diff --git a/2004/0xxx/CVE-2004-0018.json b/2004/0xxx/CVE-2004-0018.json index ee55bed0296..ac1a0ad5479 100644 --- a/2004/0xxx/CVE-2004-0018.json +++ b/2004/0xxx/CVE-2004-0018.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0018", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0018", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0120.json b/2004/0xxx/CVE-2004-0120.json index 05043511689..e7531237f1c 100644 --- a/2004/0xxx/CVE-2004-0120.json +++ b/2004/0xxx/CVE-2004-0120.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS04-011", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011" - }, - { - "name" : "TA04-104A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html" - }, - { - "name" : "VU#150236", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/150236" - }, - { - "name" : "O-114", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-114.shtml" - }, - { - "name" : "10115", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10115" - }, - { - "name" : "oval:org.mitre.oval:def:885", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A885" - }, - { - "name" : "oval:org.mitre.oval:def:886", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A886" - }, - { - "name" : "oval:org.mitre.oval:def:892", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A892" - }, - { - "name" : "ssl-message-dos(15712)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15712" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "O-114", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-114.shtml" + }, + { + "name": "VU#150236", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/150236" + }, + { + "name": "oval:org.mitre.oval:def:885", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A885" + }, + { + "name": "oval:org.mitre.oval:def:886", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A886" + }, + { + "name": "ssl-message-dos(15712)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15712" + }, + { + "name": "MS04-011", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011" + }, + { + "name": "oval:org.mitre.oval:def:892", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A892" + }, + { + "name": "TA04-104A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA04-104A.html" + }, + { + "name": "10115", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10115" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0973.json b/2004/0xxx/CVE-2004-0973.json index 7a26156a751..0e60822bf97 100644 --- a/2004/0xxx/CVE-2004-0973.json +++ b/2004/0xxx/CVE-2004-0973.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0973", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0457. Reason: This candidate is a reservation duplicate of CVE-2004-0457. Notes: All CVE users should reference CVE-2004-0457 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2004-0973", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0457. Reason: This candidate is a reservation duplicate of CVE-2004-0457. Notes: All CVE users should reference CVE-2004-0457 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1229.json b/2004/1xxx/CVE-2004-1229.json index 39683c9472a..20d4ab82b0e 100644 --- a/2004/1xxx/CVE-2004-1229.json +++ b/2004/1xxx/CVE-2004-1229.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1229", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arbitrary web script or HTML via (1) http:// or (2) news:// URLs, a different vulnerability than CVE-2004-1410." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041213 Gadu-Gadu several vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110295777306493&w=2" - }, - { - "name" : "http://www.man.poznan.pl/~security/gg-adv.txt", - "refsource" : "MISC", - "url" : "http://www.man.poznan.pl/~security/gg-adv.txt" - }, - { - "name" : "11899", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11899" - }, - { - "name" : "12517", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/12517" - }, - { - "name" : "13450", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13450" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arbitrary web script or HTML via (1) http:// or (2) news:// URLs, a different vulnerability than CVE-2004-1410." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041213 Gadu-Gadu several vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110295777306493&w=2" + }, + { + "name": "12517", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/12517" + }, + { + "name": "http://www.man.poznan.pl/~security/gg-adv.txt", + "refsource": "MISC", + "url": "http://www.man.poznan.pl/~security/gg-adv.txt" + }, + { + "name": "13450", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13450" + }, + { + "name": "11899", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11899" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1428.json b/2004/1xxx/CVE-2004-1428.json index ed3f5cfd91e..7b43c646a1f 100644 --- a/2004/1xxx/CVE-2004-1428.json +++ b/2004/1xxx/CVE-2004-1428.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1428", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041231 ArGoSoft FTP Server reveals valid usernames and allows for brute force attacks", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110451582011666&w=2" - }, - { - "name" : "http://www.lovebug.org/argosoft_advisory.txt", - "refsource" : "MISC", - "url" : "http://www.lovebug.org/argosoft_advisory.txt" - }, - { - "name" : "http://www.argosoft.com/ftpserver/changelist.aspx", - "refsource" : "CONFIRM", - "url" : "http://www.argosoft.com/ftpserver/changelist.aspx" - }, - { - "name" : "12139", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12139" - }, - { - "name" : "11335", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11335" - }, - { - "name" : "1012744", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012744" - }, - { - "name" : "13063", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13063" - }, - { - "name" : "argosoft-information-disclosure(18721)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "argosoft-information-disclosure(18721)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18721" + }, + { + "name": "1012744", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012744" + }, + { + "name": "13063", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13063" + }, + { + "name": "http://www.lovebug.org/argosoft_advisory.txt", + "refsource": "MISC", + "url": "http://www.lovebug.org/argosoft_advisory.txt" + }, + { + "name": "12139", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12139" + }, + { + "name": "http://www.argosoft.com/ftpserver/changelist.aspx", + "refsource": "CONFIRM", + "url": "http://www.argosoft.com/ftpserver/changelist.aspx" + }, + { + "name": "20041231 ArGoSoft FTP Server reveals valid usernames and allows for brute force attacks", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110451582011666&w=2" + }, + { + "name": "11335", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11335" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1477.json b/2004/1xxx/CVE-2004-1477.json index 92f9fe6608e..179894a598c 100644 --- a/2004/1xxx/CVE-2004-1477.json +++ b/2004/1xxx/CVE-2004-1477.