diff --git a/2004/0xxx/CVE-2004-0106.json b/2004/0xxx/CVE-2004-0106.json index 40b47a54987..b34fb771866 100644 --- a/2004/0xxx/CVE-2004-0106.json +++ b/2004/0xxx/CVE-2004-0106.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0106", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CLA-2004:821", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821" - }, - { - "name" : "DSA-443", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-443" - }, - { - "name" : "FLSA:2314", - "refsource" : "FEDORA", - "url" : "http://marc.info/?l=bugtraq&m=110979666528890&w=2" - }, - { - "name" : "RHSA-2004:059", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-059.html" - }, - { - "name" : "RHSA-2004:060", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-060.html" - }, - { - "name" : "RHSA-2004:061", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-061.html" - }, - { - "name" : "SSA:2004-043", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053" - }, - { - "name" : "SuSE-SA:2004:006", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" - }, - { - "name" : "MDKSA-2004:012", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" - }, - { - "name" : "oval:org.mitre.oval:def:11111", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111" - }, - { - "name" : "xfree86-multiple-font-improper-handling(15206)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15206" - }, - { - "name" : "oval:org.mitre.oval:def:809", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809" - }, - { - "name" : "oval:org.mitre.oval:def:832", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SuSE-SA:2004:006", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html" + }, + { + "name": "oval:org.mitre.oval:def:11111", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11111" + }, + { + "name": "RHSA-2004:060", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-060.html" + }, + { + "name": "CLA-2004:821", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821" + }, + { + "name": "oval:org.mitre.oval:def:809", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A809" + }, + { + "name": "xfree86-multiple-font-improper-handling(15206)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15206" + }, + { + "name": "FLSA:2314", + "refsource": "FEDORA", + "url": "http://marc.info/?l=bugtraq&m=110979666528890&w=2" + }, + { + "name": "DSA-443", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-443" + }, + { + "name": "MDKSA-2004:012", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012" + }, + { + "name": "oval:org.mitre.oval:def:832", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A832" + }, + { + "name": "RHSA-2004:059", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-059.html" + }, + { + "name": "RHSA-2004:061", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-061.html" + }, + { + "name": "SSA:2004-043", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0289.json b/2004/0xxx/CVE-2004-0289.json index f0693b3776c..8f9488ae44e 100644 --- a/2004/0xxx/CVE-2004-0289.json +++ b/2004/0xxx/CVE-2004-0289.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0289", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to cause a denial of service (segmentation fault) via a database file that contains a large key parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0289", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040215 problems with database files in 'SignatureDB'", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107695113832648&w=2" - }, - { - "name" : "9661", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9661" - }, - { - "name" : "signaturedb-sdbscan-bo(15217)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15217" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to cause a denial of service (segmentation fault) via a database file that contains a large key parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9661", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9661" + }, + { + "name": "signaturedb-sdbscan-bo(15217)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15217" + }, + { + "name": "20040215 problems with database files in 'SignatureDB'", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107695113832648&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0751.json b/2004/0xxx/CVE-2004-0751.json index 066c8863218..4ef3b6fd882 100644 --- a/2004/0xxx/CVE-2004-0751.json +++ b/2004/0xxx/CVE-2004-0751.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0751", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=30134", - "refsource" : "CONFIRM", - "url" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=30134" - }, - { - "name" : "20040911 Remote buffer overflow in Apache mod_ssl when reverse proxying SSL", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-09/0096.html" - }, - { - "name" : "GLSA-200409-21", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml" - }, - { - "name" : "MDKSA-2004:096", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096" - }, - { - "name" : "RHSA-2004:463", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-463.html" - }, - { - "name" : "SUSE-SA:2004:030", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_30_apache2.html" - }, - { - "name" : "2004-0047", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2004/0047/" - }, - { - "name" : "oval:org.mitre.oval:def:11864", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11864" - }, - { - "name" : "apache-modssl-speculative-dos(17273)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2004:463", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-463.html" + }, + { + "name": "SUSE-SA:2004:030", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_30_apache2.html" + }, + { + "name": "apache-modssl-speculative-dos(17273)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17273" + }, + { + "name": "http://issues.apache.org/bugzilla/show_bug.cgi?id=30134", + "refsource": "CONFIRM", + "url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=30134" + }, + { + "name": "2004-0047", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2004/0047/" + }, + { + "name": "MDKSA-2004:096", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096" + }, + { + "name": "GLSA-200409-21", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml" + }, + { + "name": "oval:org.mitre.oval:def:11864", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11864" + }, + { + "name": "20040911 Remote buffer overflow in Apache mod_ssl when reverse proxying SSL", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-09/0096.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0804.json b/2004/0xxx/CVE-2004-0804.json index a526f2a8a01..6c28d603e09 100644 --- a/2004/0xxx/CVE-2004-0804.json +++ b/2004/0xxx/CVE-2004-0804.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0804", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0804", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugzilla.remotesensing.org/show_bug.cgi?id=111", - "refsource" : "MISC", - "url" : "http://bugzilla.remotesensing.org/show_bug.cgi?id=111" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20041209-2.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20041209-2.txt" - }, - { - "name" : "CLA-2004:888", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888" - }, - { - "name" : "DSA-567", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-567" - }, - { - "name" : "MDKSA-2004:109", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:109" - }, - { - "name" : "MDKSA-2005:052", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052" - }, - { - "name" : "RHSA-2004:577", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-577.html" - }, - { - "name" : "RHSA-2005:354", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-354.html" - }, - { - "name" : "RHSA-2005:021", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-021.html" - }, - { - "name" : "101677", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1" - }, - { - "name" : "201072", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1" - }, - { - "name" : "SUSE-SA:2004:038", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_38_libtiff.html" - }, - { - "name" : "VU#555304", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/555304" - }, - { - "name" : "oval:org.mitre.oval:def:100115", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115" - }, - { - "name" : "oval:org.mitre.oval:def:11711", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711" - }, - { - "name" : "libtiff-dos(17755)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2004:577", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-577.html" + }, + { + "name": "MDKSA-2004:109", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:109" + }, + { + "name": "RHSA-2005:021", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-021.html" + }, + { + "name": "201072", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1" + }, + { + "name": "oval:org.mitre.oval:def:100115", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100115" + }, + { + "name": "oval:org.mitre.oval:def:11711", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11711" + }, + { + "name": "101677", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1" + }, + { + "name": "SUSE-SA:2004:038", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_38_libtiff.html" + }, + { + "name": "CLA-2004:888", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888" + }, + { + "name": "MDKSA-2005:052", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052" + }, + { + "name": "http://www.kde.org/info/security/advisory-20041209-2.