2013-2300.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FlickWnn (aka OpenWnn/Flick support) application 2.02 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2013-2300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#11434157", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN11434157/index.html" - }, - { - "name" : "JVNDB-2013-000028", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000028" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FlickWnn (aka OpenWnn/Flick support) application 2.02 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2013-000028", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000028" + }, + { + "name": "JVN#11434157", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN11434157/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2333.json b/2013/2xxx/CVE-2013-2333.json index 351c9e4208c..b4e99561e2e 100644 --- a/2013/2xxx/CVE-2013-2333.json +++ b/2013/2xxx/CVE-2013-2333.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2333", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2013-2333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02883", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" - }, - { - "name" : "SSRT101053", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" - }, - { - "name" : "SSRT101227", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101227", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" + }, + { + "name": "SSRT101053", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" + }, + { + "name": "HPSBMU02883", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2492.json b/2013/2xxx/CVE-2013-2492.json index 0294bc37cc1..774ed0b4a0f 100644 --- a/2013/2xxx/CVE-2013-2492.json +++ b/2013/2xxx/CVE-2013-2492.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2492", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/zeroSteiner/85daef257831d904479c", - "refsource" : "MISC", - "url" : "https://gist.github.com/zeroSteiner/85daef257831d904479c" - }, - { - "name" : "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb", - "refsource" : "MISC", - "url" : "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb" - }, - { - "name" : "http://tracker.firebirdsql.org/browse/CORE-4058", - "refsource" : "CONFIRM", - "url" : "http://tracker.firebirdsql.org/browse/CORE-4058" - }, - { - "name" : "DSA-2647", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2647" - }, - { - "name" : "DSA-2648", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2648" - }, - { - "name" : "GLSA-201512-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201512-11" - }, - { - "name" : "openSUSE-SU-2013:0496", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00036.html" - }, - { - "name" : "openSUSE-SU-2013:0504", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00039.html" - }, - { - "name" : "58393", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/58393" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201512-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201512-11" + }, + { + "name": "https://gist.github.com/zeroSteiner/85daef257831d904479c", + "refsource": "MISC", + "url": "https://gist.github.com/zeroSteiner/85daef257831d904479c" + }, + { + "name": "openSUSE-SU-2013:0496", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00036.html" + }, + { + "name": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb", + "refsource": "MISC", + "url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb" + }, + { + "name": "58393", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/58393" + }, + { + "name": "DSA-2648", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2648" + }, + { + "name": "http://tracker.firebirdsql.org/browse/CORE-4058", + "refsource": "CONFIRM", + "url": "http://tracker.firebirdsql.org/browse/CORE-4058" + }, + { + "name": "openSUSE-SU-2013:0504", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00039.html" + }, + { + "name": "DSA-2647", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2647" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2495.json b/2013/2xxx/CVE-2013-2495.json index 4c6521817fd..d5d60f88a86 100644 --- a/2013/2xxx/CVE-2013-2495.json +++ b/2013/2xxx/CVE-2013-2495.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iff_read_header function in iff.c in libavformat in FFmpeg through 1.1.3 does not properly handle data sizes for Interchange File Format (IFF) data during operations involving a CMAP chunk or a video codec, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) or possibly have unspecified other impact via a crafted header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3dbc0ff9c3e6f6e0d08ea3d42cb33761bae084ba", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3dbc0ff9c3e6f6e0d08ea3d42cb33761bae084ba" - }, - { - "name" : "USN-1790-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1790-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iff_read_header function in iff.c in libavformat in FFmpeg through 1.1.3 does not properly handle data sizes for Interchange File Format (IFF) data during operations involving a CMAP chunk or a video codec, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) or possibly have unspecified other impact via a crafted header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3dbc0ff9c3e6f6e0d08ea3d42cb33761bae084ba", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3dbc0ff9c3e6f6e0d08ea3d42cb33761bae084ba" + }, + { + "name": "USN-1790-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1790-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2862.json b/2013/2xxx/CVE-2013-2862.json index 3b4e00fcb78..028b8d0debc 100644 --- a/2013/2xxx/CVE-2013-2862.json +++ b/2013/2xxx/CVE-2013-2862.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Skia, as used in Google Chrome before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=161077", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=161077" - }, - { - "name" : "DSA-2706", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2706" - }, - { - "name" : "oval:org.mitre.oval:def:16710", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16710" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Skia, as used in Google Chrome before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=161077", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=161077" + }, + { + "name": "oval:org.mitre.oval:def:16710", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16710" + }, + { + "name": "DSA-2706", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2706" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2917.json b/2013/2xxx/CVE-2013-2917.json index b9b7ba92062..d7d2918f925 100644 --- a/2013/2xxx/CVE-2013-2917.json +++ b/2013/2xxx/CVE-2013-2917.