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or HTML and possibly hijack a user's session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040923 New Macromedia Security Zone Bulletins Posted", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109621995623823&w=2" - }, - { - "name" : "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html", - "refsource" : "CONFIRM", - "url" : "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html" - }, - { - "name" : "VU#668206", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/668206" - }, - { - "name" : "11245", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11245" - }, - { - "name" : "12638", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12638/" - }, - { - "name" : "jrun-management-console-xss(17483)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17483" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or HTML and possibly hijack a user's session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#668206", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/668206" + }, + { + "name": "20040923 New Macromedia Security Zone Bulletins Posted", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109621995623823&w=2" + }, + { + "name": "jrun-management-console-xss(17483)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17483" + }, + { + "name": "11245", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11245" + }, + { + "name": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html", + "refsource": "CONFIRM", + "url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html" + }, + { + "name": "12638", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12638/" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2669.json b/2004/2xxx/CVE-2004-2669.json index d502f972d92..de920512f09 100644 --- a/2004/2xxx/CVE-2004-2669.json +++ b/2004/2xxx/CVE-2004-2669.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 allow remote attackers to execute arbitrary SQL commands or obtain the installation path via parameters including (1) s, w, and d in users.php, (2) id in comments.php, (3) rusername in auth.php, or (4) h in plug.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.neocrome.net/page.php?id=1573", - "refsource" : "MISC", - "url" : "http://www.neocrome.net/page.php?id=1573" - }, - { - "name" : "http://www.ptsecurity.ru/advisory.asp", - "refsource" : "MISC", - "url" : "http://www.ptsecurity.ru/advisory.asp" - }, - { - "name" : "http://www.neocrome.net/index.php?m=single&id=91", - "refsource" : "CONFIRM", - "url" : "http://www.neocrome.net/index.php?m=single&id=91" - }, - { - "name" : "11569", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11569" - }, - { - "name" : "11299", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11299" - }, - { - "name" : "11300", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11300" - }, - { - "name" : "11301", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11301" - }, - { - "name" : "11302", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11302" - }, - { - "name" : "1012015", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012015" - }, - { - "name" : "13034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13034" - }, - { - "name" : "land-down-under-sql-injection(17912)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 allow remote attackers to execute arbitrary SQL commands or obtain the installation path via parameters including (1) s, w, and d in users.php, (2) id in comments.php, (3) rusername in auth.php, or (4) h in plug.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "land-down-under-sql-injection(17912)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17912" + }, + { + "name": "http://www.neocrome.net/index.php?m=single&id=91", + "refsource": "CONFIRM", + "url": "http://www.neocrome.net/index.php?m=single&id=91" + }, + { + "name": "11300", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11300" + }, + { + "name": "11569", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11569" + }, + { + "name": "13034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13034" + }, + { + "name": "11299", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11299" + }, + { + "name": "11301", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11301" + }, + { + "name": "1012015", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012015" + }, + { + "name": "http://www.neocrome.net/page.php?id=1573", + "refsource": "MISC", + "url": "http://www.neocrome.net/page.php?id=1573" + }, + { + "name": "http://www.ptsecurity.ru/advisory.asp", + "refsource": "MISC", + "url": "http://www.ptsecurity.ru/advisory.asp" + }, + { + "name": "11302", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11302" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2372.json b/2008/2xxx/CVE-2008-2372.json index 32ffbb66f5d..b788b09b869 100644 --- a/2008/2xxx/CVE-2008-2372.json +++ b/2008/2xxx/CVE-2008-2372.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE optimization and results in allocation of \"useless newly zeroed pages.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-2372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20080430 Re: Page Faults slower in 2.6.25-rc9 than 2.6.23", - "refsource" : "MLIST", - "url" : "http://www.ussg.iu.edu/hypermail/linux/kernel/0804.3/3203.html" - }, - { - "name" : "http://new-ubuntu-news.blogspot.com/2008/06/re-pending-stable-kernel-security_25.html", - "refsource" : "MISC", - "url" : "http://new-ubuntu-news.blogspot.com/2008/06/re-pending-stable-kernel-security_25.html" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89f5b7da2a6bad2e84670422ab8192382a5aeb9f", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89f5b7da2a6bad2e84670422ab8192382a5aeb9f" - }, - { - "name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.9", - "refsource" : "CONFIRM", - "url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.9" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0207", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0207" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2629", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2629" - }, - { - "name" : "RHSA-2008:0585", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0585.html" - }, - { - "name" : "RHSA-2008:0957", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0957.html" - }, - { - "name" : "SUSE-SA:2008:035", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html" - }, - { - "name" : "SUSE-SA:2008:037", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html" - }, - { - "name" : "SUSE-SA:2008:038", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html" - }, - { - "name" : "USN-659-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-659-1" - }, - { - "name" : "oval:org.mitre.oval:def:9383", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9383" - }, - { - "name" : "30901", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30901" - }, - { - "name" : "31202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31202" - }, - { - "name" : "31628", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31628" - }, - { - "name" : "32393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32393" - }, - { - "name" : "32485", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32485" - }, - { - "name" : "30982", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30982" - }, - { - "name" : "linux-kernel-getuserpages-dos(43550)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43550" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE optimization and results in allocation of \"useless newly zeroed pages.