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20041209-2.txt" + }, + { + "name": "VU#555304", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/555304" + }, + { + "name": "RHSA-2005:354", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-354.html" + }, + { + "name": "DSA-567", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-567" + }, + { + "name": "libtiff-dos(17755)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17755" + }, + { + "name": "http://bugzilla.remotesensing.org/show_bug.cgi?id=111", + "refsource": "MISC", + "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=111" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0818.json b/2004/0xxx/CVE-2004-0818.json index 2d0427fbfe1..cf0b93b96f9 100644 --- a/2004/0xxx/CVE-2004-0818.json +++ b/2004/0xxx/CVE-2004-0818.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0818", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2004-0818", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1163.json b/2004/1xxx/CVE-2004-1163.json index 99be41f72e8..010ce0c99bc 100644 --- a/2004/1xxx/CVE-2004-1163.json +++ b/2004/1xxx/CVE-2004-1163.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1163", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco CNS Network Registrar Central Configuration Management (CCM) server 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service (CPU consumption) by ending a connection after sending a certain sequence of packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1163", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041202 Cisco Network Registrar Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a008036786d.shtml" - }, - { - "name" : "cisco-cns-ccm-dos(18327)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18327" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco CNS Network Registrar Central Configuration Management (CCM) server 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service (CPU consumption) by ending a connection after sending a certain sequence of packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041202 Cisco Network Registrar Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a008036786d.shtml" + }, + { + "name": "cisco-cns-ccm-dos(18327)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18327" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1253.json b/2004/1xxx/CVE-2004-1253.json index af93ca78e47..05eab4cb0aa 100644 --- a/2004/1xxx/CVE-2004-1253.json +++ b/2004/1xxx/CVE-2004-1253.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1253", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1253", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1373.json b/2004/1xxx/CVE-2004-1373.json index cb5b5a8ecd5..93fdf158558 100644 --- a/2004/1xxx/CVE-2004-1373.json +++ b/2004/1xxx/CVE-2004-1373.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041223 SHOUTcast remote format string vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110382975516003&w=2" - }, - { - "name" : "20050219 exwormshoucast part of PTjob project: SHOUTcast v1.9.4 remote", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110886444014745&w=2" - }, - { - "name" : "GLSA-200501-04", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-04.xml" - }, - { - "name" : "12096", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12096" - }, - { - "name" : "1012675", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012675" - }, - { - "name" : "shoutcast-format-string(18669)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18669" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "shoutcast-format-string(18669)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18669" + }, + { + "name": "12096", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12096" + }, + { + "name": "1012675", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012675" + }, + { + "name": "GLSA-200501-04", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200501-04.xml" + }, + { + "name": "20041223 SHOUTcast remote format string vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110382975516003&w=2" + }, + { + "name": "20050219 exwormshoucast part of PTjob project: SHOUTcast v1.9.4 remote", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110886444014745&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1961.json b/2004/1xxx/CVE-2004-1961.json index cf7ef8a0429..2682a918a48 100644 --- a/2004/1xxx/CVE-2004-1961.json +++ b/2004/1xxx/CVE-2004-1961.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "blocker.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection protection and execute limited SQL commands via URL-encoded \"'\" characters (\"%27\")." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040423 [waraxe-2004-SA#025 - Multiple vulnerabilities in Protector System 1.15b1 for PhpNuke]", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/361300/2004-04-21/2004-04-27/0" - }, - { - "name" : "http://www.waraxe.us/index.php?modname=sa&id=25", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/index.php?modname=sa&id=25" - }, - { - "name" : "http://protector.warcenter.se/article-53--0-0.html", - "refsource" : "CONFIRM", - "url" : "http://protector.warcenter.se/article-53--0-0.html" - }, - { - "name" : "10206", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "blocker.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection protection and execute limited SQL commands via URL-encoded \"'\" characters (\"%27\")." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040423 [waraxe-2004-SA#025 - Multiple vulnerabilities in Protector System 1.15b1 for PhpNuke]", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/361300/2004-04-21/2004-04-27/0" + }, + { + "name": "10206", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10206" + }, + { + "name": "http://www.waraxe.us/index.php?modname=sa&id=25", + "refsource": "MISC", + "url": "http://www.waraxe.us/index.php?modname=sa&id=25" + }, + { + "name": "http://protector.warcenter.se/article-53--0-0.html", + "refsource": "CONFIRM", + "url": "http://protector.warcenter.se/article-53--0-0.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2097.json b/2004/2xxx/CVE-2004-2097.json index 2ac99485cab..5954b7f82fa 100644 --- a/2004/2xxx/CVE-2004-2097.json +++ b/2004/2xxx/CVE-2004-2097.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040121 [SuSE 9.0] possible symlink attacks in some scripts", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107461582413923&w=2" - }, - { - "name" : "20040122 Re: [SuSE 9.0] possible symlink attacks in some scripts", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107478920006258&w=2" - }, - { - "name" : "9457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9457" - }, - { - "name" : "1008781", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008781" - }, - { - "name" : "suse-multiple-symlink-attack(14963)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14963" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040122 Re: [SuSE 9.0] possible symlink attacks in some scripts", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107478920006258&w=2" + }, + { + "name": "20040121 [SuSE 9.0] possible symlink attacks in some scripts", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107461582413923&w=2" + }, + { + "name": "1008781", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008781" + }, + { + "name": "suse-multiple-symlink-attack(14963)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14963" + }, + { + "name": "9457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9457" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2414.json b/2004/2xxx/CVE-2004-2414.json index 794e102416a..b931b7aa6d0 100644 --- a/2004/2xxx/CVE-2004-2414.json +++ b/2004/2xxx/CVE-2004-2414.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2414", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968534.htm", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968534.htm" - }, - { - "name" : "9934", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9934" - }, - { - "name" : "11188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11188" - }, - { - "name" : "netware-installation-file-disclosure(15600)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15600" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "netware-installation-file-disclosure(15600)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15600" + }, + { + "name": "9934", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9934" + }, + { + "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968534.htm", + "refsource": "CONFIRM", + "url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968534.htm" + }, + { + "name": "11188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11188" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2233.json b/2008/2xxx/CVE-2008-2233.json index 806fe7bf2fc..f45b3853d07 100644 --- a/2008/2xxx/CVE-2008-2233.json +++ b/2008/2xxx/CVE-2008-2233.