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ReverbConvolverStage::ReverbConvolverStage function in core/platform/audio/ReverbConvolverStage.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the impulseResponse array." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=281480", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=281480" - }, - { - "name" : "https://src.chromium.org/viewvc/blink?revision=157007&view=revision", - "refsource" : "CONFIRM", - "url" : "https://src.chromium.org/viewvc/blink?revision=157007&view=revision" - }, - { - "name" : "DSA-2785", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2785" - }, - { - "name" : "openSUSE-SU-2013:1556", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html" - }, - { - "name" : "openSUSE-SU-2013:1861", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" - }, - { - "name" : "openSUSE-SU-2014:0065", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" - }, - { - "name" : "oval:org.mitre.oval:def:18820", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18820" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ReverbConvolverStage::ReverbConvolverStage function in core/platform/audio/ReverbConvolverStage.cpp in the Web Audio implementation in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the impulseResponse array." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html" + }, + { + "name": "openSUSE-SU-2014:0065", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html" + }, + { + "name": "DSA-2785", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2785" + }, + { + "name": "openSUSE-SU-2013:1556", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html" + }, + { + "name": "https://src.chromium.org/viewvc/blink?revision=157007&view=revision", + "refsource": "CONFIRM", + "url": "https://src.chromium.org/viewvc/blink?revision=157007&view=revision" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=281480", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=281480" + }, + { + "name": "openSUSE-SU-2013:1861", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html" + }, + { + "name": "oval:org.mitre.oval:def:18820", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18820" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6485.json b/2013/6xxx/CVE-2013-6485.json index c1918d35fb0..97526b14308 100644 --- a/2013/6xxx/CVE-2013-6485.json +++ b/2013/6xxx/CVE-2013-6485.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-6485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hg.pidgin.im/pidgin/main/rev/c9e5aba2dafd", - "refsource" : "CONFIRM", - "url" : "http://hg.pidgin.im/pidgin/main/rev/c9e5aba2dafd" - }, - { - "name" : "http://pidgin.im/news/security/?id=80", - "refsource" : "CONFIRM", - "url" : "http://pidgin.im/news/security/?id=80" - }, - { - "name" : "DSA-2859", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2014/dsa-2859" - }, - { - "name" : "RHSA-2014:0139", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2014-0139.html" - }, - { - "name" : "openSUSE-SU-2014:0239", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html" - }, - { - "name" : "openSUSE-SU-2014:0326", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html" - }, - { - "name" : "USN-2100-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-2100-1" - }, - { - "name" : "65243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/65243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chunk-size field in chunked transfer-coding data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2014:0326", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00005.html" + }, + { + "name": "http://pidgin.im/news/security/?id=80", + "refsource": "CONFIRM", + "url": "http://pidgin.im/news/security/?id=80" + }, + { + "name": "RHSA-2014:0139", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2014-0139.html" + }, + { + "name": "DSA-2859", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2014/dsa-2859" + }, + { + "name": "openSUSE-SU-2014:0239", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00039.html" + }, + { + "name": "65243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/65243" + }, + { + "name": "USN-2100-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-2100-1" + }, + { + "name": "http://hg.pidgin.im/pidgin/main/rev/c9e5aba2dafd", + "refsource": "CONFIRM", + "url": "http://hg.pidgin.im/pidgin/main/rev/c9e5aba2dafd" + } + ] + } +} \ No newline at end of file diff --git a/2013/6xxx/CVE-2013-6861.json b/2013/6xxx/CVE-2013-6861.json index b5854ac2937..dfcf6c456e2 100644 --- a/2013/6xxx/CVE-2013-6861.json +++ b/2013/6xxx/CVE-2013-6861.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-6861", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-6861", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://scn.sap.com/docs/DOC-8218", - "refsource" : "CONFIRM", - "url" : "http://scn.sap.com/docs/DOC-8218" - }, - { - "name" : "http://www.sybase.com/detail?id=1099371", - "refsource" : "CONFIRM", - "url" : "http://www.sybase.com/detail?id=1099371" - }, - { - "name" : "https://service.sap.com/sap/support/notes/1809246", - "refsource" : "CONFIRM", - "url" : "https://service.sap.com/sap/support/notes/1809246" - }, - { - "name" : "55537", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55537" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://service.sap.com/sap/support/notes/1809246", + "refsource": "CONFIRM", + "url": "https://service.sap.com/sap/support/notes/1809246" + }, + { + "name": "http://www.sybase.com/detail?id=1099371", + "refsource": "CONFIRM", + "url": "http://www.sybase.com/detail?id=1099371" + }, + { + "name": "http://scn.sap.com/docs/DOC-8218", + "refsource": "CONFIRM", + "url": "http://scn.sap.com/docs/DOC-8218" + }, + { + "name": "55537", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55537" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11273.json b/2017/11xxx/CVE-2017-11273.json index 1ec8535df25..d2354fbcdba 100644 --- a/2017/11xxx/CVE-2017-11273.json +++ b/2017/11xxx/CVE-2017-11273.