diff --git a/2003/1xxx/CVE-2003-1123.json b/2003/1xxx/CVE-2003-1123.json index 278757409a1..f67c4c139f1 100644 --- a/2003/1xxx/CVE-2003-1123.json +++ b/2003/1xxx/CVE-2003-1123.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "55100", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-55100-1" - }, - { - "name" : "VU#393292", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/393292" - }, - { - "name" : "7824", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7824" - }, - { - "name" : "1006935", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1006935" - }, - { - "name" : "8958", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8958" - }, - { - "name" : "sun-applet-access-information(12189)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12189" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55100", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-55100-1" + }, + { + "name": "VU#393292", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/393292" + }, + { + "name": "7824", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7824" + }, + { + "name": "sun-applet-access-information(12189)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12189" + }, + { + "name": "8958", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8958" + }, + { + "name": "1006935", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1006935" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1199.json b/2003/1xxx/CVE-2003-1199.json index 440f2c216cd..6a5dd39b1b1 100644 --- a/2003/1xxx/CVE-2003-1199.json +++ b/2003/1xxx/CVE-2003-1199.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1199", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows remote attackers to inject arbitrary web script or HTML via the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1199", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030311 XSS in MyProxy 20030629", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107902444305344&w=2" - }, - { - "name" : "http://www.autistici.org/fdonato/advisory/MyProxy20030629-adv.txt", - "refsource" : "CONFIRM", - "url" : "http://www.autistici.org/fdonato/advisory/MyProxy20030629-adv.txt" - }, - { - "name" : "9846", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9846" - }, - { - "name" : "4202", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4202" - }, - { - "name" : "11090", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11090" - }, - { - "name" : "myproxy-xss(15438)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15438" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows remote attackers to inject arbitrary web script or HTML via the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9846", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9846" + }, + { + "name": "11090", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11090" + }, + { + "name": "http://www.autistici.org/fdonato/advisory/MyProxy20030629-adv.txt", + "refsource": "CONFIRM", + "url": "http://www.autistici.org/fdonato/advisory/MyProxy20030629-adv.txt" + }, + { + "name": "myproxy-xss(15438)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15438" + }, + { + "name": "4202", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4202" + }, + { + "name": "20030311 XSS in MyProxy 20030629", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107902444305344&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1307.json b/2003/1xxx/CVE-2003-1307.json index 6e5d2b236df..8c588ed9535 100644 --- a/2003/1xxx/CVE-2003-1307.json +++ b/2003/1xxx/CVE-2003-1307.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying \"The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031226 Hijacking Apache https by mod_php", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/348368" - }, - { - "name" : "20061019 PHP \"exec\", \"system\", \"popen\" problem", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449234/100/0/threaded" - }, - { - "name" : "20061020 Re: PHP \"exec\", \"system\", \"popen\" (+small POC)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/449298/100/0/threaded" - }, - { - "name" : "http://bugs.php.net/38915", - "refsource" : "MISC", - "url" : "http://bugs.php.net/38915" - }, - { - "name" : "http://hackerdom.ru/~dimmo/phpexpl.c", - "refsource" : "MISC", - "url" : "http://hackerdom.ru/~dimmo/phpexpl.c" - }, - { - "name" : "9302", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9302" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying \"The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20061019 PHP \"exec\", \"system\", \"popen\" problem", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449234/100/0/threaded" + }, + { + "name": "20061020 Re: PHP \"exec\", \"system\", \"popen\" (+small POC)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/449298/100/0/threaded" + }, + { + "name": "http://bugs.php.net/38915", + "refsource": "MISC", + "url": "http://bugs.php.net/38915" + }, + { + "name": "20031226 Hijacking Apache https by mod_php", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/348368" + }, + { + "name": "http://hackerdom.ru/~dimmo/phpexpl.c", + "refsource": "MISC", + "url": "http://hackerdom.ru/~dimmo/phpexpl.c" + }, + { + "name": "9302", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9302" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0277.json b/2004/0xxx/CVE-2004-0277.json index b858486ef91..a80b3ebd366 100644 --- a/2004/0xxx/CVE-2004-0277.json +++ b/2004/0xxx/CVE-2004-0277.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Dream FTP 1.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the username." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040207 DreamFTP Server 1.02 Buffer Overflow", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016871.html" - }, - { - "name" : "http://www.security-protocols.com/modules.php?name=News&file=article&sid=1722", - "refsource" : "MISC", - "url" : "http://www.security-protocols.com/modules.php?name=News&file=article&sid=1722" - }, - { - "name" : "20040211 Re: [Full-Disclosure] DreamFTP Server 1.02 Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107656166402882&w=2" - }, - { - "name" : "dreamftp-username-format-string(15070)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15070" - }, - { - "name" : "9600", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Dream FTP 1.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9600", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9600" + }, + { + "name": "dreamftp-username-format-string(15070)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15070" + }, + { + "name": "20040211 Re: [Full-Disclosure] DreamFTP Server 1.02 Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107656166402882&w=2" + }, + { + "name": "http://www.security-protocols.com/modules.php?name=News&file=article&sid=1722", + "refsource": "MISC", + "url": "http://www.security-protocols.com/modules.php?name=News&file=article&sid=1722" + }, + { + "name": "20040207 DreamFTP Server 1.02 Buffer Overflow", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016871.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0493.json b/2004/0xxx/CVE-2004-0493.json index 44944d76e3a..7fa9b42e493 100644 --- a/2004/0xxx/CVE-2004-0493.json +++ b/2004/0xxx/CVE-2004-0493.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040628 DoS in apache httpd 2.0.49, yet still apache much better than windows", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/023133.html" - }, - { - "name" : "http://www.guninski.com/httpd1.html", - "refsource" : "MISC", - "url" : "http://www.guninski.com/httpd1.html" - }, - { - "name" : "http://www.apacheweek.com/features/security-20", - "refsource" : "CONFIRM", - "url" : "http://www.apacheweek.com/features/security-20" - }, - { - "name" : "20040629 TSSA-2004-012 - apache", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108853066800184&w=2" - }, - { - "name" : "GLSA-200407-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200407-03.xml" - }, - { - "name" : "SSRT4777", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=109181600614477&w=2" - }, - { - "name" : "MDKSA-2004:064", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:064" - }, - { - "name" : "RHSA-2004:342", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-342.html" - }, - { - "name" : "2004-0039", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2004/0039/" - }, - { - "name" : "oval:org.mitre.oval:def:10605", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10605" - }, - { - "name" : "apache-apgetmimeheaderscore-dos(16524)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16524" - }, - { - "name" : "10619", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10619" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2004-0039", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2004/0039/" + }, + { + "name": "20040629 TSSA-2004-012 - apache", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108853066800184&w=2" + }, + { + "name": "10619", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10619" + }, + { + "name": "RHSA-2004:342", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-342.html" + }, + { + "name": "20040628 DoS in apache httpd 2.0.49, yet still apache much better than windows", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/023133.html" + }, + { + "name": "oval:org.mitre.oval:def:10605", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10605" + }, + { + "name": "apache-apgetmimeheaderscore-dos(16524)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16524" + }, + { + "name": "MDKSA-2004:064", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:064" + }, + { + "name": "SSRT4777", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=109181600614477&w=2" + }, + { + "name": "GLSA-200407-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200407-03.xml" + }, + { + "name": "http://www.guninski.com/httpd1.html", + "refsource": "MISC", + "url": "http://www.guninski.com/httpd1.html" + }, + { + "name": "http://www.apacheweek.com/features/security-20", + "refsource": "CONFIRM", + "url": "http://www.apacheweek.com/features/security-20" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0586.json b/2004/0xxx/CVE-2004-0586.json index 6f38620bb18..0bdb6179ed4 100644 --- a/2004/0xxx/CVE-2004-0586.json +++ b/2004/0xxx/CVE-2004-0586.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary code via the (1) DownLoadURL, (2) SaveFilePath, and (3) Download ActiveX methods." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040616 IBM acpRunner Activex Dangerous Methods Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108745652205176&w=2" - }, - { - "name" : "http://www-306.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-54588", - "refsource" : "CONFIRM", - "url" : "http://www-306.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-54588" - }, - { - "name" : "ibm-acprunner-execute-code(16429)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16429" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary code via the (1) DownLoadURL, (2) SaveFilePath, and (3) Download ActiveX methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040616 IBM acpRunner Activex Dangerous Methods Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108745652205176&w=2" + }, + { + "name": "http://www-306.