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, allows remote Openwsman servers to replay SSL sessions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SUSE-SA:2008:041", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00003.html" - }, - { - "name" : "30694", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30694" - }, - { - "name" : "ADV-2008-2397", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2397" - }, - { - "name" : "31429", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31429" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, allows remote Openwsman servers to replay SSL sessions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30694", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30694" + }, + { + "name": "ADV-2008-2397", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2397" + }, + { + "name": "SUSE-SA:2008:041", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00003.html" + }, + { + "name": "31429", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31429" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2251.json b/2008/2xxx/CVE-2008-2251.json index 1879a740ab8..044f146f7d7 100644 --- a/2008/2xxx/CVE-2008-2251.json +++ b/2008/2xxx/CVE-2008-2251.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka \"Windows Kernel Unhandled Exception Vulnerability.\" NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-2251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02379", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2" - }, - { - "name" : "SSRT080143", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2" - }, - { - "name" : "MS08-061", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-061" - }, - { - "name" : "TA08-288A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-288A.html" - }, - { - "name" : "31653", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31653" - }, - { - "name" : "oval:org.mitre.oval:def:6010", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6010" - }, - { - "name" : "ADV-2008-2812", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2812" - }, - { - "name" : "1021046", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021046" - }, - { - "name" : "32247", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32247" - }, - { - "name" : "win-kernel-system-calls-privilege-escalation(45542)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45542" - }, - { - "name" : "win-ms08kb954211-update(45544)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45544" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka \"Windows Kernel Unhandled Exception Vulnerability.\" NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:6010", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6010" + }, + { + "name": "win-kernel-system-calls-privilege-escalation(45542)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45542" + }, + { + "name": "SSRT080143", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2" + }, + { + "name": "32247", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32247" + }, + { + "name": "MS08-061", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-061" + }, + { + "name": "31653", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31653" + }, + { + "name": "win-ms08kb954211-update(45544)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45544" + }, + { + "name": "HPSBST02379", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2" + }, + { + "name": "ADV-2008-2812", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2812" + }, + { + "name": "1021046", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021046" + }, + { + "name": "TA08-288A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2479.json b/2008/2xxx/CVE-2008-2479.json index d4c1d70c00e..507b89cead0 100644 --- a/2008/2xxx/CVE-2008-2479.json +++ b/2008/2xxx/CVE-2008-2479.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) kind parameter to fix/browse.php and the (2) account parameter to auth/00_pass.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080526 phpFix v2 Multiple SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492582/100/0/threaded" - }, - { - "name" : "29371", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29371" - }, - { - "name" : "30397", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30397" - }, - { - "name" : "phpfix-00pass-sql-injection(42637)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42637" - }, - { - "name" : "phpfix-browse-sql-injection(42636)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42636" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) kind parameter to fix/browse.php and the (2) account parameter to auth/00_pass.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "phpfix-browse-sql-injection(42636)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42636" + }, + { + "name": "20080526 phpFix v2 Multiple SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492582/100/0/threaded" + }, + { + "name": "30397", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30397" + }, + { + "name": "phpfix-00pass-sql-injection(42637)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42637" + }, + { + "name": "29371", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29371" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3401.json b/2008/3xxx/CVE-2008-3401.json index 7488f5bf9ad..590f6aec0be 100644 --- a/2008/3xxx/CVE-2008-3401.json +++ b/2008/3xxx/CVE-2008-3401.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Random Ad (HRA) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080730 HIOX Random Ad 1.3 (hioxRandomAd.php hm) RFI Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494927/100/0/threaded" - }, - { - "name" : "6161", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6161" - }, - { - "name" : "30435", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30435" - }, - { - "name" : "31300", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31300" - }, - { - "name" : "4082", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4082" - }, - { - "name" : "hioxrandomad-hm-file-include(44061)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44061" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Random Ad (HRA) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6161", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6161" + }, + { + "name": "hioxrandomad-hm-file-include(44061)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44061" + }, + { + "name": "20080730 HIOX Random Ad 1.3 (hioxRandomAd.php hm) RFI Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494927/100/0/threaded" + }, + { + "name": "30435", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30435" + }, + { + "name": "31300", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31300" + }, + { + "name": "4082", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4082" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3722.json b/2008/3xxx/CVE-2008-3722.json index 95e6828d20e..644e5118337 100644 --- a/2008/3xxx/CVE-2008-3722.json +++ b/2008/3xxx/CVE-2008-3722.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in forum/neu.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the kat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securityfocus.com/bid/30712/exploit", - "refsource" : "MISC", - "url" : "http://www.securityfocus.com/bid/30712/exploit" - }, - { - "name" : "30712", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30712" - }, - { - "name" : "flipscms-neu-sql-injection(44522)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in forum/neu.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the kat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "flipscms-neu-sql-injection(44522)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44522" + }, + { + "name": "http://www.securityfocus.com/bid/30712/exploit", + "refsource": "MISC", + "url": "http://www.securityfocus.com/bid/30712/exploit" + }, + { + "name": "30712", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30712" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6180.json b/2008/6xxx/CVE-2008-6180.json index c1a0bee9d4b..f2c492def30 100644 --- a/2008/6xxx/CVE-2008-6180.json +++ b/2008/6xxx/CVE-2008-6180.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6180", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in system/nlb_user.class.php in NewLife Blogger 3.0 and earlier, and possibly 3.3.1, allows remote attackers to execute arbitrary SQL commands via the nlb3 cookie." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6180", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081012 NewLife Blogger <= v3.0 / Insecure Cookie Handling & SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497283/100/0/threaded" - }, - { - "name" : "6739", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6739" - }, - { - "name" : "http://www.pepelux.org/exploits/newlife-es.txt", - "refsource" : "MISC", - "url" : "http://www.pepelux.org/exploits/newlife-es.txt" - }, - { - "name" : "31728", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31728" - }, - { - "name" : "ADV-2008-2797", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2797" - }, - { - "name" : "32214", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32214" - }, - { - "name" : "newlifeblogger-nlbuserclass-sql-injection(45820)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45820" - }, - { - "name" : "newlifeblogger-nlbuserclass-security-bypass(45821)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45821" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in system/nlb_user.class.php in NewLife Blogger 3.0 and earlier, and possibly 3.3.1, allows remote attackers to execute arbitrary SQL commands via the nlb3 cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31728", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31728" + }, + { + "name": "32214", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32214" + }, + { + "name": "ADV-2008-2797", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2797" + }, + { + "name": "6739", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6739" + }, + { + "name": "http://www.pepelux.org/exploits/newlife-es.txt", + "refsource": "MISC", + "url": "http://www.pepelux.org/exploits/newlife-es.txt" + }, + { + "name": "newlifeblogger-nlbuserclass-sql-injection(45820)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45820" + }, + { + "name": "newlifeblogger-nlbuserclass-security-bypass(45821)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45821" + }, + { + "name": "20081012 NewLife Blogger <= v3.0 / Insecure Cookie Handling & SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497283/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6566.json b/2008/6xxx/CVE-2008-6566.json index ef2b2c89824..ef3cc7d2579 100644 --- a/2008/6xxx/CVE-2008-6566.json +++ b/2008/6xxx/CVE-2008-6566.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6566", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Octopussy before 0.9.5.8 has unknown impact and attack vectors related to a \"major security\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6566", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://freshmeat.net/projects/octopussy/releases/275561", - "refsource" : "CONFIRM", - "url" : "http://freshmeat.net/projects/octopussy/releases/275561" - }, - { - "name" : "48839", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/48839" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Octopussy before 0.9.5.8 has unknown impact and attack vectors related to a \"major security\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48839", + "refsource": "OSVDB", + "url": "http://osvdb.org/48839" + }, + { + "name": "http://freshmeat.net/projects/octopussy/releases/275561", + "refsource": "CONFIRM", + "url": "http://freshmeat.net/projects/octopussy/releases/275561" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6612.json b/2008/6xxx/CVE-2008-6612.json index 39668909897..6b61e850b02 100644 --- a/2008/6xxx/CVE-2008-6612.json +++ b/2008/6xxx/CVE-2008-6612.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in admin/uploader.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7306", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7306" - }, - { - "name" : "32537", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32537" - }, - { - "name" : "32886", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32886" - }, - { - "name" : "ADV-2008-3291", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3291" - }, - { - "name" : "minimalablog-uploader-file-upload(46964)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46964" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in admin/uploader.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32537", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32537" + }, + { + "name": "7306", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7306" + }, + { + "name": "ADV-2008-3291", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3291" + }, + { + "name": "minimalablog-uploader-file-upload(46964)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46964" + }, + { + "name": "32886", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32886" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7097.json b/2008/7xxx/CVE-2008-7097.json index ab3b55b2544..24ba154b5ed 100644 --- a/2008/7xxx/CVE-2008-7097.json +++ b/2008/7xxx/CVE-2008-7097.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via (1) the $id variable in admin/includes/dele_cpac.php, (2) $ord[order_id] variable in payments/payment_received.php, (3) $id variable in includes/functions.php, and (4) unspecified variables in modules/chat.php, as demonstrated via the (a) show parameter in an online action to index.php; (b) PATH_INTO to the room/ handler; (c) image and (d) id parameters in a vote action to index.php; (e) PATH_INFO to the blog/ handler; and (f) id parameter in a blog_edit action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6312", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6312" - }, - { - "name" : "30842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30842" - }, - { - "name" : "48338", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/48338" - }, - { - "name" : "31548", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31548" - }, - { - "name" : "krate-index-sql-injection(44670)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via (1) the $id variable in admin/includes/dele_cpac.php, (2) $ord[order_id] variable in payments/payment_received.php, (3) $id variable in includes/functions.php, and (4) unspecified variables in modules/chat.php, as demonstrated via the (a) show parameter in an online action to index.php; (b) PATH_INTO to the room/ handler; (c) image and (d) id parameters in a vote action to index.php; (e) PATH_INFO to the blog/ handler; and (f) id parameter in a blog_edit action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "krate-index-sql-injection(44670)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44670" + }, + { + "name": "6312", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6312" + }, + { + "name": "30842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30842" + }, + { + "name": "31548", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31548" + }, + { + "name": "48338", + "refsource": "OSVDB", + "url": "http://osvdb.org/48338" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2649.json b/2013/2xxx/CVE-2013-2649.json index a151e9121c0..4cf67ed1fb3 100644 --- a/2013/2xxx/CVE-2013-2649.json +++ b/2013/2xxx/CVE-2013-2649.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2649", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2649", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11357.json b/2017/11xxx/CVE-2017-11357.json index dcc6a4cc32b..6890e31e1f8 100644 --- a/2017/11xxx/CVE-2017-11357.json +++ b/2017/11xxx/CVE-2017-11357.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43874", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43874/" - }, - { - "name" : "http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/insecure-direct-object-reference", - "refsource" : "CONFIRM", - "url" : "http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/insecure-direct-object-reference" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43874", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43874/" + }, + { + "name": "http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/insecure-direct-object-reference", + "refsource": "CONFIRM", + "url": "http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/insecure-direct-object-reference" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11421.json b/2017/11xxx/CVE-2017-11421.json index d89adcde4ec..70226b6149c 100644 --- a/2017/11xxx/CVE-2017-11421.json +++ b/2017/11xxx/CVE-2017-11421.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11421", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the \"Bad Taste\" issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html", - "refsource" : "MISC", - "url" : "http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html" - }, - { - "name" : "https://bugs.debian.org/868705", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/868705" - }, - { - "name" : "https://github.com/gnome-exe-thumbnailer/gnome-exe-thumbnailer/commit/1d8e3102dd8fd23431ae6127d14a236da6b4a4a5", - "refsource" : "MISC", - "url" : "https://github.com/gnome-exe-thumbnailer/gnome-exe-thumbnailer/commit/1d8e3102dd8fd23431ae6127d14a236da6b4a4a5" - }, - { - "name" : "99922", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99922" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the \"Bad Taste\" issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/868705", + "refsource": "MISC", + "url": "https://bugs.debian.org/868705" + }, + { + "name": "https://github.com/gnome-exe-thumbnailer/gnome-exe-thumbnailer/commit/1d8e3102dd8fd23431ae6127d14a236da6b4a4a5", + "refsource": "MISC", + "url": "https://github.com/gnome-exe-thumbnailer/gnome-exe-thumbnailer/commit/1d8e3102dd8fd23431ae6127d14a236da6b4a4a5" + }, + { + "name": "http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html", + "refsource": "MISC", + "url": "http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html" + }, + { + "name": "99922", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99922" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11767.json b/2017/11xxx/CVE-2017-11767.json index fa8d3a2473b..51074d7875c 100644 --- a/2017/11xxx/CVE-2017-11767.json +++ b/2017/11xxx/CVE-2017-11767.