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-11273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Digital Editions 4.5.6 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Digital Editions 4.5.6 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. Adobe Digital Editions parses crafted XML files in an unsafe manner, which could lead to sensitive information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unsafe parsing of XML External Entities" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-11273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Digital Editions 4.5.6 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Digital Editions 4.5.6 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html" - }, - { - "name" : "101839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101839" - }, - { - "name" : "1039798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. Adobe Digital Editions parses crafted XML files in an unsafe manner, which could lead to sensitive information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unsafe parsing of XML External Entities" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101839" + }, + { + "name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html" + }, + { + "name": "1039798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039798" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11356.json b/2017/11xxx/CVE-2017-11356.json index 1a228a7a5ff..d6eaff38192 100644 --- a/2017/11xxx/CVE-2017-11356.json +++ b/2017/11xxx/CVE-2017-11356.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42335", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42335/" - }, - { - "name" : "20170717 PEGA Platform <= 7.2 ML0 - Multiple vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jul/28" - }, - { - "name" : "https://pdn.pega.com/pegasystems-security-bulletin-cve-2017-11355-and-cve-2017-11356/pegasystems-security-bulletin-cve", - "refsource" : "CONFIRM", - "url" : "https://pdn.pega.com/pegasystems-security-bulletin-cve-2017-11355-and-cve-2017-11356/pegasystems-security-bulletin-cve" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pdn.pega.com/pegasystems-security-bulletin-cve-2017-11355-and-cve-2017-11356/pegasystems-security-bulletin-cve", + "refsource": "CONFIRM", + "url": "https://pdn.pega.com/pegasystems-security-bulletin-cve-2017-11355-and-cve-2017-11356/pegasystems-security-bulletin-cve" + }, + { + "name": "42335", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42335/" + }, + { + "name": "20170717 PEGA Platform <= 7.2 ML0 - Multiple vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Jul/28" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11391.json b/2017/11xxx/CVE-2017-11391.json index 628efe1b7c0..fd270ff64d9 100644 --- a/2017/11xxx/CVE-2017-11391.json +++ b/2017/11xxx/CVE-2017-11391.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "DATE_PUBLIC" : "2017-07-20T00:00:00", - "ID" : "CVE-2017-11391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro InterScan Messaging Security Virtual Appliance", - "version" : { - "version_data" : [ - { - "version_value" : "9.0,9.1" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the \"t\" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Proxy Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "DATE_PUBLIC": "2017-07-20T00:00:00", + "ID": "CVE-2017-11391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro InterScan Messaging Security Virtual Appliance", + "version": { + "version_data": [ + { + "version_value": "9.0,9.1" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-502", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-502" - }, - { - "name" : "https://success.trendmicro.com/solution/1117723", - "refsource" : "MISC", - "url" : "https://success.trendmicro.com/solution/1117723" - }, - { - "name" : "100075", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100075" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the \"t\" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Proxy Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100075", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100075" + }, + { + "name": "https://success.trendmicro.com/solution/1117723", + "refsource": "MISC", + "url": "https://success.trendmicro.com/solution/1117723" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-502", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-502" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14000.json b/2017/14xxx/CVE-2017-14000.json index 902c5621963..fb74f68f85a 100644 --- a/2017/14xxx/CVE-2017-14000.json +++ b/2017/14xxx/CVE-2017-14000.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-14000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Ctek, Inc. SkyRouter", - "version" : { - "version_data" : [ - { - "version_value" : "Ctek, Inc. SkyRouter" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the application without authenticating." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-287" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-14000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Ctek, Inc. SkyRouter", + "version": { + "version_data": [ + { + "version_value": "Ctek, Inc. SkyRouter" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-02" - }, - { - "name" : "100953", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the application without authenticating." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100953", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100953" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-264-02" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14529.json b/2017/14xxx/CVE-2017-14529.json index 19453735eda..8cba0288525 100644 --- a/2017/14xxx/CVE-2017-14529.json +++ b/2017/14xxx/CVE-2017-14529.