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-54588", + "refsource": "CONFIRM", + "url": "http://www-306.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-54588" + }, + { + "name": "ibm-acprunner-execute-code(16429)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16429" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0635.json b/2004/0xxx/CVE-2004-0635.json index 81aaf4688d9..545bc132dbf 100644 --- a/2004/0xxx/CVE-2004-0635.json +++ b/2004/0xxx/CVE-2004-0635.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00015.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00015.html" - }, - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127381", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127381" - }, - { - "name" : "CLA-2005:916", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916" - }, - { - "name" : "DSA-528", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-528" - }, - { - "name" : "FEDORA-2004-219", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00013.html" - }, - { - "name" : "FEDORA-2004-220", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00014.html" - }, - { - "name" : "GLSA-200407-08", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200407-08.xml" - }, - { - "name" : "MDKSA-2004:067", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:067" - }, - { - "name" : "RHSA-2004:378", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-378.html" - }, - { - "name" : "VU#835846", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/835846" - }, - { - "name" : "oval:org.mitre.oval:def:9721", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9721" - }, - { - "name" : "1010655", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010655" - }, - { - "name" : "12024", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12024" - }, - { - "name" : "ethereal-snmp-community-dos(16632)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16632" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1010655", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010655" + }, + { + "name": "CLA-2005:916", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000916" + }, + { + "name": "MDKSA-2004:067", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:067" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00015.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00015.html" + }, + { + "name": "12024", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12024" + }, + { + "name": "oval:org.mitre.oval:def:9721", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9721" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127381", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127381" + }, + { + "name": "FEDORA-2004-219", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00013.html" + }, + { + "name": "ethereal-snmp-community-dos(16632)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16632" + }, + { + "name": "FEDORA-2004-220", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00014.html" + }, + { + "name": "DSA-528", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-528" + }, + { + "name": "VU#835846", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/835846" + }, + { + "name": "RHSA-2004:378", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-378.html" + }, + { + "name": "GLSA-200407-08", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200407-08.xml" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0708.json b/2004/0xxx/CVE-2004-0708.json index 97213065df3..6cd8111396f 100644 --- a/2004/0xxx/CVE-2004-0708.json +++ b/2004/0xxx/CVE-2004-0708.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0708", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0708", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=948103&group_id=8482&atid=108482", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=948103&group_id=8482&atid=108482" - }, - { - "name" : "GLSA-200407-09", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200407-09.xml" - }, - { - "name" : "10568", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10568" - }, - { - "name" : "6704", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6704" - }, - { - "name" : "11807", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11807" - }, - { - "name" : "moinmoin-gain-admin-access(16465)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200407-09", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200407-09.xml" + }, + { + "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=948103&group_id=8482&atid=108482", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=948103&group_id=8482&atid=108482" + }, + { + "name": "moinmoin-gain-admin-access(16465)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16465" + }, + { + "name": "11807", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11807" + }, + { + "name": "10568", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10568" + }, + { + "name": "6704", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6704" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0940.json b/2004/0xxx/CVE-2004-0940.json index b1284397846..aa6c7515990 100644 --- a/2004/0xxx/CVE-2004-0940.json +++ b/2004/0xxx/CVE-2004-0940.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm" - }, - { - "name" : "DSA-594", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-594" - }, - { - "name" : "MDKSA-2004:134", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:134" - }, - { - "name" : "RHSA-2004:600", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-600.html" - }, - { - "name" : "OpenPKG-SA-2004.047", - "refsource" : "OPENPKG", - "url" : "http://marc.info/?l=bugtraq&m=109906660225051&w=2" - }, - { - "name" : "http://www.apacheweek.com/features/security-13", - "refsource" : "CONFIRM", - "url" : "http://www.apacheweek.com/features/security-13" - }, - { - "name" : "RHSA-2005:816", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-816.html" - }, - { - "name" : "102197", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1" - }, - { - "name" : "11471", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11471" - }, - { - "name" : "ADV-2006-0789", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/0789" - }, - { - "name" : "1011783", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011783" - }, - { - "name" : "12898", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12898/" - }, - { - "name" : "19073", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19073" - }, - { - "name" : "apache-modinclude-bo(17785)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17785" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "OpenPKG-SA-2004.047", + "refsource": "OPENPKG", + "url": "http://marc.info/?l=bugtraq&m=109906660225051&w=2" + }, + { + "name": "http://www.apacheweek.com/features/security-13", + "refsource": "CONFIRM", + "url": "http://www.apacheweek.com/features/security-13" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm" + }, + { + "name": "MDKSA-2004:134", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:134" + }, + { + "name": "apache-modinclude-bo(17785)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17785" + }, + { + "name": "11471", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11471" + }, + { + "name": "RHSA-2005:816", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-816.html" + }, + { + "name": "12898", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12898/" + }, + { + "name": "DSA-594", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-594" + }, + { + "name": "19073", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19073" + }, + { + "name": "1011783", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011783" + }, + { + "name": "RHSA-2004:600", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-600.html" + }, + { + "name": "102197", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1" + }, + { + "name": "ADV-2006-0789", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/0789" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1043.json b/2004/1xxx/CVE-2004-1043.json index 752a1391f3c..8228197a886 100644 --- a/2004/1xxx/CVE-2004-1043.json +++ b/2004/1xxx/CVE-2004-1043.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the \"Related Topics\" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using \"writehta.txt\" and the ADODB recordset, which saves a .HTA file to the local system, aka the \"HTML Help ActiveX control Cross Domain Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041225 Microsoft Internet Explorer SP2 Fully Automated Remote Compromise", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-12/0426.html" - }, - { - "name" : "MS05-001", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-001" - }, - { - "name" : "TA05-012B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA05-012B.html" - }, - { - "name" : "VU#972415", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/972415" - }, - { - "name" : "oval:org.mitre.oval:def:1349", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1349" - }, - { - "name" : "oval:org.mitre.oval:def:1963", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1963" - }, - { - "name" : "oval:org.mitre.oval:def:2830", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2830" - }, - { - "name" : "oval:org.mitre.oval:def:3496", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3496" - }, - { - "name" : "ie-helpactivexcontrol-save-file(18311)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18311" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the \"Related Topics\" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using \"writehta.txt\" and the ADODB recordset, which saves a .HTA file to the local system, aka the \"HTML Help ActiveX control Cross Domain Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:1349", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1349" + }, + { + "name": "oval:org.mitre.oval:def:1963", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1963" + }, + { + "name": "VU#972415", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/972415" + }, + { + "name": "ie-helpactivexcontrol-save-file(18311)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18311" + }, + { + "name": "20041225 Microsoft Internet Explorer SP2 Fully Automated Remote Compromise", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-12/0426.html" + }, + { + "name": "oval:org.mitre.oval:def:2830", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2830" + }, + { + "name": "MS05-001", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-001" + }, + { + "name": "TA05-012B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA05-012B.html" + }, + { + "name": "oval:org.mitre.oval:def:3496", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3496" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1252.json b/2004/1xxx/CVE-2004-1252.json index 29900c9ec75..1ce9b050dd7 100644 --- a/2004/1xxx/CVE-2004-1252.json +++ b/2004/1xxx/CVE-2004-1252.