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0207", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0207" + }, + { + "name": "32485", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32485" + }, + { + "name": "SUSE-SA:2008:038", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html" + }, + { + "name": "SUSE-SA:2008:035", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html" + }, + { + "name": "32393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32393" + }, + { + "name": "[linux-kernel] 20080430 Re: Page Faults slower in 2.6.25-rc9 than 2.6.23", + "refsource": "MLIST", + "url": "http://www.ussg.iu.edu/hypermail/linux/kernel/0804.3/3203.html" + }, + { + "name": "RHSA-2008:0957", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0957.html" + }, + { + "name": "oval:org.mitre.oval:def:9383", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9383" + }, + { + "name": "30982", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30982" + }, + { + "name": "USN-659-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-659-1" + }, + { + "name": "30901", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30901" + }, + { + "name": "http://new-ubuntu-news.blogspot.com/2008/06/re-pending-stable-kernel-security_25.html", + "refsource": "MISC", + "url": "http://new-ubuntu-news.blogspot.com/2008/06/re-pending-stable-kernel-security_25.html" + }, + { + "name": "RHSA-2008:0585", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0585.html" + }, + { + "name": "SUSE-SA:2008:037", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89f5b7da2a6bad2e84670422ab8192382a5aeb9f", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89f5b7da2a6bad2e84670422ab8192382a5aeb9f" + }, + { + "name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.9", + "refsource": "CONFIRM", + "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.9" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2629", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2629" + }, + { + "name": "31628", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31628" + }, + { + "name": "31202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31202" + }, + { + "name": "linux-kernel-getuserpages-dos(43550)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43550" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2530.json b/2008/2xxx/CVE-2008-2530.json index 7777871396c..6314aaf896d 100644 --- a/2008/2xxx/CVE-2008-2530.json +++ b/2008/2xxx/CVE-2008-2530.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Concepts & Solutions QuickUpCMS allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter to (a) frontend/news.php, the (2) id parameter to (b) events3.php and (c) videos2.php in frontend/, the (3) y parameter to (d) frontend/events2.php, and the (4) ser parameter to (e) frontend/fotos2.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5588", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5588" - }, - { - "name" : "29145", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29145" - }, - { - "name" : "quickupcms-news-sql-injection(42325)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42325" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Concepts & Solutions QuickUpCMS allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter to (a) frontend/news.php, the (2) id parameter to (b) events3.php and (c) videos2.php in frontend/, the (3) y parameter to (d) frontend/events2.php, and the (4) ser parameter to (e) frontend/fotos2.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "quickupcms-news-sql-injection(42325)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42325" + }, + { + "name": "29145", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29145" + }, + { + "name": "5588", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5588" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2976.json b/2008/2xxx/CVE-2008-2976.json index aac94e12c1a..0c30010d653 100644 --- a/2008/2xxx/CVE-2008-2976.json +++ b/2008/2xxx/CVE-2008-2976.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2976", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in TinX/cms 1.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) language parameter to (a) include_me.php, (b) admin/ajax.php, and (c) admin/objects/catalog.ajaxhandler.php; and the (2) prefix parameter to (d) admin/inc/config.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2976", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5917", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5917" - }, - { - "name" : "29907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29907" - }, - { - "name" : "tinxcms-language-file-include(43305)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in TinX/cms 1.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) language parameter to (a) include_me.php, (b) admin/ajax.php, and (c) admin/objects/catalog.ajaxhandler.php; and the (2) prefix parameter to (d) admin/inc/config.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5917", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5917" + }, + { + "name": "tinxcms-language-file-include(43305)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43305" + }, + { + "name": "29907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29907" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3323.json b/2008/3xxx/CVE-2008-3323.json index 1027565d658..fcc8ca77fcf 100644 --- a/2008/3xxx/CVE-2008-3323.json +++ b/2008/3xxx/CVE-2008-3323.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080725 SECOBJADV-2008-02: Cygwin Installation and Update Process can be Subverted Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494756/100/0/threaded" - }, - { - "name" : "[cygwin-announce] 20080805 Updated: Setup.exe updated to version 2.573.2.3", - "refsource" : "MLIST", - "url" : "http://cygwin.com/ml/cygwin-announce/2008-08/msg00001.html" - }, - { - "name" : "http://www.security-objectives.com/advisories/SECOBJADV-2008-02.txt", - "refsource" : "MISC", - "url" : "http://www.security-objectives.com/advisories/SECOBJADV-2008-02.txt" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=449929", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=449929" - }, - { - "name" : "30375", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30375" - }, - { - "name" : "ADV-2008-2321", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2321" - }, - { - "name" : "31271", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31271" - }, - { - "name" : "4051", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4051" - }, - { - "name" : "cygwin-setup-weak-security(44047)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-2321", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2321" + }, + { + "name": "http://www.security-objectives.com/advisories/SECOBJADV-2008-02.txt", + "refsource": "MISC", + "url": "http://www.security-objectives.com/advisories/SECOBJADV-2008-02.txt" + }, + { + "name": "cygwin-setup-weak-security(44047)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44047" + }, + { + "name": "20080725 SECOBJADV-2008-02: Cygwin Installation and Update Process can be Subverted Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494756/100/0/threaded" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=449929", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=449929" + }, + { + "name": "30375", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30375" + }, + { + "name": "4051", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4051" + }, + { + "name": "[cygwin-announce] 20080805 Updated: Setup.exe updated to version 2.573.2.3", + "refsource": "MLIST", + "url": "http://cygwin.com/ml/cygwin-announce/2008-08/msg00001.html" + }, + { + "name": "31271", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31271" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3355.json b/2008/3xxx/CVE-2008-3355.json index f9acc931a96..50c8b49528a 100644 --- a/2008/3xxx/CVE-2008-3355.json +++ b/2008/3xxx/CVE-2008-3355.