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22113", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22113" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6" - }, - { - "name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The pe_print_idata function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles HintName vector entries, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted PE file, related to the bfd_getl16 function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22113", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22113" + }, + { + "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582", + "refsource": "CONFIRM", + "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582" + }, + { + "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6", + "refsource": "CONFIRM", + "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14782.json b/2017/14xxx/CVE-2017-14782.json index f78b62b5884..957a5d12f98 100644 --- a/2017/14xxx/CVE-2017-14782.json +++ b/2017/14xxx/CVE-2017-14782.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14782", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-14782", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14928.json b/2017/14xxx/CVE-2017-14928.json index cd9f68a297c..00784415394 100644 --- a/2017/14xxx/CVE-2017-14928.json +++ b/2017/14xxx/CVE-2017-14928.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=102607", - "refsource" : "CONFIRM", - "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=102607" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.freedesktop.org/show_bug.cgi?id=102607", + "refsource": "CONFIRM", + "url": "https://bugs.freedesktop.org/show_bug.cgi?id=102607" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15019.json b/2017/15xxx/CVE-2017-15019.json index b409721e09d..c126c3181ae 100644 --- a/2017/15xxx/CVE-2017-15019.json +++ b/2017/15xxx/CVE-2017-15019.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceforge.net/p/lame/bugs/477/", - "refsource" : "MISC", - "url" : "https://sourceforge.net/p/lame/bugs/477/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init function within libmp3lame/mpglib_interface.c via a malformed mpg file, because of an incorrect calloc call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/lame/bugs/477/", + "refsource": "MISC", + "url": "https://sourceforge.net/p/lame/bugs/477/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15051.json b/2017/15xxx/CVE-2017-15051.json index b069cea7fe2..1172eed2e80 100644 --- a/2017/15xxx/CVE-2017-15051.json +++ b/2017/15xxx/CVE-2017-15051.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15051", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history. To exploit the vulnerability, the attacker must be first authenticated to the application. For the first one, the attacker has to simply inject XSS code within the URL field of a shared item. For the second one however, the attacker must prepare a payload within its profile, and then ask an administrator to modify its profile. From there, whenever the administrator accesses the log, it can be XSS'ed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15051", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.amossys.fr/teampass-multiple-cve-01.html", - "refsource" : "MISC", - "url" : "http://blog.amossys.fr/teampass-multiple-cve-01.html" - }, - { - "name" : "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f", - "refsource" : "MISC", - "url" : "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history. To exploit the vulnerability, the attacker must be first authenticated to the application. For the first one, the attacker has to simply inject XSS code within the URL field of a shared item. For the second one however, the attacker must prepare a payload within its profile, and then ask an administrator to modify its profile. From there, whenever the administrator accesses the log, it can be XSS'ed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.amossys.fr/teampass-multiple-cve-01.html", + "refsource": "MISC", + "url": "http://blog.amossys.fr/teampass-multiple-cve-01.html" + }, + { + "name": "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f", + "refsource": "MISC", + "url": "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15154.json b/2017/15xxx/CVE-2017-15154.json index e5f59c4a7dd..9a471558128 100644 --- a/2017/15xxx/CVE-2017-15154.json +++ b/2017/15xxx/CVE-2017-15154.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15154", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15154", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15182.json b/2017/15xxx/CVE-2017-15182.json index 0753fbd9f90..fb9284dec8c 100644 --- a/2017/15xxx/CVE-2017-15182.json +++ b/2017/15xxx/CVE-2017-15182.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15182", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15182", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15438.json b/2017/15xxx/CVE-2017-15438.json index 2d0799a4a72..109ed2c5fd8 100644 --- a/2017/15xxx/CVE-2017-15438.json +++ b/2017/15xxx/CVE-2017-15438.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15438", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15438", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15447.json b/2017/15xxx/CVE-2017-15447.json index 19b3e82ad79..0aaae92a5a6 100644 --- a/2017/15xxx/CVE-2017-15447.json +++ b/2017/15xxx/CVE-2017-15447.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15447", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15447", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15612.json b/2017/15xxx/CVE-2017-15612.json index 53cf7181d24..ab0bea1c491 100644 --- a/2017/15xxx/CVE-2017-15612.json +++ b/2017/15xxx/CVE-2017-15612.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\\nscript:) or a crafted email address, related to the escape and autolink functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/lepture/mistune/pull/140", - "refsource" : "CONFIRM", - "url" : "https://github.com/lepture/mistune/pull/140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\\nscript:) or a crafted email address, related to the escape and autolink functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/lepture/mistune/pull/140", + "refsource": "CONFIRM", + "url": "https://github.com/lepture/mistune/pull/140" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9109.json b/2017/9xxx/CVE-2017-9109.json index be6bcfe899d..cb8d69d80ae 100644 --- a/2017/9xxx/CVE-2017-9109.json +++ b/2017/9xxx/CVE-2017-9109.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9109", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9109", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9542.json b/2017/9xxx/CVE-2017-9542.json index 1a77bc3c943..ff49c045ef6 100644 --- a/2017/9xxx/CVE-2017-9542.json +++ b/2017/9xxx/CVE-2017-9542.