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1252", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1252", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1400.json b/2004/1xxx/CVE-2004-1400.json index fc68b2220bb..9cc41fe9730 100644 --- a/2004/1xxx/CVE-2004-1400.json +++ b/2004/1xxx/CVE-2004-1400.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The control panel in ASP Calendar does not require authentication to access, which allows remote attackers to gain unauthorized access via a direct request to main.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041214 ASP Calendar Vulnerability ", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110304839629822&w=2" - }, - { - "name" : "11931", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11931" - }, - { - "name" : "asp-calendar-gain-access(18474)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The control panel in ASP Calendar does not require authentication to access, which allows remote attackers to gain unauthorized access via a direct request to main.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041214 ASP Calendar Vulnerability ", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110304839629822&w=2" + }, + { + "name": "asp-calendar-gain-access(18474)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18474" + }, + { + "name": "11931", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11931" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1578.json b/2004/1xxx/CVE-2004-1578.json index 7cfedaafb27..ccfaba10af2 100644 --- a/2004/1xxx/CVE-2004-1578.json +++ b/2004/1xxx/CVE-2004-1578.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041005 [MAXPATROL Security Advisories] Cross site scripting in Invision Power Board", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109701091207517&w=2" - }, - { - "name" : "11332", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11332" - }, - { - "name" : "12740", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12740" - }, - { - "name" : "invision-referer-header-xss(17604)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12740", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12740" + }, + { + "name": "invision-referer-header-xss(17604)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17604" + }, + { + "name": "11332", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11332" + }, + { + "name": "20041005 [MAXPATROL Security Advisories] Cross site scripting in Invision Power Board", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109701091207517&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2260.json b/2004/2xxx/CVE-2004-2260.json index 60657f21ca2..faa47a7b5c2 100644 --- a/2004/2xxx/CVE-2004-2260.json +++ b/2004/2xxx/CVE-2004-2260.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2260", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote attackers to redirect to other sites via the onUnload attribute." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2260", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secunia.com/secunia_research/2004-2/advisory/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2004-2/advisory/" - }, - { - "name" : "10337", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10337" - }, - { - "name" : "6108", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6108" - }, - { - "name" : "11532", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11532" - }, - { - "name" : "opera-onunload-url-spoofing(16131)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote attackers to redirect to other sites via the onUnload attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "opera-onunload-url-spoofing(16131)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16131" + }, + { + "name": "10337", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10337" + }, + { + "name": "6108", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6108" + }, + { + "name": "http://secunia.com/secunia_research/2004-2/advisory/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2004-2/advisory/" + }, + { + "name": "11532", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11532" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2277.json b/2004/2xxx/CVE-2004-2277.json index b4b550beb3e..bca0e98ac68 100644 --- a/2004/2xxx/CVE-2004-2277.json +++ b/2004/2xxx/CVE-2004-2277.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in aGSM Half-Life client allows remote Half-Life servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.security.nnov.ru/docs6620.html", - "refsource" : "MISC", - "url" : "http://www.security.nnov.ru/docs6620.html" - }, - { - "name" : "10989", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10989" - }, - { - "name" : "9072", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/9072" - }, - { - "name" : "1010989", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010989" - }, - { - "name" : "12334", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12334" - }, - { - "name" : "agsm-response-bo(17046)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in aGSM Half-Life client allows remote Half-Life servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12334", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12334" + }, + { + "name": "1010989", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010989" + }, + { + "name": "9072", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/9072" + }, + { + "name": "10989", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10989" + }, + { + "name": "agsm-response-bo(17046)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17046" + }, + { + "name": "http://www.security.nnov.ru/docs6620.html", + "refsource": "MISC", + "url": "http://www.security.nnov.ru/docs6620.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2439.json b/2004/2xxx/CVE-2004-2439.json index a6d3c27580a..68c38a6a70e 100644 --- a/2004/2xxx/CVE-2004-2439.json +++ b/2004/2xxx/CVE-2004-2439.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SSRT4840", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=PSD_HPSBPI01085" - }, - { - "name" : "11297", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11297" - }, - { - "name" : "1011671", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011671" - }, - { - "name" : "hp-laserjet-firmware-upgrade(17634)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17634" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hp-laserjet-firmware-upgrade(17634)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17634" + }, + { + "name": "1011671", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011671" + }, + { + "name": "SSRT4840", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=PSD_HPSBPI01085" + }, + { + "name": "11297", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11297" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2000.json b/2008/2xxx/CVE-2008-2000.json index d05c452824d..d48bd6e7917 100644 --- a/2008/2xxx/CVE-2008-2000.json +++ b/2008/2xxx/CVE-2008-2000.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080422 Safari 3.1.1 Multiple Vulnerabilities for windows", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491192/100/0/threaded" - }, - { - "name" : "http://es.geocities.com/jplopezy/pruebasafari3.html", - "refsource" : "MISC", - "url" : "http://es.geocities.com/jplopezy/pruebasafari3.html" - }, - { - "name" : "ADV-2008-1347", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1347" - }, - { - "name" : "3833", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3833" - }, - { - "name" : "apple-safari-documentwrite-dos(41985)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41985" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1347", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1347" + }, + { + "name": "http://es.geocities.com/jplopezy/pruebasafari3.html", + "refsource": "MISC", + "url": "http://es.geocities.com/jplopezy/pruebasafari3.html" + }, + { + "name": "20080422 Safari 3.1.1 Multiple Vulnerabilities for windows", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491192/100/0/threaded" + }, + { + "name": "3833", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3833" + }, + { + "name": "apple-safari-documentwrite-dos(41985)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41985" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2037.json b/2008/2xxx/CVE-2008-2037.json index 43da059768d..cbe52179a3d 100644 --- a/2008/2xxx/CVE-2008-2037.json +++ b/2008/2xxx/CVE-2008-2037.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts EsContacts 1.0 allow remote authenticated users to inject arbitrary web script or HTML via the msg parameter to (1) login.php, (2) importer.php, (3) add_groupe.php, (4) contacts.php, (5) groupes.php, and (6) search.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.z0rlu.ownspace.org/index.php?/archives/50-EScontacts-XSS.html", - "refsource" : "MISC", - "url" : "http://www.z0rlu.ownspace.org/index.php?/archives/50-EScontacts-XSS.html" - }, - { - "name" : "28825", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28825" - }, - { - "name" : "29877", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29877" - }, - { - "name" : "editeurscripts-login-xss(49237)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49237" - }, - { - "name" : "escontacts-msg-xss(41879)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41879" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts EsContacts 1.0 allow remote authenticated users to inject arbitrary web script or HTML via the msg parameter to (1) login.php, (2) importer.php, (3) add_groupe.php, (4) contacts.php, (5) groupes.php, and (6) search.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "escontacts-msg-xss(41879)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41879" + }, + { + "name": "29877", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29877" + }, + { + "name": "28825", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28825" + }, + { + "name": "http://www.z0rlu.ownspace.org/index.php?/archives/50-EScontacts-XSS.html", + "refsource": "MISC", + "url": "http://www.z0rlu.ownspace.org/index.php?/archives/50-EScontacts-XSS.html" + }, + { + "name": "editeurscripts-login-xss(49237)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49237" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2326.json b/2008/2xxx/CVE-2008-2326.json index 7e1f62daf78..66232c63d9a 100644 --- a/2008/2xxx/CVE-2008-2326.json +++ b/2008/2xxx/CVE-2008-2326.