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6132", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6132" - }, - { - "name" : "30368", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30368" - }, - { - "name" : "31234", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31234" - }, - { - "name" : "4047", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4047" - }, - { - "name" : "cameralife-sitemapxml-sql-injection(43991)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31234", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31234" + }, + { + "name": "30368", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30368" + }, + { + "name": "4047", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4047" + }, + { + "name": "6132", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6132" + }, + { + "name": "cameralife-sitemapxml-sql-injection(43991)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43991" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3357.json b/2008/3xxx/CVE-2008-3357.json index 8277be36ff0..e5a222f72cc 100644 --- a/2008/3xxx/CVE-2008-3357.json +++ b/2008/3xxx/CVE-2008-3357.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a \"pointer overwrite vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080801 Ingres Database for Linux ingvalidpw Untrusted Library Path Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733" - }, - { - "name" : "20080806 CA Products That Embed Ingres Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495177/100/0/threaded" - }, - { - "name" : "http://www.ingres.com/support/security-alert-080108.php", - "refsource" : "CONFIRM", - "url" : "http://www.ingres.com/support/security-alert-080108.php" - }, - { - "name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989" - }, - { - "name" : "30512", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30512" - }, - { - "name" : "ADV-2008-2292", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2292" - }, - { - "name" : "ADV-2008-2313", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2313" - }, - { - "name" : "1020614", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020614" - }, - { - "name" : "31357", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31357" - }, - { - "name" : "31398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31398" - }, - { - "name" : "ingres-ingvalidpw-code-execution(44181)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44181" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a \"pointer overwrite vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020614", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020614" + }, + { + "name": "http://www.ingres.com/support/security-alert-080108.php", + "refsource": "CONFIRM", + "url": "http://www.ingres.com/support/security-alert-080108.php" + }, + { + "name": "ADV-2008-2292", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2292" + }, + { + "name": "20080801 Ingres Database for Linux ingvalidpw Untrusted Library Path Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733" + }, + { + "name": "31398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31398" + }, + { + "name": "ADV-2008-2313", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2313" + }, + { + "name": "ingres-ingvalidpw-code-execution(44181)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44181" + }, + { + "name": "31357", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31357" + }, + { + "name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded" + }, + { + "name": "30512", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30512" + }, + { + "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989", + "refsource": "CONFIRM", + "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3515.json b/2008/3xxx/CVE-2008-3515.json index 3d54482a73c..9ece7e02761 100644 --- a/2008/3xxx/CVE-2008-3515.json +++ b/2008/3xxx/CVE-2008-3515.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3515", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3516." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-3515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb08-17.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb08-17.html" - }, - { - "name" : "30615", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30615" - }, - { - "name" : "ADV-2008-2322", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2322" - }, - { - "name" : "1020645", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020645" - }, - { - "name" : "31432", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3516." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31432", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31432" + }, + { + "name": "ADV-2008-2322", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2322" + }, + { + "name": "30615", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30615" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb08-17.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb08-17.html" + }, + { + "name": "1020645", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020645" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3598.json b/2008/3xxx/CVE-2008-3598.json index e7e9d029532..ddd0f1d5c01 100644 --- a/2008/3xxx/CVE-2008-3598.json +++ b/2008/3xxx/CVE-2008-3598.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the Cid parameter to categories.php or (2) the Username parameter to login.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6226", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6226" - }, - { - "name" : "30629", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30629" - }, - { - "name" : "35500", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/35500" - }, - { - "name" : "25041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/25041/" - }, - { - "name" : "4140", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4140" - }, - { - "name" : "psipuss-categories-sql-injection(44367)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44367" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the Cid parameter to categories.php or (2) the Username parameter to login.