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://twitter.com/tiger_tigerboy/status/873458088321220609", - "refsource" : "MISC", - "url" : "https://twitter.com/tiger_tigerboy/status/873458088321220609" - }, - { - "name" : "https://www.facebook.com/tigerBOY777/videos/1368513696568992/", - "refsource" : "MISC", - "url" : "https://www.facebook.com/tigerBOY777/videos/1368513696568992/" - }, - { - "name" : "98992", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://twitter.com/tiger_tigerboy/status/873458088321220609", + "refsource": "MISC", + "url": "https://twitter.com/tiger_tigerboy/status/873458088321220609" + }, + { + "name": "https://www.facebook.com/tigerBOY777/videos/1368513696568992/", + "refsource": "MISC", + "url": "https://www.facebook.com/tigerBOY777/videos/1368513696568992/" + }, + { + "name": "98992", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98992" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9732.json b/2017/9xxx/CVE-2017-9732.json index bac593695f1..a6f8317ca67 100644 --- a/2017/9xxx/CVE-2017-9732.json +++ b/2017/9xxx/CVE-2017-9732.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The read_packet function in knc (Kerberised NetCat) before 1.11-1 is vulnerable to denial of service (memory exhaustion) that can be exploited remotely without authentication, possibly affecting another services running on the targeted host." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181130 CVE-2017-9732: knc (kerberized netcat) memory exhaustion", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Nov/65" - }, - { - "name" : "http://packetstormsecurity.com/files/150534/knc-Kerberized-NetCat-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/150534/knc-Kerberized-NetCat-Denial-Of-Service.html" - }, - { - "name" : "https://github.com/irsl/knc-memory-exhaustion/", - "refsource" : "MISC", - "url" : "https://github.com/irsl/knc-memory-exhaustion/" - }, - { - "name" : "https://github.com/elric1/knc/commit/f237f3e09ecbaf59c897f5046538a7b1a3fa40c1", - "refsource" : "CONFIRM", - "url" : "https://github.com/elric1/knc/commit/f237f3e09ecbaf59c897f5046538a7b1a3fa40c1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The read_packet function in knc (Kerberised NetCat) before 1.11-1 is vulnerable to denial of service (memory exhaustion) that can be exploited remotely without authentication, possibly affecting another services running on the targeted host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/elric1/knc/commit/f237f3e09ecbaf59c897f5046538a7b1a3fa40c1", + "refsource": "CONFIRM", + "url": "https://github.com/elric1/knc/commit/f237f3e09ecbaf59c897f5046538a7b1a3fa40c1" + }, + { + "name": "20181130 CVE-2017-9732: knc (kerberized netcat) memory exhaustion", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Nov/65" + }, + { + "name": "http://packetstormsecurity.com/files/150534/knc-Kerberized-NetCat-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/150534/knc-Kerberized-NetCat-Denial-Of-Service.html" + }, + { + "name": "https://github.com/irsl/knc-memory-exhaustion/", + "refsource": "MISC", + "url": "https://github.com/irsl/knc-memory-exhaustion/" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0365.json b/2018/0xxx/CVE-2018-0365.json index ff1c4b604f5..df3263924e0 100644 --- a/2018/0xxx/CVE-2018-0365.json +++ b/2018/0xxx/CVE-2018-0365.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2018-0365", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Firepower Management Center unknown", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Firepower Management Center unknown" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on the targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvb19750." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-352" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2018-0365", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Firepower Management Center unknown", + "version": { + "version_data": [ + { + "version_value": "Cisco Firepower Management Center unknown" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-firepower-csrf", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-firepower-csrf" - }, - { - "name" : "104519", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104519" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on the targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvb19750." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-firepower-csrf", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-firepower-csrf" + }, + { + "name": "104519", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104519" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0805.json b/2018/0xxx/CVE-2018-0805.json index c6bfd4cb0f7..cb74f5cdc3c 100644 --- a/2018/0xxx/CVE-2018-0805.json +++ b/2018/0xxx/CVE-2018-0805.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2018-01-09T00:00:00", - "ID" : "CVE-2018-0805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Equation Editor", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0804, CVE-2018-0806, and CVE-2018-0807" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2018-01-09T00:00:00", + "ID": "CVE-2018-0805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Equation Editor", + "version": { + "version_data": [ + { + "version_value": "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0805", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0805" - }, - { - "name" : "102459", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102459" - }, - { - "name" : "1040153", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040153" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0804, CVE-2018-0806, and CVE-2018-0807" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0805", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0805" + }, + { + "name": "1040153", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040153" + }, + { + "name": "102459", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102459" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0998.json b/2018/0xxx/CVE-2018-0998.json index d3baa9df2b0..874efc4d671 100644 --- a/2018/0xxx/CVE-2018-0998.json +++ b/2018/0xxx/CVE-2018-0998.