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT2990", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT2990" - }, - { - "name" : "APPLE-SA-2009-09-09", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00002.html" - }, - { - "name" : "31091", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31091" - }, - { - "name" : "ADV-2008-2524", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2524" - }, - { - "name" : "1020845", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020845" - }, - { - "name" : "31822", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31822" - }, - { - "name" : "apple-bonjour-mdnsresponder-dos(45005)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31822", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31822" + }, + { + "name": "1020845", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020845" + }, + { + "name": "http://support.apple.com/kb/HT2990", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT2990" + }, + { + "name": "APPLE-SA-2009-09-09", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00002.html" + }, + { + "name": "31091", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31091" + }, + { + "name": "ADV-2008-2524", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2524" + }, + { + "name": "apple-bonjour-mdnsresponder-dos(45005)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45005" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2620.json b/2008/2xxx/CVE-2008-2620.json index 2fc8fa4dec8..2304fd7a61e 100644 --- a/2008/2xxx/CVE-2008-2620.json +++ b/2008/2xxx/CVE-2008-2620.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2620", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2615, CVE-2008-2616, CVE-2008-2617, CVE-2008-2618, CVE-2008-2621, and CVE-2008-2622." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "ADV-2008-2115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2115" - }, - { - "name" : "ADV-2008-2109", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2109/references" - }, - { - "name" : "1020497", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020497" - }, - { - "name" : "31113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31113" - }, - { - "name" : "31087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31087" - }, - { - "name" : "oracle-peopsoft-peopletools-unspecified(43821)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43821" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2615, CVE-2008-2616, CVE-2008-2617, CVE-2008-2618, CVE-2008-2621, and CVE-2008-2622." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" + }, + { + "name": "ADV-2008-2115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2115" + }, + { + "name": "oracle-peopsoft-peopletools-unspecified(43821)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43821" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "1020497", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020497" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "ADV-2008-2109", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2109/references" + }, + { + "name": "31087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31087" + }, + { + "name": "31113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31113" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2669.json b/2008/2xxx/CVE-2008-2669.json index 66437fb4488..f259f253cbb 100644 --- a/2008/2xxx/CVE-2008-2669.json +++ b/2008/2xxx/CVE-2008-2669.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote attackers to execute arbitrary SQL commands via (1) the q parameter to search.php, or the n parameter to (2) user.php or (3) uss.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080610 [web-app] yBlog 0.2.2.2 Multiple Remote Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493222/100/0/threaded" - }, - { - "name" : "5773", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5773" - }, - { - "name" : "http://chroot.org/exploits/chroot_uu_009", - "refsource" : "MISC", - "url" : "http://chroot.org/exploits/chroot_uu_009" - }, - { - "name" : "29629", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29629" - }, - { - "name" : "30607", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30607" - }, - { - "name" : "3935", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3935" - }, - { - "name" : "yblog-searchuseruss-sql-injection(42959)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote attackers to execute arbitrary SQL commands via (1) the q parameter to search.php, or the n parameter to (2) user.php or (3) uss.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3935", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3935" + }, + { + "name": "http://chroot.org/exploits/chroot_uu_009", + "refsource": "MISC", + "url": "http://chroot.org/exploits/chroot_uu_009" + }, + { + "name": "yblog-searchuseruss-sql-injection(42959)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42959" + }, + { + "name": "20080610 [web-app] yBlog 0.2.2.2 Multiple Remote Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493222/100/0/threaded" + }, + { + "name": "30607", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30607" + }, + { + "name": "5773", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5773" + }, + { + "name": "29629", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29629" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6005.json b/2008/6xxx/CVE-2008-6005.json index 3d969816a3c..2a291d491ad 100644 --- a/2008/6xxx/CVE-2008-6005.json +++ b/2008/6xxx/CVE-2008-6005.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the CheckUniqueName function in W3C Amaya Web Browser 10.0.1, and possibly other versions including 11.0.1, might allow remote attackers to execute arbitrary code via \"duplicated\" attribute value inputs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507587#15", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507587#15" - }, - { - "name" : "33736", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33736" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the CheckUniqueName function in W3C Amaya Web Browser 10.0.1, and possibly other versions including 11.0.1, might allow remote attackers to execute arbitrary code via \"duplicated\" attribute value inputs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507587#15", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507587#15" + }, + { + "name": "33736", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33736" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6371.json b/2008/6xxx/CVE-2008-6371.json index a0fe9f37e3d..3c69005442f 100644 --- a/2008/6xxx/CVE-2008-6371.json +++ b/2008/6xxx/CVE-2008-6371.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the username (Username parameter)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7254", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7254" - }, - { - "name" : "32508", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32508" - }, - { - "name" : "50318", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/50318" - }, - { - "name" : "32893", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32893" - }, - { - "name" : "membershipmanager-login-sql-injection(46959)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the username (Username parameter)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50318", + "refsource": "OSVDB", + "url": "http://osvdb.org/50318" + }, + { + "name": "32508", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32508" + }, + { + "name": "32893", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32893" + }, + { + "name": "7254", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7254" + }, + { + "name": "membershipmanager-login-sql-injection(46959)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46959" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6637.json b/2008/6xxx/CVE-2008-6637.json index c5d643228f5..75ef6b87fb8 100644 --- a/2008/6xxx/CVE-2008-6637.json +++ b/2008/6xxx/CVE-2008-6637.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6637", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in forgotPW.php in Library Video Company SAFARI Montage 3.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) school and (2) email parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.digitrustgroup.com/advisories/web-application-security-safari-montage.html", - "refsource" : "MISC", - "url" : "http://www.digitrustgroup.com/advisories/web-application-security-safari-montage.html" - }, - { - "name" : "29343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29343" - }, - { - "name" : "45646", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/45646" - }, - { - "name" : "30363", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30363" - }, - { - "name" : "ADV-2008-1652", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1652" - }, - { - "name" : "safarimontage-forgotpw-xss(42598)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42598" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in forgotPW.php in Library Video Company SAFARI Montage 3.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) school and (2) email parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29343" + }, + { + "name": "safarimontage-forgotpw-xss(42598)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42598" + }, + { + "name": "http://www.digitrustgroup.com/advisories/web-application-security-safari-montage.html", + "refsource": "MISC", + "url": "http://www.digitrustgroup.com/advisories/web-application-security-safari-montage.html" + }, + { + "name": "45646", + "refsource": "OSVDB", + "url": "http://osvdb.org/45646" + }, + { + "name": "ADV-2008-1652", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1652" + }, + { + "name": "30363", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30363" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6889.json b/2008/6xxx/CVE-2008-6889.json index 7bbc773da1d..f13ad65639d 100644 --- a/2008/6xxx/CVE-2008-6889.json +++ b/2008/6xxx/CVE-2008-6889.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7274", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7274" - }, - { - "name" : "32534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32534" - }, - { - "name" : "50379", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/50379" - }, - { - "name" : "32928", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32928" - }, - { - "name" : "aspreferral-merchantsadd-sql-injection(46957)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7274", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7274" + }, + { + "name": "32534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32534" + }, + { + "name": "32928", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32928" + }, + { + "name": "aspreferral-merchantsadd-sql-injection(46957)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46957" + }, + { + "name": "50379", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/50379" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7047.json b/2008/7xxx/CVE-2008-7047.json index fd52d96200d..4d1795f8e2a 100644 --- a/2008/7xxx/CVE-2008-7047.json +++ b/2008/7xxx/CVE-2008-7047.