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "25041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/25041/" + }, + { + "name": "psipuss-categories-sql-injection(44367)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44367" + }, + { + "name": "35500", + "refsource": "OSVDB", + "url": "http://osvdb.org/35500" + }, + { + "name": "4140", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4140" + }, + { + "name": "6226", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6226" + }, + { + "name": "30629", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30629" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3686.json b/2008/3xxx/CVE-2008-3686.json index 7da458243ee..54a21e72bab 100644 --- a/2008/3xxx/CVE-2008-3686.json +++ b/2008/3xxx/CVE-2008-3686.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The rt6_fill_node function in net/ipv6/route.c in Linux kernel 2.6.26-rc4, 2.6.26.2, and possibly other 2.6.26 versions, allows local users to cause a denial of service (kernel OOPS) via IPv6 requests when no IPv6 input device is in use, which triggers a NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[linux-kernel] 20080807 OOPS, ip -f inet6 route get fec0::1, linux-2.6.26, ip6_route_output, rt6_fill_node+0x175", - "refsource" : "MLIST", - "url" : "http://lkml.org/lkml/2008/8/7/230" - }, - { - "name" : "[linux-kernel] 20080808 Re: OOPS, ip -f inet6 route get fec0::1, linux-2.6.26, ip6_route_output, rt6_fill_node+0x175", - "refsource" : "MLIST", - "url" : "http://lkml.org/lkml/2008/8/8/7" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5e0115e500fe9dd2ca11e6f92db9123204f1327a", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5e0115e500fe9dd2ca11e6f92db9123204f1327a" - }, - { - "name" : "ADV-2008-2422", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2422" - }, - { - "name" : "31579", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31579" - }, - { - "name" : "linux-kernel-rt6fillnode-dos(44605)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44605" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rt6_fill_node function in net/ipv6/route.c in Linux kernel 2.6.26-rc4, 2.6.26.2, and possibly other 2.6.26 versions, allows local users to cause a denial of service (kernel OOPS) via IPv6 requests when no IPv6 input device is in use, which triggers a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "linux-kernel-rt6fillnode-dos(44605)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44605" + }, + { + "name": "31579", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31579" + }, + { + "name": "ADV-2008-2422", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2422" + }, + { + "name": "[linux-kernel] 20080807 OOPS, ip -f inet6 route get fec0::1, linux-2.6.26, ip6_route_output, rt6_fill_node+0x175", + "refsource": "MLIST", + "url": "http://lkml.org/lkml/2008/8/7/230" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5e0115e500fe9dd2ca11e6f92db9123204f1327a", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5e0115e500fe9dd2ca11e6f92db9123204f1327a" + }, + { + "name": "[linux-kernel] 20080808 Re: OOPS, ip -f inet6 route get fec0::1, linux-2.6.26, ip6_route_output, rt6_fill_node+0x175", + "refsource": "MLIST", + "url": "http://lkml.org/lkml/2008/8/8/7" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4279.json b/2008/4xxx/CVE-2008-4279.json index 65540458edd..8c38485f2df 100644 --- a/2008/4xxx/CVE-2008-4279.json +++ b/2008/4xxx/CVE-2008-4279.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=122331139823057&w=2" - }, - { - "name" : "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497041/100/0/threaded" - }, - { - "name" : "20081004 VMware Emulation Flaw x64 Guest Privilege Escalation (1/2)", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-October/064860.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" - }, - { - "name" : "31569", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31569" - }, - { - "name" : "oval:org.mitre.oval:def:5929", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5929" - }, - { - "name" : "ADV-2008-2740", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2740" - }, - { - "name" : "1020991", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020991" - }, - { - "name" : "32180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32180" - }, - { - "name" : "32157", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32157" - }, - { - "name" : "32179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32179" - }, - { - "name" : "vmware-esxesxi-jump-privilege-escalation(45668)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=122331139823057&w=2" + }, + { + "name": "32157", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32157" + }, + { + "name": "20081004 VMware Emulation Flaw x64 Guest Privilege Escalation (1/2)", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-October/064860.html" + }, + { + "name": "32179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32179" + }, + { + "name": "ADV-2008-2740", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2740" + }, + { + "name": "32180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32180" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" + }, + { + "name": "vmware-esxesxi-jump-privilege-escalation(45668)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45668" + }, + { + "name": "31569", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31569" + }, + { + "name": "1020991", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020991" + }, + { + "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:5929", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5929" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6015.json b/2008/6xxx/CVE-2008-6015.json index 53cc05abed0..d1a03e44b7c 100644 --- a/2008/6xxx/CVE-2008-6015.json +++ b/2008/6xxx/CVE-2008-6015.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in search.php in EsFaq 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) keywords and (2) cat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "31721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31721" - }, - { - "name" : "esfaq-search-sql-injection(44979)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44979" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in search.php in EsFaq 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) keywords and (2) cat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31721" + }, + { + "name": "esfaq-search-sql-injection(44979)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44979" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6353.json b/2008/6xxx/CVE-2008-6353.json index 085c3f75177..23c9ed89b0b 100644 --- a/2008/6xxx/CVE-2008-6353.json +++ b/2008/6xxx/CVE-2008-6353.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6353", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.asp in ASP-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cha parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6353", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7429", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7429" - }, - { - "name" : "32786", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32786" - }, - { - "name" : "33128", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33128" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.asp in ASP-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cha parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33128", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33128" + }, + { + "name": "7429", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7429" + }, + { + "name": "32786", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32786" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2005.json b/2013/2xxx/CVE-2013-2005.json index f4a2d095d81..f752c623eb6 100644 --- a/2013/2xxx/CVE-2013-2005.json +++ b/2013/2xxx/CVE-2013-2005.