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-09-14T00:00:00", - "ID" : "CVE-2017-11767", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ChakraCore", - "version" : { - "version_data" : [ - { - "version_value" : "ChakraCore" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-09-14T00:00:00", + "ID": "CVE-2017-11767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore", + "version": { + "version_data": [ + { + "version_value": "ChakraCore" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767" - }, - { - "name" : "100838", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100838" - }, - { - "name" : "1039369", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039369" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039369", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039369" + }, + { + "name": "100838", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100838" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11767" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11868.json b/2017/11xxx/CVE-2017-11868.json index 53e1e429bad..2523fda1afa 100644 --- a/2017/11xxx/CVE-2017-11868.json +++ b/2017/11xxx/CVE-2017-11868.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11868", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11868", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14533.json b/2017/14xxx/CVE-2017-14533.json index 1d5cad65938..4ca2cc2050c 100644 --- a/2017/14xxx/CVE-2017-14533.json +++ b/2017/14xxx/CVE-2017-14533.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/648", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/648" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - }, - { - "name" : "100885", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100885" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/648", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/648" + }, + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + }, + { + "name": "100885", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100885" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14547.json b/2017/14xxx/CVE-2017-14547.json index df1a24c486a..757ba91a6be 100644 --- a/2017/14xxx/CVE-2017-14547.json +++ b/2017/14xxx/CVE-2017-14547.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .mobi file, related to a \"Read Access Violation starting at STDUMOBIFile!DllUnregisterServer+0x000000000002efc0.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14547", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .mobi file, related to a \"Read Access Violation starting at STDUMOBIFile!DllUnregisterServer+0x000000000002efc0.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14547", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14547" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14999.json b/2017/14xxx/CVE-2017-14999.json index f5e0bc5994a..0fb136bf12d 100644 --- a/2017/14xxx/CVE-2017-14999.json +++ b/2017/14xxx/CVE-2017-14999.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14999", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14999", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15549.json b/2017/15xxx/CVE-2017-15549.json index 6d73c2a6792..d7b59b1201a 100644 --- a/2017/15xxx/CVE-2017-15549.json +++ b/2017/15xxx/CVE-2017-15549.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-15549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0", - "version" : { - "version_data" : [ - { - "version_value" : "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Arbitrary file upload vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-15549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0", + "version": { + "version_data": [ + { + "version_value": "EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0, EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x, EMC Integrated Data Protection Appliance 2.0" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2018/Jan/17", - "refsource" : "CONFIRM", - "url" : "http://seclists.org/fulldisclosure/2018/Jan/17" - }, - { - "name" : "102363", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102363" - }, - { - "name" : "1040070", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary file upload vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040070", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040070" + }, + { + "name": "102363", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102363" + }, + { + "name": "http://seclists.org/fulldisclosure/2018/Jan/17", + "refsource": "CONFIRM", + "url": "http://seclists.org/fulldisclosure/2018/Jan/17" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15691.json b/2017/15xxx/CVE-2017-15691.json index bf893a01550..a4c89682606 100644 --- a/2017/15xxx/CVE-2017-15691.json +++ b/2017/15xxx/CVE-2017-15691.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2018-04-26T00:00:00", - "ID" : "CVE-2017-15691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache UIMA", - "version" : { - "version_data" : [ - { - "version_value" : "uimaj prior to 2.10.2" - }, - { - "version_value" : "uimaj 3.0.0-xxx prior to 3.0.0-beta" - }, - { - "version_value" : "uima-as prior to 2.10.2" - }, - { - "version_value" : "uimaFIT prior to 2.4.0" - }, - { - "version_value" : "uimaDUCC prior to 2.2.2" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2018-04-26T00:00:00", + "ID": "CVE-2017-15691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache UIMA", + "version": { + "version_data": [ + { + "version_value": "uimaj prior to 2.10.2" + }, + { + "version_value": "uimaj 3.0.0-xxx prior to 3.0.0-beta" + }, + { + "version_value": "uima-as prior to 2.10.2" + }, + { + "version_value": "uimaFIT prior to 2.4.0" + }, + { + "version_value": "uimaDUCC prior to 2.2.2" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://uima.apache.org/security_report#CVE-2017-15691", - "refsource" : "CONFIRM", - "url" : "https://uima.apache.org/security_report#CVE-2017-15691" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://uima.apache.org/security_report#CVE-2017-15691", + "refsource": "CONFIRM", + "url": "https://uima.apache.org/security_report#CVE-2017-15691" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15811.json b/2017/15xxx/CVE-2017-15811.json index c19d4a3f45c..b928a55ef65 100644 --- a/2017/15xxx/CVE-2017-15811.json +++ b/2017/15xxx/CVE-2017-15811.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/144582/WordPress-Pootle-Button-1.1.1-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/144582/WordPress-Pootle-Button-1.1.1-Cross-Site-Scripting.html" - }, - { - "name" : "https://plugins.trac.wordpress.org/changeset/1745805/pootle-button/tags/", - "refsource" : "MISC", - "url" : "https://plugins.trac.wordpress.org/changeset/1745805/pootle-button/tags/" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8930", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8930" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpvulndb.com/vulnerabilities/8930", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8930" + }, + { + "name": "https://plugins.trac.wordpress.org/changeset/1745805/pootle-button/tags/", + "refsource": "MISC", + "url": "https://plugins.trac.wordpress.org/changeset/1745805/pootle-button/tags/" + }, + { + "name": "https://packetstormsecurity.com/files/144582/WordPress-Pootle-Button-1.1.1-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/144582/WordPress-Pootle-Button-1.1.1-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15960.json b/2017/15xxx/CVE-2017-15960.json index ae8b94e0179..8a2192a9099 100644 --- a/2017/15xxx/CVE-2017-15960.json +++ b/2017/15xxx/CVE-2017-15960.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15960", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15960", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43099", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43099/" - }, - { - "name" : "https://packetstormsecurity.com/files/144429/Article-Directory-Script-3.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/144429/Article-Directory-Script-3.0-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/144429/Article-Directory-Script-3.0-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/144429/Article-Directory-Script-3.0-SQL-Injection.html" + }, + { + "name": "43099", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43099/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15971.json b/2017/15xxx/CVE-2017-15971.json index b4463813e98..6e2e2f91f92 100644 --- a/2017/15xxx/CVE-2017-15971.json +++ b/2017/15xxx/CVE-2017-15971.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43088", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43088/" - }, - { - "name" : "https://packetstormsecurity.com/files/144441/Same-Sex-Dating-Software-Pro-1.0-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/144441/Same-Sex-Dating-Software-Pro-1.0-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "43088", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43088/" + }, + { + "name": "https://packetstormsecurity.com/files/144441/Same-Sex-Dating-Software-Pro-1.0-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/144441/Same-Sex-Dating-Software-Pro-1.0-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8812.json b/2017/8xxx/CVE-2017-8812.json index dfa5dd592c5..8b9e11cbe35 100644 --- a/2017/8xxx/CVE-2017-8812.json +++ b/2017/8xxx/CVE-2017-8812.