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7047", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7179", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7179" - }, - { - "name" : "32395", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32395" - }, - { - "name" : "natterchat-home-sql-injection(46764)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46764" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7179", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7179" + }, + { + "name": "natterchat-home-sql-injection(46764)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46764" + }, + { + "name": "32395", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32395" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7136.json b/2008/7xxx/CVE-2008-7136.json index 225ab6654db..5020c7d70de 100644 --- a/2008/7xxx/CVE-2008-7136.json +++ b/2008/7xxx/CVE-2008-7136.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7136", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the (1) RequestURL, (2) GetPropertyById, or (3) SetPropertyById method, different vectors than CVE-2008-7135." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7136", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5217", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5217" - }, - { - "name" : "http://www.securiteam.com/exploits/5WP0115NPU.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/exploits/5WP0115NPU.html" - }, - { - "name" : "28118", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the (1) RequestURL, (2) GetPropertyById, or (3) SetPropertyById method, different vectors than CVE-2008-7135." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28118", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28118" + }, + { + "name": "http://www.securiteam.com/exploits/5WP0115NPU.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/exploits/5WP0115NPU.html" + }, + { + "name": "5217", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5217" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7185.json b/2008/7xxx/CVE-2008-7185.json index 857f995ea7b..e0a5a187246 100644 --- a/2008/7xxx/CVE-2008-7185.json +++ b/2008/7xxx/CVE-2008-7185.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080626 Rhythmbox Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493683/100/0/threaded" - }, - { - "name" : "20080630 Re: Rhythmbox Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493809/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.org/0806-advisories/rhythmbox-dos.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0806-advisories/rhythmbox-dos.txt" - }, - { - "name" : "29958", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29958" - }, - { - "name" : "rhythmbox-playlist-dos(43436)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43436" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29958", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29958" + }, + { + "name": "20080626 Rhythmbox Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493683/100/0/threaded" + }, + { + "name": "20080630 Re: Rhythmbox Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493809/100/0/threaded" + }, + { + "name": "rhythmbox-playlist-dos(43436)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43436" + }, + { + "name": "http://packetstormsecurity.org/0806-advisories/rhythmbox-dos.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0806-advisories/rhythmbox-dos.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5152.json b/2012/5xxx/CVE-2012-5152.json index b476f6c9d6b..7bf592658d4 100644 --- a/2012/5xxx/CVE-2012-5152.json +++ b/2012/5xxx/CVE-2012-5152.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-5152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=165430", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=165430" - }, - { - "name" : "openSUSE-SU-2013:0236", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html" - }, - { - "name" : "oval:org.mitre.oval:def:16206", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16206", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16206" + }, + { + "name": "openSUSE-SU-2013:0236", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=165430", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=165430" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5356.json b/2012/5xxx/CVE-2012-5356.json index 432b0ae551b..e609a82970f 100644 --- a/2012/5xxx/CVE-2012-5356.json +++ b/2012/5xxx/CVE-2012-5356.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643" - }, - { - "name" : "USN-1588-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1588-1" - }, - { - "name" : "55736", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55736" - }, - { - "name" : "ubuntu-gpg-sec-bypass(78990)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78990" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1588-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1588-1" + }, + { + "name": "55736", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55736" + }, + { + "name": "ubuntu-gpg-sec-bypass(78990)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78990" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5450.json b/2012/5xxx/CVE-2012-5450.json index 10c3dd60eb3..9832b004561 100644 --- a/2012/5xxx/CVE-2012-5450.json +++ b/2012/5xxx/CVE-2012-5450.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deld parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121107 Cross-Site Request Forgery (CSRF) in CMS Made Simple", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-11/0035.html" - }, - { - "name" : "http://packetstormsecurity.org/files/117951/CMS-Made-Simple-1.11.2-Cross-Site-Request-Forgery.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/117951/CMS-Made-Simple-1.11.2-Cross-Site-Request-Forgery.html" - }, - { - "name" : "https://www.htbridge.com/advisory/HTB23121", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23121" - }, - { - "name" : "http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=63545", - "refsource" : "CONFIRM", - "url" : "http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=63545" - }, - { - "name" : "http://viewsvn.cmsmadesimple.org/diff.php?repname=cmsmadesimple&path=%2Ftrunk%2Flib%2Ffilemanager%2FImageManager%2FClasses%2FImageManager.php&rev=8400&peg=8498", - "refsource" : "CONFIRM", - "url" : "http://viewsvn.cmsmadesimple.org/diff.php?repname=cmsmadesimple&path=%2Ftrunk%2Flib%2Ffilemanager%2FImageManager%2FClasses%2FImageManager.php&rev=8400&peg=8498" - }, - { - "name" : "51185", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51185" - }, - { - "name" : "cmsmadesimple-images-csrf(79881)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79881" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deld parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/117951/CMS-Made-Simple-1.11.2-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/117951/CMS-Made-Simple-1.11.2-Cross-Site-Request-Forgery.html" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23121", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23121" + }, + { + "name": "51185", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51185" + }, + { + "name": "http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=63545", + "refsource": "CONFIRM", + "url": "http://forum.cmsmadesimple.org/viewtopic.php?f=1&t=63545" + }, + { + "name": "cmsmadesimple-images-csrf(79881)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79881" + }, + { + "name": "http://viewsvn.cmsmadesimple.org/diff.php?repname=cmsmadesimple&path=%2Ftrunk%2Flib%2Ffilemanager%2FImageManager%2FClasses%2FImageManager.php&rev=8400&peg=8498", + "refsource": "CONFIRM", + "url": "http://viewsvn.cmsmadesimple.org/diff.php?repname=cmsmadesimple&path=%2Ftrunk%2Flib%2Ffilemanager%2FImageManager%2FClasses%2FImageManager.php&rev=8400&peg=8498" + }, + { + "name": "20121107 Cross-Site Request Forgery (CSRF) in CMS Made Simple", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0035.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5656.json b/2012/5xxx/CVE-2012-5656.json index f6f5fbfc070..0d286386b6b 100644 --- a/2012/5xxx/CVE-2012-5656.json +++ b/2012/5xxx/CVE-2012-5656.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5656", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121219 Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/12/20/3" - }, - { - "name" : "http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931", - "refsource" : "CONFIRM", - "url" : "http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931" - }, - { - "name" : "https://bugs.launchpad.net/inkscape/+bug/1025185", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/inkscape/+bug/1025185" - }, - { - "name" : "https://launchpad.net/inkscape/+milestone/0.48.4", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/inkscape/+milestone/0.48.4" - }, - { - "name" : "FEDORA-2012-20620", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html" - }, - { - "name" : "FEDORA-2012-20621", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html" - }, - { - "name" : "FEDORA-2012-20643", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html" - }, - { - "name" : "openSUSE-SU-2013:0294", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html" - }, - { - "name" : "openSUSE-SU-2013:0297", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html" - }, - { - "name" : "USN-1712-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1712-1" - }, - { - "name" : "56965", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56965" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20121219 Re: CVE request: Inkscape fixes a XXE vulnerability during rasterization of SVG images", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/12/20/3" + }, + { + "name": "FEDORA-2012-20620", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095380.html" + }, + { + "name": "http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931", + "refsource": "CONFIRM", + "url": "http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931" + }, + { + "name": "USN-1712-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1712-1" + }, + { + "name": "https://launchpad.net/inkscape/+milestone/0.48.4", + "refsource": "CONFIRM", + "url": "https://launchpad.net/inkscape/+milestone/0.48.4" + }, + { + "name": "56965", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56965" + }, + { + "name": "https://bugs.launchpad.net/inkscape/+bug/1025185", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/inkscape/+bug/1025185" + }, + { + "name": "FEDORA-2012-20621", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095398.html" + }, + { + "name": "openSUSE-SU-2013:0294", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html" + }, + { + "name": "openSUSE-SU-2013:0297", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html" + }, + { + "name": "FEDORA-2012-20643", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/095024.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11299.json b/2017/11xxx/CVE-2017-11299.json index e445ec2f540..c424529af6a 100644 --- a/2017/11xxx/CVE-2017-11299.json +++ b/2017/11xxx/CVE-2017-11299.