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut, (4) HandleNormal, and (5) HandleSelectionReplies functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/05/23/3" - }, - { - "name" : "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23", - "refsource" : "CONFIRM", - "url" : "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23" - }, - { - "name" : "DSA-2680", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2680" - }, - { - "name" : "FEDORA-2013-9098", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106785.html" - }, - { - "name" : "openSUSE-SU-2013:1008", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00138.html" - }, - { - "name" : "USN-1865-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1865-1" - }, - { - "name" : "60133", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60133" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut, (4) HandleNormal, and (5) HandleSelectionReplies functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2013-9098", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106785.html" + }, + { + "name": "USN-1865-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1865-1" + }, + { + "name": "60133", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60133" + }, + { + "name": "openSUSE-SU-2013:1008", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00138.html" + }, + { + "name": "DSA-2680", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2680" + }, + { + "name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/05/23/3" + }, + { + "name": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23", + "refsource": "CONFIRM", + "url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2540.json b/2013/2xxx/CVE-2013-2540.json index 9c55a69b415..ea9cca49770 100644 --- a/2013/2xxx/CVE-2013-2540.json +++ b/2013/2xxx/CVE-2013-2540.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2540", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-2540", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2733.json b/2013/2xxx/CVE-2013-2733.json index c9fb6b07d81..7b81cf87673 100644 --- a/2013/2xxx/CVE-2013-2733.json +++ b/2013/2xxx/CVE-2013-2733.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2730." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2013-2733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb13-15.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb13-15.html" - }, - { - "name" : "GLSA-201308-03", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" - }, - { - "name" : "RHSA-2013:0826", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0826.html" - }, - { - "name" : "SUSE-SU-2013:0809", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html" - }, - { - "name" : "oval:org.mitre.oval:def:16592", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16592" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2730." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.adobe.com/support/security/bulletins/apsb13-15.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb13-15.html" + }, + { + "name": "SUSE-SU-2013:0809", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html" + }, + { + "name": "oval:org.mitre.oval:def:16592", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16592" + }, + { + "name": "RHSA-2013:0826", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0826.html" + }, + { + "name": "GLSA-201308-03", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-03.xml" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11238.json b/2017/11xxx/CVE-2017-11238.json index baa168a739d..83a5e820ccd 100644 --- a/2017/11xxx/CVE-2017-11238.json +++ b/2017/11xxx/CVE-2017-11238.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-11238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Acrobat Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2017.009.20058 and earlier" - }, - { - "version_value" : "2017.008.30051 and earlier" - }, - { - "version_value" : "2015.006.30306 and earlier" - }, - { - "version_value" : "11.0.20 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe Systems Incorporated" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to curve drawing. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-11238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_value": "2017.009.20058 and earlier" + }, + { + "version_value": "2017.008.30051 and earlier" + }, + { + "version_value": "2015.006.30306 and earlier" + }, + { + "version_value": "11.0.20 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Adobe Systems Incorporated" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" - }, - { - "name" : "100184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100184" - }, - { - "name" : "1039098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to curve drawing. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100184" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" + }, + { + "name": "1039098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039098" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11250.json b/2017/11xxx/CVE-2017-11250.json index 3652f9ed437..249c3322a3a 100644 --- a/2017/11xxx/CVE-2017-11250.json +++ b/2017/11xxx/CVE-2017-11250.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-11250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-11250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", - "refsource" : "MISC", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", + "refsource": "MISC", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11446.json b/2017/11xxx/CVE-2017-11446.json index 3b6ae862f8a..a4ccc331f00 100644 --- a/2017/11xxx/CVE-2017-11446.json +++ b/2017/11xxx/CVE-2017-11446.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ReadPESImage function in coders\\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/537", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/537" - }, - { - "name" : "DSA-4019", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4019" - }, - { - "name" : "99964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99964" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ReadPESImage function in coders\\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99964" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/537", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/537" + }, + { + "name": "DSA-4019", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4019" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11689.json b/2017/11xxx/CVE-2017-11689.json index 31c079d0a69..2415da1daec 100644 --- a/2017/11xxx/CVE-2017-11689.json +++ b/2017/11xxx/CVE-2017-11689.