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@debian.org", - "ID" : "CVE-2017-8812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2", - "version" : { - "version_data" : [ - { - "version_value" : "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "greater than injection" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2017-8812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2", + "version": { + "version_data": [ + { + "version_value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html", - "refsource" : "CONFIRM", - "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html" - }, - { - "name" : "DSA-4036", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4036" - }, - { - "name" : "1039812", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039812" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "greater than injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039812", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039812" + }, + { + "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html", + "refsource": "CONFIRM", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html" + }, + { + "name": "DSA-4036", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4036" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8822.json b/2017/8xxx/CVE-2017-8822.json index aa013844806..2871b03fc6e 100644 --- a/2017/8xxx/CVE-2017-8822.json +++ b/2017/8xxx/CVE-2017-8822.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@debian.org", - "ID" : "CVE-2017-8822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9", - "version" : { - "version_data" : [ - { - "version_value" : "Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "loss of anonymity" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2017-8822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9", + "version": { + "version_data": [ + { + "version_value": "Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516", - "refsource" : "CONFIRM", - "url" : "https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516" - }, - { - "name" : "https://bugs.torproject.org/21534", - "refsource" : "CONFIRM", - "url" : "https://bugs.torproject.org/21534" - }, - { - "name" : "https://bugs.torproject.org/24333", - "refsource" : "CONFIRM", - "url" : "https://bugs.torproject.org/24333" - }, - { - "name" : "DSA-4054", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "loss of anonymity" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.torproject.org/21534", + "refsource": "CONFIRM", + "url": "https://bugs.torproject.org/21534" + }, + { + "name": "https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516", + "refsource": "CONFIRM", + "url": "https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516" + }, + { + "name": "https://bugs.torproject.org/24333", + "refsource": "CONFIRM", + "url": "https://bugs.torproject.org/24333" + }, + { + "name": "DSA-4054", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4054" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9955.json b/2017/9xxx/CVE-2017-9955.json index fa527886a64..cd173ecef42 100644 --- a/2017/9xxx/CVE-2017-9955.json +++ b/2017/9xxx/CVE-2017-9955.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21665", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21665" - }, - { - "name" : "99573", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99573" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=21665", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21665" + }, + { + "name": "99573", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99573" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000093.json b/2018/1000xxx/CVE-2018-1000093.json index b24cc877ceb..89c4864a90f 100644 --- a/2018/1000xxx/CVE-2018-1000093.json +++ b/2018/1000xxx/CVE-2018-1000093.json @@ -1,74 +1,74 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2/11/2018 18:32:45", - "ID" : "CVE-2018-1000093", - "REQUESTER" : "terrycwk1994@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CryptoNote", - "version" : { - "version_data" : [ - { - "version_value" : "version 0.8.9 and possibly later" - } - ] - } - } - ] - }, - "vendor_name" : "CryptoNote" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CryptoNote version version 0.8.9 and possibly later contain a local RPC server which does not require authentication, as a result the walletd and the simplewallet RPC daemons will process any commands sent to them, resulting in remote command execution and a takeover of the cryptocurrency wallet if an attacker can trick an application such as a web browser into connecting and sending a command for example. This attack appears to be exploitable via a victim visiting a webpage hosting malicious content that trigger such behavior." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Unauthenticated JSON RPC server" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2/11/2018 18:32:45", + "ID": "CVE-2018-1000093", + "REQUESTER": "terrycwk1994@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/amjuarez/bytecoin/issues/217", - "refsource" : "MISC", - "url" : "https://github.com/amjuarez/bytecoin/issues/217" - }, - { - "name" : "https://github.com/cryptonotefoundation/cryptonote/issues/172", - "refsource" : "MISC", - "url" : "https://github.com/cryptonotefoundation/cryptonote/issues/172" - }, - { - "name" : "https://www.ayrx.me/cryptonote-unauthenticated-json-rpc", - "refsource" : "MISC", - "url" : "https://www.ayrx.me/cryptonote-unauthenticated-json-rpc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CryptoNote version version 0.8.9 and possibly later contain a local RPC server which does not require authentication, as a result the walletd and the simplewallet RPC daemons will process any commands sent to them, resulting in remote command execution and a takeover of the cryptocurrency wallet if an attacker can trick an application such as a web browser into connecting and sending a command for example. This attack appears to be exploitable via a victim visiting a webpage hosting malicious content that trigger such behavior." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ayrx.me/cryptonote-unauthenticated-json-rpc", + "refsource": "MISC", + "url": "https://www.ayrx.me/cryptonote-unauthenticated-json-rpc" + }, + { + "name": "https://github.com/cryptonotefoundation/cryptonote/issues/172", + "refsource": "MISC", + "url": "https://github.com/cryptonotefoundation/cryptonote/issues/172" + }, + { + "name": "https://github.com/amjuarez/bytecoin/issues/217", + "refsource": "MISC", + "url": "https://github.com/amjuarez/bytecoin/issues/217" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000665.json b/2018/1000xxx/CVE-2018-1000665.json index 41b7a579781..f61704d768f 100644 --- a/2018/1000xxx/CVE-2018-1000665.json +++ b/2018/1000xxx/CVE-2018-1000665.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-09-03T16:07:16.974886", - "DATE_REQUESTED" : "2018-08-22T22:28:15", - "ID" : "CVE-2018-1000665", - "REQUESTER" : "setenforce1@gmail.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Dojo Objective Harness (DOH)", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 1.14" - } - ] - } - } - ] - }, - "vendor_name" : "Dojo" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. This vulnerability appears to have been fixed in 1.14." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-09-03T16:07:16.974886", + "DATE_REQUESTED": "2018-08-22T22:28:15", + "ID": "CVE-2018-1000665", + "REQUESTER": "setenforce1@gmail.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://dojotoolkit.org/blog/dojo-1-14-released", - "refsource" : "CONFIRM", - "url" : "https://dojotoolkit.org/blog/dojo-1-14-released" - }, - { - "name" : "https://github.com/dojo/dojo/pull/307", - "refsource" : "CONFIRM", - "url" : "https://github.com/dojo/dojo/pull/307" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. This vulnerability appears to have been fixed in 1.14." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://dojotoolkit.org/blog/dojo-1-14-released", + "refsource": "CONFIRM", + "url": "https://dojotoolkit.org/blog/dojo-1-14-released" + }, + { + "name": "https://github.com/dojo/dojo/pull/307", + "refsource": "CONFIRM", + "url": "https://github.com/dojo/dojo/pull/307" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12038.json b/2018/12xxx/CVE-2018-12038.json index 51a35fd3398..68c1864400a 100644 --- a/2018/12xxx/CVE-2018-12038.json +++ b/2018/12xxx/CVE-2018-12038.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the disk-encryption key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028", - "refsource" : "MISC", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181112-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181112-0001/" - }, - { - "name" : "VU#395981", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/395981" - }, - { - "name" : "105841", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105841" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Samsung 840 EVO devices. Vendor-specific commands may allow access to the disk-encryption key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20181112-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181112-0001/" + }, + { + "name": "VU#395981", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/395981" + }, + { + "name": "105841", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105841" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028", + "refsource": "MISC", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180028" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12224.json b/2018/12xxx/CVE-2018-12224.json index 6e929391863..9b785c01c3d 100644 --- a/2018/12xxx/CVE-2018-12224.json +++ b/2018/12xxx/CVE-2018-12224.