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-11299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Digital Editions 4.5.6 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Digital Editions 4.5.6 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-11299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Digital Editions 4.5.6 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Digital Editions 4.5.6 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html" - }, - { - "name" : "101839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101839" - }, - { - "name" : "1039798", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039798" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101839" + }, + { + "name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html" + }, + { + "name": "1039798", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039798" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11359.json b/2017/11xxx/CVE-2017-11359.json index 4bb9b971d91..381ac5bc81c 100644 --- a/2017/11xxx/CVE-2017-11359.json +++ b/2017/11xxx/CVE-2017-11359.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42398", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42398/" - }, - { - "name" : "[debian-lts-announce] 20171130 [SECURITY] [DLA 1197-1] sox security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html" - }, - { - "name" : "[debian-lts-announce] 20190305 [SECURITY] [DLA 1705-1] sox security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00007.html" - }, - { - "name" : "http://seclists.org/fulldisclosure/2017/Jul/81", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jul/81" - }, - { - "name" : "GLSA-201810-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201810-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42398", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42398/" + }, + { + "name": "[debian-lts-announce] 20171130 [SECURITY] [DLA 1197-1] sox security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00043.html" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Jul/81", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Jul/81" + }, + { + "name": "GLSA-201810-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201810-02" + }, + { + "name": "[debian-lts-announce] 20190305 [SECURITY] [DLA 1705-1] sox security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00007.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11449.json b/2017/11xxx/CVE-2017-11449.json index ccac60236da..2c8c001de37 100644 --- a/2017/11xxx/CVE-2017-11449.json +++ b/2017/11xxx/CVE-2017-11449.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867896", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867896" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/529ff26b68febb2ac03062c58452ea0b4c6edbc1", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/529ff26b68febb2ac03062c58452ea0b4c6edbc1" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/b007dd3a048097d8f58949297f5b434612e1e1a3", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/b007dd3a048097d8f58949297f5b434612e1e1a3" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/556", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/556" - }, - { - "name" : "99958", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99958" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/b007dd3a048097d8f58949297f5b434612e1e1a3", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/b007dd3a048097d8f58949297f5b434612e1e1a3" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/556", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/556" + }, + { + "name": "99958", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99958" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/529ff26b68febb2ac03062c58452ea0b4c6edbc1", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/529ff26b68febb2ac03062c58452ea0b4c6edbc1" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867896", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867896" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11858.json b/2017/11xxx/CVE-2017-11858.json index ef80f12357c..f3cd2d2a3bf 100644 --- a/2017/11xxx/CVE-2017-11858.json +++ b/2017/11xxx/CVE-2017-11858.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-11-14T00:00:00", - "ID" : "CVE-2017-11858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ChakraCore, Microsoft Edge, Internet Explorer", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-11-14T00:00:00", + "ID": "CVE-2017-11858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore, Microsoft Edge, Internet Explorer", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11858", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11858" - }, - { - "name" : "101716", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101716" - }, - { - "name" : "1039780", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039780" - }, - { - "name" : "1039781", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039781" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039781", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039781" + }, + { + "name": "101716", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101716" + }, + { + "name": "1039780", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039780" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11858", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11858" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15467.json b/2017/15xxx/CVE-2017-15467.json index 4cd3d97bb3d..7f34364327d 100644 --- a/2017/15xxx/CVE-2017-15467.json +++ b/2017/15xxx/CVE-2017-15467.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15467", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15467", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15619.json b/2017/15xxx/CVE-2017-15619.json index 4a93b85df58..5f70900a4de 100644 --- a/2017/15xxx/CVE-2017-15619.json +++ b/2017/15xxx/CVE-2017-15619.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_client.lua file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/541655/100/0/threaded" - }, - { - "name" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt", - "refsource" : "MISC", - "url" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_client.lua file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt", + "refsource": "MISC", + "url": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt" + }, + { + "name": "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/541655/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15684.json b/2017/15xxx/CVE-2017-15684.json index 55a36cf3479..cf7bd6593bc 100644 --- a/2017/15xxx/CVE-2017-15684.json +++ b/2017/15xxx/CVE-2017-15684.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15684", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15684", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15924.json b/2017/15xxx/CVE-2017-15924.json index a7f547819be..b1bfe0d2a86 100644 --- a/2017/15xxx/CVE-2017-15924.json +++ b/2017/15xxx/CVE-2017-15924.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/10/13/2", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/10/13/2" - }, - { - "name" : "https://github.com/shadowsocks/shadowsocks-libev/commit/c67d275803dc6ea22c558d06b1f7ba9f94cd8de3", - "refsource" : "MISC", - "url" : "https://github.com/shadowsocks/shadowsocks-libev/commit/c67d275803dc6ea22c558d06b1f7ba9f94cd8de3" - }, - { - "name" : "https://github.com/shadowsocks/shadowsocks-libev/issues/1734", - "refsource" : "MISC", - "url" : "https://github.com/shadowsocks/shadowsocks-libev/issues/1734" - }, - { - "name" : "https://www.x41-dsec.de/lab/advisories/x41-2017-010-shadowsocks-libev/", - "refsource" : "MISC", - "url" : "https://www.x41-dsec.de/lab/advisories/x41-2017-010-shadowsocks-libev/" - }, - { - "name" : "DSA-4009", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-4009" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related to the add_server, build_config, and construct_command_line functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/shadowsocks/shadowsocks-libev/commit/c67d275803dc6ea22c558d06b1f7ba9f94cd8de3", + "refsource": "MISC", + "url": "https://github.com/shadowsocks/shadowsocks-libev/commit/c67d275803dc6ea22c558d06b1f7ba9f94cd8de3" + }, + { + "name": "https://github.com/shadowsocks/shadowsocks-libev/issues/1734", + "refsource": "MISC", + "url": "https://github.com/shadowsocks/shadowsocks-libev/issues/1734" + }, + { + "name": "https://www.x41-dsec.de/lab/advisories/x41-2017-010-shadowsocks-libev/", + "refsource": "MISC", + "url": "https://www.x41-dsec.de/lab/advisories/x41-2017-010-shadowsocks-libev/" + }, + { + "name": "DSA-4009", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-4009" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/10/13/2", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/10/13/2" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3166.json b/2017/3xxx/CVE-2017-3166.json index 1bec20ac155..d2684285522 100644 --- a/2017/3xxx/CVE-2017-3166.json +++ b/2017/3xxx/CVE-2017-3166.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2017-11-08T00:00:00", - "ID" : "CVE-2017-3166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Hadoop", - "version" : { - "version_data" : [ - { - "version_value" : "2.6.1 to 2.6.5" - }, - { - "version_value" : "2.7.0 to 2.7.3" - }, - { - "version_value" : "3.0.0-alpha1 to 3.0.0-alpha3" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege escalation" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2017-11-08T00:00:00", + "ID": "CVE-2017-3166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Hadoop", + "version": { + "version_data": [ + { + "version_value": "2.6.1 to 2.6.5" + }, + { + "version_value": "2.7.0 to 2.7.3" + }, + { + "version_value": "3.0.0-alpha1 to 3.0.0-alpha3" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[general] 20171108 [SECURITY] CVE-2017-3166: Apache Hadoop Privilege escalation vulnerability", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/2e16689b44bdd1976b6368c143a4017fc7159d1f2d02a5d54fe9310f@%3Cgeneral.hadoop.apache.org%3E" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any application that requests to localize that file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[general] 20171108 [SECURITY] CVE-2017-3166: Apache Hadoop Privilege escalation vulnerability", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/2e16689b44bdd1976b6368c143a4017fc7159d1f2d02a5d54fe9310f@%3Cgeneral.hadoop.