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11689", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11689", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11928.json b/2017/11xxx/CVE-2017-11928.json index 4562ecec141..74343469178 100644 --- a/2017/11xxx/CVE-2017-11928.json +++ b/2017/11xxx/CVE-2017-11928.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11928", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11928", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14138.json b/2017/14xxx/CVE-2017-14138.json index c14560dc933..793314d2507 100644 --- a/2017/14xxx/CVE-2017-14138.json +++ b/2017/14xxx/CVE-2017-14138.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/639", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/639" - }, - { - "name" : "GLSA-201711-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201711-07" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201711-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201711-07" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/639", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/639" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14271.json b/2017/14xxx/CVE-2017-14271.json index b2b88eb8ebe..4eba0e442f7 100644 --- a/2017/14xxx/CVE-2017-14271.json +++ b/2017/14xxx/CVE-2017-14271.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at ntdll_77400000!RtlImpersonateSelfEx+0x000000000000024e.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14271", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at ntdll_77400000!RtlImpersonateSelfEx+0x000000000000024e.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14271", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14271" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14361.json b/2017/14xxx/CVE-2017-14361.json index 1874bcde811..68830afd094 100644 --- a/2017/14xxx/CVE-2017-14361.json +++ b/2017/14xxx/CVE-2017-14361.json @@ -1,89 +1,89 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "DATE_PUBLIC" : "2017-11-17T22:00:00.000Z", - "ID" : "CVE-2017-14361", - "STATE" : "PUBLIC", - "TITLE" : "MFSBGN03793 rev.1 - Project and Portfolio Management Center, Multiple vulnerabilities" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Project and Portfolio Management Center", - "version" : { - "version_data" : [ - { - "version_value" : "9.32" - } - ] - } - } - ] - }, - "vendor_name" : "Micro Focus" - } - ] - } - }, - "credit" : [ - "Micro Focus would like to thank Xiaoran Wang for reporting this issue to security-alert@hpe.com" - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack." - } - ] - }, - "exploit" : "Man-In-The-Middle attack (MitM)", - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 7.4, - "baseSeverity" : "HIGH", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Man-In-The-Middle attack (MitM)" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2017-11-17T22:00:00.000Z", + "ID": "CVE-2017-14361", + "STATE": "PUBLIC", + "TITLE": "MFSBGN03793 rev.1 - Project and Portfolio Management Center, Multiple vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Project and Portfolio Management Center", + "version": { + "version_data": [ + { + "version_value": "9.32" + } + ] + } + } + ] + }, + "vendor_name": "Micro Focus" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426", - "refsource" : "CONFIRM", - "url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426" - }, - { - "name" : "1040088", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040088" - } - ] - } -} + } + }, + "credit": [ + "Micro Focus would like to thank Xiaoran Wang for reporting this issue to security-alert@hpe.com" + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack." + } + ] + }, + "exploit": "Man-In-The-Middle attack (MitM)", + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Man-In-The-Middle attack (MitM)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040088", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040088" + }, + { + "name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426", + "refsource": "CONFIRM", + "url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14368.json b/2017/14xxx/CVE-2017-14368.json index c7499f025d6..91e9fd5c054 100644 --- a/2017/14xxx/CVE-2017-14368.json +++ b/2017/14xxx/CVE-2017-14368.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14368", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14368", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14405.json b/2017/14xxx/CVE-2017-14405.json index 98513f1f3b3..a1c95347608 100644 --- a/2017/14xxx/CVE-2017-14405.json +++ b/2017/14xxx/CVE-2017-14405.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14405", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.sstrunk.com/cve/eonweb_module_admin_device_index.html", - "refsource" : "MISC", - "url" : "http://www.sstrunk.com/cve/eonweb_module_admin_device_index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sstrunk.com/cve/eonweb_module_admin_device_index.html", + "refsource": "MISC", + "url": "http://www.sstrunk.com/cve/eonweb_module_admin_device_index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15187.json b/2017/15xxx/CVE-2017-15187.json index 7e4cc798aea..29e3d67ab13 100644 --- a/2017/15xxx/CVE-2017-15187.json +++ b/2017/15xxx/CVE-2017-15187.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15187", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15187", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15878.json b/2017/15xxx/CVE-2017-15878.json index 2ab123e1a1b..c461a6163f3 100644 --- a/2017/15xxx/CVE-2017-15878.json +++ b/2017/15xxx/CVE-2017-15878.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43054", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43054/" - }, - { - "name" : "http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/", - "refsource" : "MISC", - "url" : "http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/" - }, - { - "name" : "https://packetstormsecurity.com/files/144756/KeystoneJS-4.0.0-beta.5-Unauthenticated-Stored-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/144756/KeystoneJS-4.0.0-beta.5-Unauthenticated-Stored-Cross-Site-Scripting.html" - }, - { - "name" : "https://github.com/keystonejs/keystone/pull/4478", - "refsource" : "CONFIRM", - "url" : "https://github.com/keystonejs/keystone/pull/4478" - }, - { - "name" : "101541", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101541" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/keystonejs/keystone/pull/4478", + "refsource": "CONFIRM", + "url": "https://github.com/keystonejs/keystone/pull/4478" + }, + { + "name": "101541", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101541" + }, + { + "name": "43054", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43054/" + }, + { + "name": "http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/", + "refsource": "MISC", + "url": "http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/" + }, + { + "name": "https://packetstormsecurity.com/files/144756/KeystoneJS-4.0.0-beta.5-Unauthenticated-Stored-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/144756/KeystoneJS-4.0.0-beta.5-Unauthenticated-Stored-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9315.json b/2017/9xxx/CVE-2017-9315.json index 0cf42164efa..ef294b73925 100644 --- a/2017/9xxx/CVE-2017-9315.json +++ b/2017/9xxx/CVE-2017-9315.