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "Secure@Microsoft.com", - "ID" : "CVE-2018-0998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 Version 1607 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1607 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1703 for x64-based Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for 32-bit Systems" - }, - { - "version_value" : "Windows 10 Version 1709 for x64-based Systems" - }, - { - "version_value" : "Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability.\" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0892." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-0998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1703 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0998", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0998" - }, - { - "name" : "103598", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103598" - }, - { - "name" : "1040650", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040650" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability.\" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0892." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103598", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103598" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0998", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0998" + }, + { + "name": "1040650", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040650" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000623.json b/2018/1000xxx/CVE-2018-1000623.json index ea5f9cbe454..ae677fa9c8c 100644 --- a/2018/1000xxx/CVE-2018-1000623.json +++ b/2018/1000xxx/CVE-2018-1000623.json @@ -1,65 +1,65 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-07-08T15:52:41.204371", - "DATE_REQUESTED" : "2018-06-26T14:19:44", - "ID" : "CVE-2018-1000623", - "REQUESTER" : "uriahl@jfrog.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "JFrog Artifactory", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to version 6.0.3, since version 4.0.0" - } - ] - } - } - ] - }, - "vendor_name" : "JFrog" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The \"Import Repository from Zip\" feature, available through the Admin menu -> Import & Export -> Repositories, triggers a vulnerable UI REST endpoint (/ui/artifactimport/upload) that can result in Directory traversal / file overwrite and remote code execution. This attack appear to be exploitable via An attacker with Admin privileges may use the aforementioned UI endpoint and exploit the publicly known \"Zip Slip\" vulnerability, to add/overwrite files outside the target directory. This vulnerability appears to have been fixed in 6.0.3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-07-08T15:52:41.204371", + "DATE_REQUESTED": "2018-06-26T14:19:44", + "ID": "CVE-2018-1000623", + "REQUESTER": "uriahl@jfrog.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-Artifactory6.0.3", - "refsource" : "CONFIRM", - "url" : "https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-Artifactory6.0.3" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The \"Import Repository from Zip\" feature, available through the Admin menu -> Import & Export -> Repositories, triggers a vulnerable UI REST endpoint (/ui/artifactimport/upload) that can result in Directory traversal / file overwrite and remote code execution. This attack appear to be exploitable via An attacker with Admin privileges may use the aforementioned UI endpoint and exploit the publicly known \"Zip Slip\" vulnerability, to add/overwrite files outside the target directory. This vulnerability appears to have been fixed in 6.0.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-Artifactory6.0.3", + "refsource": "CONFIRM", + "url": "https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-Artifactory6.0.3" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000846.json b/2018/1000xxx/CVE-2018-1000846.json index 03758cfc0f3..29733cc7ccb 100644 --- a/2018/1000xxx/CVE-2018-1000846.json +++ b/2018/1000xxx/CVE-2018-1000846.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-11-27T13:54:33.484138", - "DATE_REQUESTED" : "2018-11-14T20:29:08", - "ID" : "CVE-2018-1000846", - "REQUESTER" : "cve@max-weller.de", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FreshDNS", - "version" : { - "version_data" : [ - { - "version_value" : "1.0.3 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "FreshDNS" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreshDNS version 1.0.3 and earlier contains a Cross ite Request Forgery (CSRF) vulnerability in All (authenticated) API calls in index.php / class.manager.php that can result in Editing domains and zones with victim's privileges. This attack appear to be exploitable via Victim must open a website containing attacker's javascript. This vulnerability appears to have been fixed in 1.0.5 and later." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross ite Request Forgery (CSRF)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-11-27T13:54:33.484138", + "DATE_REQUESTED": "2018-11-14T20:29:08", + "ID": "CVE-2018-1000846", + "REQUESTER": "cve@max-weller.de", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/funzoneq/freshdns/issues/7", - "refsource" : "MISC", - "url" : "https://github.com/funzoneq/freshdns/issues/7" - }, - { - "name" : "https://github.com/funzoneq/freshdns/pull/6/commits/bdeff81bd4baff9463d46b90fb1889e7ac7ec4ed", - "refsource" : "MISC", - "url" : "https://github.com/funzoneq/freshdns/pull/6/commits/bdeff81bd4baff9463d46b90fb1889e7ac7ec4ed" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreshDNS version 1.0.3 and earlier contains a Cross ite Request Forgery (CSRF) vulnerability in All (authenticated) API calls in index.php / class.manager.php that can result in Editing domains and zones with victim's privileges. This attack appear to be exploitable via Victim must open a website containing attacker's javascript. This vulnerability appears to have been fixed in 1.0.5 and later." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/funzoneq/freshdns/pull/6/commits/bdeff81bd4baff9463d46b90fb1889e7ac7ec4ed", + "refsource": "MISC", + "url": "https://github.com/funzoneq/freshdns/pull/6/commits/bdeff81bd4baff9463d46b90fb1889e7ac7ec4ed" + }, + { + "name": "https://github.com/funzoneq/freshdns/issues/7", + "refsource": "MISC", + "url": "https://github.com/funzoneq/freshdns/issues/7" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12041.json b/2018/12xxx/CVE-2018-12041.json index 44e09d34fd4..6f68998fd0a 100644 --- a/2018/12xxx/CVE-2018-12041.json +++ b/2018/12xxx/CVE-2018-12041.