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3313.json b/2017/3xxx/CVE-2017-3313.json index 5c03d8f2123..5c570410512 100644 --- a/2017/3xxx/CVE-2017-3313.json +++ b/2017/3xxx/CVE-2017-3313.json @@ -1,118 +1,118 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_value" : "5.5.53 and earlier" - }, - { - "version_value" : "5.6.34 and earlier" - }, - { - "version_value" : "5.7.16 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.5.53 and earlier" + }, + { + "version_value": "5.6.34 and earlier" + }, + { + "version_value": "5.7.16 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "DSA-3767", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3767" - }, - { - "name" : "DSA-3809", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3809" - }, - { - "name" : "GLSA-201702-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-17" - }, - { - "name" : "RHSA-2017:2886", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2886" - }, - { - "name" : "RHSA-2017:2787", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2787" - }, - { - "name" : "RHSA-2017:2192", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2192" - }, - { - "name" : "RHSA-2018:0279", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0279" - }, - { - "name" : "RHSA-2018:0574", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0574" - }, - { - "name" : "95527", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95527" - }, - { - "name" : "1037640", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:2787", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2787" + }, + { + "name": "95527", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95527" + }, + { + "name": "GLSA-201702-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-17" + }, + { + "name": "RHSA-2018:0574", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0574" + }, + { + "name": "1037640", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037640" + }, + { + "name": "RHSA-2018:0279", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0279" + }, + { + "name": "DSA-3767", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3767" + }, + { + "name": "RHSA-2017:2886", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2886" + }, + { + "name": "DSA-3809", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3809" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + }, + { + "name": "RHSA-2017:2192", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2192" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3868.json b/2017/3xxx/CVE-2017-3868.json index d3af8f07833..c50206bd8a8 100644 --- a/2017/3xxx/CVE-2017-3868.json +++ b/2017/3xxx/CVE-2017-3868.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3868", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco UCS Director", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco UCS Director" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc44344. Known Affected Releases: 6.0(0.0)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco UCS Director", + "version": { + "version_data": [ + { + "version_value": "Cisco UCS Director" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucs", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucs" - }, - { - "name" : "96921", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96921" - }, - { - "name" : "1038039", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038039" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc44344. Known Affected Releases: 6.0(0.0)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96921", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96921" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucs", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucs" + }, + { + "name": "1038039", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038039" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8148.json b/2017/8xxx/CVE-2017-8148.json index 883574187db..b0b33cc5599 100644 --- a/2017/8xxx/CVE-2017-8148.json +++ b/2017/8xxx/CVE-2017-8148.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "P9", - "version" : { - "version_data" : [ - { - "version_value" : "The versions before EVA-AL10C00B389" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Audio driver in P9 smartphones with software The versions before EVA-AL10C00B389 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the race condition cause null pointer accessing during the application access shared resource, which make the system reboot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "P9", + "version": { + "version_data": [ + { + "version_value": "The versions before EVA-AL10C00B389" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-01-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Audio driver in P9 smartphones with software The versions before EVA-AL10C00B389 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the race condition cause null pointer accessing during the application access shared resource, which make the system reboot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8256.json b/2017/8xxx/CVE-2017-8256.json index e63e8b4d942..57110128a01 100644 --- a/2017/8xxx/CVE-2017-8256.json +++ b/2017/8xxx/CVE-2017-8256.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-07-01T00:00:00", - "ID" : "CVE-2017-8256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Input Validation in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-07-01T00:00:00", + "ID": "CVE-2017-8256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-07-01" - }, - { - "name" : "99465", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-07-01" + }, + { + "name": "99465", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99465" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8404.json b/2017/8xxx/CVE-2017-8404.json index 5cfb5ffb866..8028df684f3 100644 --- a/2017/8xxx/CVE-2017-8404.json +++ b/2017/8xxx/CVE-2017-8404.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8404", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8404", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8848.json b/2017/8xxx/CVE-2017-8848.json index 96db301f64c..51aec425b5e 100644 --- a/2017/8xxx/CVE-2017-8848.json +++ b/2017/8xxx/CVE-2017-8848.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/s3131212/allendisk/issues/16", - "refsource" : "MISC", - "url" : "https://github.com/s3131212/allendisk/issues/16" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/s3131212/allendisk/issues/16", + "refsource": "MISC", + "url": "https://github.com/s3131212/allendisk/issues/16" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12196.json b/2018/12xxx/CVE-2018-12196.json index 312c6706c43..0ae2334d1cd 100644 --- a/2018/12xxx/CVE-2018-12196.json +++ b/2018/12xxx/CVE-2018-12196.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2019-03-12T00:00:00", - "ID" : "CVE-2018-12196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel(R) CSME, Server Platform Services, Trusted Execution Engine and Intel(R) Active Management Technology", - "version" : { - "version_data" : [ - { - "version_value" : "Multiple versions." - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow a privileged user to potentially execute arbitrary code via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2019-03-12T00:00:00", + "ID": "CVE-2018-12196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel(R) CSME, Server Platform Services, Trusted Execution Engine and Intel(R) Active Management Technology", + "version": { + "version_data": [ + { + "version_value": "Multiple versions." + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow a privileged user to potentially execute arbitrary code via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12256.json b/2018/12xxx/CVE-2018-12256.json index 699e932a11f..28063bb0a1d 100644 --- a/2018/12xxx/CVE-2018-12256.json +++ b/2018/12xxx/CVE-2018-12256.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12256", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12256", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/litecart/litecart/commit/2305368eb70a26cab34c772c9ae88787f4c3e669", - "refsource" : "CONFIRM", - "url" : "https://github.com/litecart/litecart/commit/2305368eb70a26cab34c772c9ae88787f4c3e669" - }, - { - "name" : "https://www.litecart.net/download", - "refsource" : "CONFIRM", - "url" : "https://www.litecart.net/download" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/litecart/litecart/commit/2305368eb70a26cab34c772c9ae88787f4c3e669", + "refsource": "CONFIRM", + "url": "https://github.com/litecart/litecart/commit/2305368eb70a26cab34c772c9ae88787f4c3e669" + }, + { + "name": "https://www.litecart.net/download", + "refsource": "CONFIRM", + "url": "https://www.litecart.net/download" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12418.json b/2018/12xxx/CVE-2018-12418.json index 1f871f7993b..68fc601bac3 100644 --- a/2018/12xxx/CVE-2018-12418.json +++ b/2018/12xxx/CVE-2018-12418.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12418", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12418", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/junrar/junrar/commit/ad8d0ba8e155630da8a1215cee3f253e0af45817", - "refsource" : "MISC", - "url" : "https://github.com/junrar/junrar/commit/ad8d0ba8e155630da8a1215cee3f253e0af45817" - }, - { - "name" : "https://github.com/junrar/junrar/pull/8", - "refsource" : "MISC", - "url" : "https://github.com/junrar/junrar/pull/8" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/junrar/junrar/pull/8", + "refsource": "MISC", + "url": "https://github.com/junrar/junrar/pull/8" + }, + { + "name": "https://github.com/junrar/junrar/commit/ad8d0ba8e155630da8a1215cee3f253e0af45817", + "refsource": "MISC", + "url": "https://github.com/junrar/junrar/commit/ad8d0ba8e155630da8a1215cee3f253e0af45817" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12631.json b/2018/12xxx/CVE-2018-12631.json index 04783cb3fe1..3f9bb7bb4c6 100644 --- a/2018/12xxx/CVE-2018-12631.json +++ b/2018/12xxx/CVE-2018-12631.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44905", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44905/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44905", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44905/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12653.json b/2018/12xxx/CVE-2018-12653.json index deb3067be27..ee4ad9f91de 100644 --- a/2018/12xxx/CVE-2018-12653.json +++ b/2018/12xxx/CVE-2018-12653.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12653", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12653", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12950.json b/2018/12xxx/CVE-2018-12950.json index 34e2e64f82c..87024887bae 100644 --- a/2018/12xxx/CVE-2018-12950.json +++ b/2018/12xxx/CVE-2018-12950.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12950", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12950", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13407.json b/2018/13xxx/CVE-2018-13407.json index 868b05c2924..c9135795a21 100644 --- a/2018/13xxx/CVE-2018-13407.json +++ b/2018/13xxx/CVE-2018-13407.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13407", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A CSRF issue was discovered in Jirafeau before 3.4.1. The \"delete file\" feature on the admin panel is not protected against automated requests and could be abused." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13407", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.bishopfox.com/news/2018/06/jirafeau-version-3-3-0-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://www.bishopfox.com/news/2018/06/jirafeau-version-3-3-0-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A CSRF issue was discovered in Jirafeau before 3.4.1. The \"delete file\" feature on the admin panel is not protected against automated requests and could be abused." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.bishopfox.com/news/2018/06/jirafeau-version-3-3-0-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://www.bishopfox.com/news/2018/06/jirafeau-version-3-3-0-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13740.json b/2018/13xxx/CVE-2018-13740.json index 2b56e5e9403..638c3b7c2ba 100644 --- a/2018/13xxx/CVE-2018-13740.json +++ b/2018/13xxx/CVE-2018-13740.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for OneChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/OneChain", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/OneChain" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for OneChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/OneChain", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/OneChain" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13798.json b/2018/13xxx/CVE-2018-13798.json index 32d437a34b9..6b34a83a98f 100644 --- a/2018/13xxx/CVE-2018-13798.json +++ b/2018/13xxx/CVE-2018-13798.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13798", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13798", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16022.json b/2018/16xxx/CVE-2018-16022.json index d5ae0037bc2..1b3743cce83 100644 --- a/2018/16xxx/CVE-2018-16022.json +++ b/2018/16xxx/CVE-2018-16022.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-16022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-16022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106162", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106162" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106162", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106162" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16037.json b/2018/16xxx/CVE-2018-16037.json index e9a99e19b34..7c00909cc6f 100644 --- a/2018/16xxx/CVE-2018-16037.json +++ b/2018/16xxx/CVE-2018-16037.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-16037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-16037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106164", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106164", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106164" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16065.json b/2018/16xxx/CVE-2018-16065.json index ac20624d2a9..9da7f9edf29 100644 --- a/2018/16xxx/CVE-2018-16065.json +++ b/2018/16xxx/CVE-2018-16065.json @@ -1,88 +1,88 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-16065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "69.0.3497.81" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use after free" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-16065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "69.0.3497.81" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/867776", - "refsource" : "MISC", - "url" : "https://crbug.com/867776" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html" - }, - { - "name" : "DSA-4289", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4289" - }, - { - "name" : "GLSA-201811-10", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-10" - }, - { - "name" : "RHSA-2018:2666", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2666" - }, - { - "name" : "105215", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105215" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105215", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105215" + }, + { + "name": "DSA-4289", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4289" + }, + { + "name": "RHSA-2018:2666", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2666" + }, + { + "name": "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html" + }, + { + "name": "GLSA-201811-10", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-10" + }, + { + "name": "https://crbug.com/867776", + "refsource": "MISC", + "url": "https://crbug.com/867776" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16557.json b/2018/16xxx/CVE-2018-16557.json index b613c4eb5c3..7a3afba5d8d 100644 --- a/2018/16xxx/CVE-2018-16557.json +++ b/2018/16xxx/CVE-2018-16557.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "ID" : "CVE-2018-16557", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SIMATIC S7-400 (incl. F) V6 and below, SIMATIC S7-400 PN/DP V7 (incl. F), SIMATIC S7-400H V4.5 and below, SIMATIC S7-400H V6, SIMATIC S7-410", - "version" : { - "version_data" : [ - { - "version_value" : "SIMATIC S7-400 (incl. F) V6 and below : All versions" - }, - { - "version_value" : "SIMATIC S7-400 PN/DP V7 (incl. F) : All versions" - }, - { - "version_value" : "SIMATIC S7-400H V4.5 and below : All versions" - }, - { - "version_value" : "SIMATIC S7-400H V6 : All versions" - }, - { - "version_value" : "SIMATIC S7-410 : All versions < V8.2.1" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400H V4.5 and below (All versions), SIMATIC S7-400H V6 (All versions), SIMATIC S7-410 (All versions < V8.2.1). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a Denial-of-Service condition on affected devices. Flashing with a firmware image may be required to recover the CPU. Successful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. If no access protection is configured, no privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-347: Improper Verification of Cryptographic Signature" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2018-16557", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SIMATIC S7-400 (incl. F) V6 and below, SIMATIC S7-400 PN/DP V7 (incl. F), SIMATIC S7-400H V4.5 and below, SIMATIC S7-400H V6, SIMATIC S7-410", + "version": { + "version_data": [ + { + "version_value": "SIMATIC S7-400 (incl. F) V6 and below : All versions" + }, + { + "version_value": "SIMATIC S7-400 PN/DP V7 (incl. F) : All versions" + }, + { + "version_value": "SIMATIC S7-400H V4.5 and below : All versions" + }, + { + "version_value": "SIMATIC S7-400H V6 : All versions" + }, + { + "version_value": "SIMATIC S7-410 : All versions < V8.2.1" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-317-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-317-02" - }, - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400H V4.5 and below (All versions), SIMATIC S7-400H V6 (All versions), SIMATIC S7-410 (All versions < V8.2.1). Sending of specially crafted packets to port 102/tcp via Ethernet interface via PROFIBUS or Multi Point Interfaces (MPI) could cause a Denial-of-Service condition on affected devices. Flashing with a firmware image may be required to recover the CPU. Successful exploitation requires an attacker to have network access to port 102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or Multi Point Interfaces (MPI) to the device. No user interaction is required. If no access protection is configured, no privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-347: Improper Verification of Cryptographic Signature" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-113131.pdf" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-317-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-317-02" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16565.json b/2018/16xxx/CVE-2018-16565.json index 2af02e59182..fcc5206cac0 100644 --- a/2018/16xxx/CVE-2018-16565.json +++ b/2018/16xxx/CVE-2018-16565.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16565", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16565", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17258.json b/2018/17xxx/CVE-2018-17258.json index eb0a03716d0..bd5e5407fa3 100644 --- a/2018/17xxx/CVE-2018-17258.json +++ b/2018/17xxx/CVE-2018-17258.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17258", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-17258", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17292.json b/2018/17xxx/CVE-2018-17292.json index a057a421c92..bb8e64b5a3d 100644 --- a/2018/17xxx/CVE-2018-17292.json +++ b/2018/17xxx/CVE-2018-17292.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in WAVM before 2018-09-16. The loadModule function in Include/Inline/CLI.h lacks checking of the file length before a file magic comparison, allowing attackers to cause a Denial of Service (application crash caused by out-of-bounds read) by crafting a file that has fewer than 4 bytes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/WAVM/WAVM/commit/2de6cf70c5ef31e22ed119a25ac2daeefd3d18a1", - "refsource" : "MISC", - "url" : "https://github.com/WAVM/WAVM/commit/2de6cf70c5ef31e22ed119a25ac2daeefd3d18a1" - }, - { - "name" : "https://github.com/WAVM/WAVM/issues/109", - "refsource" : "MISC", - "url" : "https://github.com/WAVM/WAVM/issues/109" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WAVM before 2018-09-16. The loadModule function in Include/Inline/CLI.h lacks checking of the file length before a file magic comparison, allowing attackers to cause a Denial of Service (application crash caused by out-of-bounds read) by crafting a file that has fewer than 4 bytes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/WAVM/WAVM/commit/2de6cf70c5ef31e22ed119a25ac2daeefd3d18a1", + "refsource": "MISC", + "url": "https://github.com/WAVM/WAVM/commit/2de6cf70c5ef31e22ed119a25ac2daeefd3d18a1" + }, + { + "name": "https://github.com/WAVM/WAVM/issues/109", + "refsource": "MISC", + "url": "https://github.com/WAVM/WAVM/issues/109" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17769.json b/2018/17xxx/CVE-2018-17769.json index c06a1b9083a..72261c3db0d 100644 --- a/2018/17xxx/CVE-2018-17769.json +++ b/2018/17xxx/CVE-2018-17769.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17769", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17769", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6690.json b/2019/6xxx/CVE-2019-6690.json index e1d93266482..55be6a781ac 100644 --- a/2019/6xxx/CVE-2019-6690.json +++ b/2019/6xxx/CVE-2019-6690.json @@ -1,18 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2019-6690", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-6690", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a \"CWE-20: Improper Input Validation\" issue affecting the affect functionality component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "106756", + "url": "http://www.securityfocus.com/bid/106756" + }, + { + "url": "http://packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.html" + }, + { + "url": "https://pypi.org/project/python-gnupg/#history", + "refsource": "MISC", + "name": "https://pypi.org/project/python-gnupg/#history" + }, + { + "refsource": "SUSE", + "name": "SU-2019:0143-1", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00008.html" + }, + { + "refsource": "SUSE", + "name": "SUSE-SU-2019:0239-1", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00058.html" + }, + { + "refsource": "MLIST", + "name": "[SECURITY] [DLA 1675-1] 20190214 python-gnupg security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00021.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20190125 CVE-2019-6690: Improper Input Validation in python-gnupg", + "url": "https://seclists.org/bugtraq/2019/Jan/41" + } + ] + } +} \ No newline at end of file