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2019-03-12T00:00:00", - "ID" : "CVE-2018-12224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel(R) Graphics Driver for Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Multiple versions." - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer leakage in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2019-03-12T00:00:00", + "ID": "CVE-2018-12224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel(R) Graphics Driver for Windows", + "version": { + "version_data": [ + { + "version_value": "Multiple versions." + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer leakage in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12395.json b/2018/12xxx/CVE-2018-12395.json index 0314afc171d..92798830371 100644 --- a/2018/12xxx/CVE-2018-12395.json +++ b/2018/12xxx/CVE-2018-12395.json @@ -1,124 +1,124 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2018-12395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "60.3" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "63" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "WebExtension bypass of domain restrictions through header rewriting" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2018-12395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "60.3" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "63" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181107 [SECURITY] [DLA 1571-1] firefox-esr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1467523", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1467523" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-26/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-26/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2018-27/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2018-27/" - }, - { - "name" : "DSA-4324", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4324" - }, - { - "name" : "GLSA-201811-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201811-04" - }, - { - "name" : "RHSA-2018:3005", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3005" - }, - { - "name" : "RHSA-2018:3006", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3006" - }, - { - "name" : "USN-3801-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3801-1/" - }, - { - "name" : "105718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105718" - }, - { - "name" : "1041944", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041944" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "WebExtension bypass of domain restrictions through header rewriting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4324", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4324" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-26/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-26/" + }, + { + "name": "GLSA-201811-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201811-04" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2018-27/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2018-27/" + }, + { + "name": "RHSA-2018:3005", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3005" + }, + { + "name": "105718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105718" + }, + { + "name": "RHSA-2018:3006", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3006" + }, + { + "name": "USN-3801-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3801-1/" + }, + { + "name": "[debian-lts-announce] 20181107 [SECURITY] [DLA 1571-1] firefox-esr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html" + }, + { + "name": "1041944", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041944" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1467523", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1467523" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12893.json b/2018/12xxx/CVE-2018-12893.json index d7c1b526334..ea8a02d3142 100644 --- a/2018/12xxx/CVE-2018-12893.json +++ b/2018/12xxx/CVE-2018-12893.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20180627 Xen Security Advisory 265 (CVE-2018-12893) - x86: #DB exception safety check can be triggered by a guest", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2018/06/27/11" - }, - { - "name" : "[debian-lts-announce] 20181112 [SECURITY] [DLA 1577-1] xen security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html" - }, - { - "name" : "http://xenbits.xen.org/xsa/advisory-265.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-265.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1590979", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1590979" - }, - { - "name" : "https://support.citrix.com/article/CTX235748", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX235748" - }, - { - "name" : "DSA-4236", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4236" - }, - { - "name" : "GLSA-201810-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201810-06" - }, - { - "name" : "104572", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104572" - }, - { - "name" : "1041202", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041202" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leading to a Denial of Service. All Xen systems which have applied the XSA-260 fix are vulnerable. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only x86 PV guests can exploit the vulnerability. x86 HVM and PVH guests cannot exploit the vulnerability. An attacker needs to be able to control hardware debugging facilities to exploit the vulnerability, but such permissions are typically available to unprivileged users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20180627 Xen Security Advisory 265 (CVE-2018-12893) - x86: #DB exception safety check can be triggered by a guest", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2018/06/27/11" + }, + { + "name": "DSA-4236", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4236" + }, + { + "name": "https://support.citrix.com/article/CTX235748", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX235748" + }, + { + "name": "GLSA-201810-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201810-06" + }, + { + "name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1577-1] xen security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1590979", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590979" + }, + { + "name": "http://xenbits.xen.org/xsa/advisory-265.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-265.html" + }, + { + "name": "104572", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104572" + }, + { + "name": "1041202", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041202" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12924.json b/2018/12xxx/CVE-2018-12924.json index 270fc11cdf5..3e3979ac0ce 100644 --- a/2018/12xxx/CVE-2018-12924.json +++ b/2018/12xxx/CVE-2018-12924.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have a default password of sollae for the TELNET service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.seebug.org/vuldb/ssvid-97374", - "refsource" : "MISC", - "url" : "https://www.seebug.org/vuldb/ssvid-97374" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have a default password of sollae for the TELNET service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.seebug.org/vuldb/ssvid-97374", + "refsource": "MISC", + "url": "https://www.seebug.org/vuldb/ssvid-97374" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12987.json b/2018/12xxx/CVE-2018-12987.json index 1a4e85fa02e..c5196baf2f1 100644 --- a/2018/12xxx/CVE-2018-12987.json +++ b/2018/12xxx/CVE-2018-12987.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12987", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12987", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13193.json b/2018/13xxx/CVE-2018-13193.json index eb1e003e943..39dd47b17c2 100644 --- a/2018/13xxx/CVE-2018-13193.json +++ b/2018/13xxx/CVE-2018-13193.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for hentaisolo (HAO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/hentaisolo", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/hentaisolo" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for hentaisolo (HAO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/hentaisolo", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/hentaisolo" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13277.json b/2018/13xxx/CVE-2018-13277.json index 1c806df43d4..269ae537f5b 100644 --- a/2018/13xxx/CVE-2018-13277.json +++ b/2018/13xxx/CVE-2018-13277.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13277", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-13277", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13848.json b/2018/13xxx/CVE-2018-13848.json index 62ef0a9bad2..150834658b5 100644 --- a/2018/13xxx/CVE-2018-13848.json +++ b/2018/13xxx/CVE-2018-13848.