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on the MediaTek AWUS036NH wireless USB adapter through 5.1.25.0. Attackers can remotely deny service by sending specially constructed 802.11 frames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wiattack.net/IcECo1OR/fuzzdot.py", - "refsource" : "MISC", - "url" : "http://wiattack.net/IcECo1OR/fuzzdot.py" - }, - { - "name" : "http://wiattack.net/Testprocess.pdf", - "refsource" : "MISC", - "url" : "http://wiattack.net/Testprocess.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on the MediaTek AWUS036NH wireless USB adapter through 5.1.25.0. Attackers can remotely deny service by sending specially constructed 802.11 frames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wiattack.net/Testprocess.pdf", + "refsource": "MISC", + "url": "http://wiattack.net/Testprocess.pdf" + }, + { + "name": "http://wiattack.net/IcECo1OR/fuzzdot.py", + "refsource": "MISC", + "url": "http://wiattack.net/IcECo1OR/fuzzdot.py" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12050.json b/2018/12xxx/CVE-2018-12050.json index 87a9c8da169..97c09cee4a3 100644 --- a/2018/12xxx/CVE-2018-12050.json +++ b/2018/12xxx/CVE-2018-12050.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12050", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12050", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12140.json b/2018/12xxx/CVE-2018-12140.json index 8f3743e3dc4..09ed74094d9 100644 --- a/2018/12xxx/CVE-2018-12140.json +++ b/2018/12xxx/CVE-2018-12140.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12140", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12140", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12366.json b/2018/12xxx/CVE-2018-12366.json index e2a503640e1..f30e55f5de5 100644 --- a/2018/12xxx/CVE-2018-12366.json +++ b/2018/12xxx/CVE-2018-12366.json @@ -1,188 +1,188 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-12366", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60" - }, - { - "version_affected" : "<", - "version_value" : "52.9" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60.1" - }, - { - "version_affected" : "<", - "version_value" : "52.9" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "61" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Invalid data handling during QCMS transformations" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-12366", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60" + }, + { + "version_affected": "<", + "version_value": "52.9" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60.1" + }, + { + "version_affected": "<", + "version_value": "52.9" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "61" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html" - }, - { - "name" : "[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1464039", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1464039" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-15/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-15/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-16/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-16/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-17/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-17/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-18/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-18/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-19/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-19/" - }, - { - "name" : "DSA-4235", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4235" - }, - { - "name" : "DSA-4244", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4244" - }, - { - "name" : "GLSA-201810-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201810-01" - }, - { - "name" : "GLSA-201811-13", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-13" - }, - { - "name" : "RHSA-2018:2112", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2112" - }, - { - "name" : "RHSA-2018:2113", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2113" - }, - { - "name" : "RHSA-2018:2251", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2251" - }, - { - "name" : "RHSA-2018:2252", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2252" - }, - { - "name" : "USN-3705-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3705-1/" - }, - { - "name" : "USN-3714-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3714-1/" - }, - { - "name" : "104560", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104560" - }, - { - "name" : "1041193", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041193" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Invalid data handling during QCMS transformations" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201810-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201810-01" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-15/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-15/" + }, + { + "name": "RHSA-2018:2112", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2112" + }, + { + "name": "GLSA-201811-13", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-13" + }, + { + "name": "DSA-4235", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4235" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-18/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-18/" + }, + { + "name": "RHSA-2018:2113", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2113" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-16/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-16/" + }, + { + "name": "DSA-4244", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4244" + }, + { + "name": "104560", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104560" + }, + { + "name": "1041193", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041193" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-19/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-19/" + }, + { + "name": "RHSA-2018:2252", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2252" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-17/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-17/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1464039", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1464039" + }, + { + "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html" + }, + { + "name": "RHSA-2018:2251", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2251" + }, + { + "name": "USN-3705-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3705-1/" + }, + { + "name": "USN-3714-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3714-1/" + }, + { + "name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12795.json b/2018/12xxx/CVE-2018-12795.json index 2b27e490c14..4842666dcf7 100644 --- a/2018/12xxx/CVE-2018-12795.json +++ b/2018/12xxx/CVE-2018-12795.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "104699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104699" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "104699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104699" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14486.json b/2018/14xxx/CVE-2018-14486.json index b81570f904f..470abd9e8d9 100644 --- a/2018/14xxx/CVE-2018-14486.json +++ b/2018/14xxx/CVE-2018-14486.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14486", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151304/DNN-9.1-XML-Related-Cross-Site-Scripting.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151304/DNN-9.1-XML-Related-Cross-Site-Scripting.html" + }, + { + "url": "http://www.dnnsoftware.com/community/security/security-center", + "refsource": "MISC", + "name": "http://www.dnnsoftware.com/community/security/security-center" } ] } diff --git a/2018/16xxx/CVE-2018-16181.json b/2018/16xxx/CVE-2018-16181.json index 3066d1f1fcd..0246338fc69 100644 --- a/2018/16xxx/CVE-2018-16181.json +++ b/2018/16xxx/CVE-2018-16181.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-16181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "i-FILTER", - "version" : { - "version_data" : [ - { - "version_value" : "Ver.9.50R05 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Digital Arts Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "HTTP header injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "i-FILTER", + "version": { + "version_data": [ + { + "version_value": "Ver.9.50R05 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Digital Arts Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://download.daj.co.jp/user/ifilter/V9/", - "refsource" : "MISC", - "url" : "https://download.daj.co.jp/user/ifilter/V9/" - }, - { - "name" : "JVN#32155106", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN32155106/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTTP header injection vulnerability in i-FILTER Ver.9.50R05 and earlier may allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks that may result in an arbitrary script injection or setting an arbitrary cookie values via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HTTP header injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#32155106", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN32155106/index.html" + }, + { + "name": "https://download.daj.co.jp/user/ifilter/V9/", + "refsource": "MISC", + "url": "https://download.daj.co.jp/user/ifilter/V9/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16776.json b/2018/16xxx/CVE-2018-16776.json index ee754e0ff42..c22bc57974e 100644 --- a/2018/16xxx/CVE-2018-16776.json +++ b/2018/16xxx/CVE-2018-16776.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wityCMS 0.6.2 has XSS via the \"Site Name\" field found in the \"Contact\" \"Configuration\" page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Creatiwity/wityCMS/issues/154", - "refsource" : "MISC", - "url" : "https://github.com/Creatiwity/wityCMS/issues/154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wityCMS 0.6.2 has XSS via the \"Site Name\" field found in the \"Contact\" \"Configuration\" page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Creatiwity/wityCMS/issues/154", + "refsource": "MISC", + "url": "https://github.com/Creatiwity/wityCMS/issues/154" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4140.json b/2018/4xxx/CVE-2018-4140.json index 67009f31906..34f4219a607 100644 --- a/2018/4xxx/CVE-2018-4140.json +++ b/2018/4xxx/CVE-2018-4140.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the \"Telephony\" component. It allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a Class 0 SMS message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208693", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208693" - }, - { - "name" : "103578", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103578" - }, - { - "name" : "1040604", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the \"Telephony\" component. It allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a Class 0 SMS message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040604", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040604" + }, + { + "name": "https://support.apple.com/HT208693", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208693" + }, + { + "name": "103578", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103578" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4586.json b/2018/4xxx/CVE-2018-4586.json index 161054a9fa0..7fd8ac2fe94 100644 --- a/2018/4xxx/CVE-2018-4586.json +++ b/2018/4xxx/CVE-2018-4586.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4586", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4586", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4596.json b/2018/4xxx/CVE-2018-4596.json index 8aa0306e909..5f8b58441b3 100644 --- a/2018/4xxx/CVE-2018-4596.json +++ b/2018/4xxx/CVE-2018-4596.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4596", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4596", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4903.json b/2018/4xxx/CVE-2018-4903.json index 04d1e6f8a14..71ca1d4953a 100644 --- a/2018/4xxx/CVE-2018-4903.json +++ b/2018/4xxx/CVE-2018-4903.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4903", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "name" : "102996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102996" - }, - { - "name" : "1040364", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102996" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" + }, + { + "name": "1040364", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040364" + } + ] + } +} \ No newline at end of file