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13848", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StszAtom::GetSampleSize in Core/Ap4StszAtom.cpp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/axiomatic-systems/Bento4/issues/285", - "refsource" : "MISC", - "url" : "https://github.com/axiomatic-systems/Bento4/issues/285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StszAtom::GetSampleSize in Core/Ap4StszAtom.cpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/axiomatic-systems/Bento4/issues/285", + "refsource": "MISC", + "url": "https://github.com/axiomatic-systems/Bento4/issues/285" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16477.json b/2018/16xxx/CVE-2018-16477.json index 67dcc4f41f1..c05631fb7fc 100644 --- a/2018/16xxx/CVE-2018-16477.json +++ b/2018/16xxx/CVE-2018-16477.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2018-16477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "https://github.com/rails/rails", - "version" : { - "version_data" : [ - { - "version_value" : "5.2.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure (CWE-200)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2018-16477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "https://github.com/rails/rails", + "version": { + "version_data": [ + { + "version_value": "5.2.1.1" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://groups.google.com/d/msg/rubyonrails-security/3KQRnXDIuLg/mByx5KkqBAAJ", - "refsource" : "MISC", - "url" : "https://groups.google.com/d/msg/rubyonrails-security/3KQRnXDIuLg/mByx5KkqBAAJ" - }, - { - "name" : "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/", - "refsource" : "MISC", - "url" : "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://groups.google.com/d/msg/rubyonrails-security/3KQRnXDIuLg/mByx5KkqBAAJ", + "refsource": "MISC", + "url": "https://groups.google.com/d/msg/rubyonrails-security/3KQRnXDIuLg/mByx5KkqBAAJ" + }, + { + "name": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/", + "refsource": "MISC", + "url": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16479.json b/2018/16xxx/CVE-2018-16479.json index de49f326ef2..cf695188d2e 100644 --- a/2018/16xxx/CVE-2018-16479.json +++ b/2018/16xxx/CVE-2018-16479.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2018-16479", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "http-live-simulator", - "version" : { - "version_data" : [ - { - "version_value" : "<1.0.7" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Path Traversal (CWE-22)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2018-16479", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "http-live-simulator", + "version": { + "version_data": [ + { + "version_value": "<1.0.7" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/411405", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/411405" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/411405", + "refsource": "MISC", + "url": "https://hackerone.com/reports/411405" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16522.json b/2018/16xxx/CVE-2018-16522.json index c6312319a4d..f49a460f994 100644 --- a/2018/16xxx/CVE-2018-16522.json +++ b/2018/16xxx/CVE-2018-16522.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETS_SetSockOpt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/", - "refsource" : "MISC", - "url" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/" - }, - { - "name" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/", - "refsource" : "MISC", - "url" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/" - }, - { - "name" : "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md", - "refsource" : "CONFIRM", - "url" : "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETS_SetSockOpt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md", + "refsource": "CONFIRM", + "url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md" + }, + { + "name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/", + "refsource": "MISC", + "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/" + }, + { + "name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/", + "refsource": "MISC", + "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16811.json b/2018/16xxx/CVE-2018-16811.json index 7e356c976fd..36afb760fc3 100644 --- a/2018/16xxx/CVE-2018-16811.json +++ b/2018/16xxx/CVE-2018-16811.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16811", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16811", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16835.json b/2018/16xxx/CVE-2018-16835.json index 0fa336033f6..e66da7de049 100644 --- a/2018/16xxx/CVE-2018-16835.json +++ b/2018/16xxx/CVE-2018-16835.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16835", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16835", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4019.json b/2018/4xxx/CVE-2018-4019.json index 83aba488c17..438f1404177 100644 --- a/2018/4xxx/CVE-2018-4019.json +++ b/2018/4xxx/CVE-2018-4019.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-12-03T00:00:00", - "ID" : "CVE-2018-4019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Netgate pfSense", - "version" : { - "version_data" : [ - { - "version_value" : "Netgate pfSense CE 2.4.4-RELEASE" - } - ] - } - } - ] - }, - "vendor_name" : "Netgate" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_normal_mode` parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS command injection" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-12-03T00:00:00", + "ID": "CVE-2018-4019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Netgate pfSense", + "version": { + "version_data": [ + { + "version_value": "Netgate pfSense CE 2.4.4-RELEASE" + } + ] + } + } + ] + }, + "vendor_name": "Netgate" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0690", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0690" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_normal_mode` parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0690", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0690" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4027.json b/2018/4xxx/CVE-2018-4027.json index 98136b561cd..7151134bf2c 100644 --- a/2018/4xxx/CVE-2018-4027.json +++ b/2018/4xxx/CVE-2018-4027.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4027", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4027", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4237.json b/2018/4xxx/CVE-2018-4237.json index 0334316a61c..ac0c71a3a8d 100644 --- a/2018/4xxx/CVE-2018-4237.json +++ b/2018/4xxx/CVE-2018-4237.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"libxpc\" component. It allows attackers to gain privileges via a crafted app that leverages a logic error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45916", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45916/" - }, - { - "name" : "https://support.apple.com/HT208848", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208848" - }, - { - "name" : "https://support.apple.com/HT208849", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208849" - }, - { - "name" : "https://support.apple.com/HT208850", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208850" - }, - { - "name" : "https://support.apple.com/HT208851", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208851" - }, - { - "name" : "1041027", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"libxpc\" component. It allows attackers to gain privileges via a crafted app that leverages a logic error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208850", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208850" + }, + { + "name": "https://support.apple.com/HT208851", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208851" + }, + { + "name": "1041027", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041027" + }, + { + "name": "https://support.apple.com/HT208848", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208848" + }, + { + "name": "https://support.apple.com/HT208849", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208849" + }, + { + "name": "45916", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45916/" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4509.json b/2018/4xxx/CVE-2018-4509.json index d2907e3b977..587fe92a1a9 100644 --- a/2018/4xxx/CVE-2018-4509.json +++ b/2018/4xxx/CVE-2018-4509.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4509", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4509", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4662.json b/2018/4xxx/CVE-2018-4662.json index a23e07bed60..042ddea89a8 100644 --- a/2018/4xxx/CVE-2018-4662.json +++ b/2018/4xxx/CVE-2018-4662.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4662", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4662", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9856.json b/2019/9xxx/CVE-2019-9856.json new file mode 100644 index 00000000000..ffc04dee868 --- /dev/null +++ b/2019/9xxx/CVE-2019-9856.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9856", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file