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cybersecurity@dahuatech.com", - "DATE_PUBLIC" : "2017-11-10T00:00:00", - "ID" : "CVE-2017-9315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Dahua IP Camera and IP PTZ IPC-HFW1XXX, IPC-HDW1XXX, IPC-HDBW1XXX, IPC-HFW2XXX, IPC-HDW2XXX, IPC-HDBW2XXX, IPC-HFW4XXX, IPC-HDW4XXX, IPC-HDBW4XXX, IPC-HF5XXX, IPC-HFW5XXX, IPC-HDW5XXX, IPC-HDBW5XXX, IPC-HF8XXX, IPC-HFW8XXX, IPC-HDBW8XXX, IPC-EBW8XXX, IPC-PFW8xxx, IPC-PDBW8xxx, IPC-HUM8xxx, PSD8xxxx, DH-SD2XXXXX, DH-SD4XXXXX, DH-SD5XXXXX, DH-SD6XXXXX", - "version" : { - "version_data" : [ - { - "version_value" : "Versions Build between 2015/07 and 2017/03" - } - ] - } - } - ] - }, - "vendor_name" : "Dahua Technologies" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "risk of sensitive information leakage" - } + "CVE_data_meta": { + "ASSIGNER": "cybersecurity@dahuatech.com", + "DATE_PUBLIC": "2017-11-10T00:00:00", + "ID": "CVE-2017-9315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dahua IP Camera and IP PTZ IPC-HFW1XXX, IPC-HDW1XXX, IPC-HDBW1XXX, IPC-HFW2XXX, IPC-HDW2XXX, IPC-HDBW2XXX, IPC-HFW4XXX, IPC-HDW4XXX, IPC-HDBW4XXX, IPC-HF5XXX, IPC-HFW5XXX, IPC-HDW5XXX, IPC-HDBW5XXX, IPC-HF8XXX, IPC-HFW8XXX, IPC-HDBW8XXX, IPC-EBW8XXX, IPC-PFW8xxx, IPC-PDBW8xxx, IPC-HUM8xxx, PSD8xxxx, DH-SD2XXXXX, DH-SD4XXXXX, DH-SD5XXXXX, DH-SD6XXXXX", + "version": { + "version_data": [ + { + "version_value": "Versions Build between 2015/07 and 2017/03" + } + ] + } + } + ] + }, + "vendor_name": "Dahua Technologies" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html", - "refsource" : "CONFIRM", - "url" : "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "risk of sensitive information leakage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html", + "refsource": "CONFIRM", + "url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9738.json b/2017/9xxx/CVE-2017-9738.json index 36c5073ae03..3cf155851e8 100644 --- a/2017/9xxx/CVE-2017-9738.json +++ b/2017/9xxx/CVE-2017-9738.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9738", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9738", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9888.json b/2017/9xxx/CVE-2017-9888.json index 10e717b33f3..fd2d795c2b4 100644 --- a/2017/9xxx/CVE-2017-9888.json +++ b/2017/9xxx/CVE-2017-9888.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-9888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address controls Branch Selection starting at FPX!FPX_GetScanDevicePropertyGroup+0x00000000000031a0.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-9888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9888", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9888" - }, - { - "name" : "http://www.irfanview.com/plugins.htm", - "refsource" : "CONFIRM", - "url" : "http://www.irfanview.com/plugins.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address controls Branch Selection starting at FPX!FPX_GetScanDevicePropertyGroup+0x00000000000031a0.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.irfanview.com/plugins.htm", + "refsource": "CONFIRM", + "url": "http://www.irfanview.com/plugins.htm" + }, + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9888", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9888" + } + ] + } +} \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0479.json b/2018/0xxx/CVE-2018-0479.json index 1000f4c3687..18089e6a9e0 100644 --- a/2018/0xxx/CVE-2018-0479.json +++ b/2018/0xxx/CVE-2018-0479.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-0479", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-0479", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000025.json b/2018/1000xxx/CVE-2018-1000025.json index e00050d02c2..cf8316babff 100644 --- a/2018/1000xxx/CVE-2018-1000025.json +++ b/2018/1000xxx/CVE-2018-1000025.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "1/16/2018 9:14:14", - "ID" : "CVE-2018-1000025", - "REQUESTER" : "diego@hernandev.com", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firebase Admin SDK for PHP", - "version" : { - "version_data" : [ - { - "version_value" : "from 3.2.0 to 3.8.0" - } - ] - } - } - ] - }, - "vendor_name" : "Jérôme Gamez" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or from thin air. This attack appear to be exploitable via Attacker would only need to know email address of the victim on most cases.. This vulnerability appears to have been fixed in 3.8.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "1/16/2018 9:14:14", + "ID": "CVE-2018-1000025", + "REQUESTER": "diego@hernandev.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/kreait/firebase-php/pull/151", - "refsource" : "CONFIRM", - "url" : "https://github.com/kreait/firebase-php/pull/151" - }, - { - "name" : "https://github.com/kreait/firebase-php/releases/tag/3.8.1", - "refsource" : "CONFIRM", - "url" : "https://github.com/kreait/firebase-php/releases/tag/3.8.1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or from thin air. This attack appear to be exploitable via Attacker would only need to know email address of the victim on most cases.. This vulnerability appears to have been fixed in 3.8.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kreait/firebase-php/releases/tag/3.8.1", + "refsource": "CONFIRM", + "url": "https://github.com/kreait/firebase-php/releases/tag/3.8.1" + }, + { + "name": "https://github.com/kreait/firebase-php/pull/151", + "refsource": "CONFIRM", + "url": "https://github.com/kreait/firebase-php/pull/151" + } + ] + } +} \ No newline at end of file diff --git a/2018/1000xxx/CVE-2018-1000644.json b/2018/1000xxx/CVE-2018-1000644.json index 5be74866ce5..4d1529dded1 100644 --- a/2018/1000xxx/CVE-2018-1000644.json +++ b/2018/1000xxx/CVE-2018-1000644.json @@ -1,70 +1,70 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "kurt@seifried.org", - "DATE_ASSIGNED" : "2018-08-19T17:09:33.137027", - "DATE_REQUESTED" : "2018-08-08T13:07:29", - "ID" : "CVE-2018-1000644", - "REQUESTER" : "sajeeb@0dd.zone", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RDF4j ", - "version" : { - "version_data" : [ - { - "version_value" : "< 2.4.0 Milestone 2" - } - ] - } - } - ] - }, - "vendor_name" : "Eclipse " - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XML External Entity (XXE)" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_ASSIGNED": "2018-08-19T17:09:33.137027", + "DATE_REQUESTED": "2018-08-08T13:07:29", + "ID": "CVE-2018-1000644", + "REQUESTER": "sajeeb@0dd.zone", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://0dd.zone/2018/08/05/rdf4j-XXE/", - "refsource" : "MISC", - "url" : "https://0dd.zone/2018/08/05/rdf4j-XXE/" - }, - { - "name" : "https://github.com/eclipse/rdf4j/issues/1056", - "refsource" : "CONFIRM", - "url" : "https://github.com/eclipse/rdf4j/issues/1056" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/eclipse/rdf4j/issues/1056", + "refsource": "CONFIRM", + "url": "https://github.com/eclipse/rdf4j/issues/1056" + }, + { + "name": "https://0dd.zone/2018/08/05/rdf4j-XXE/", + "refsource": "MISC", + "url": "https://0dd.zone/2018/08/05/rdf4j-XXE/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12167.json b/2018/12xxx/CVE-2018-12167.json index b7c0a788c28..6109086963d 100644 --- a/2018/12xxx/CVE-2018-12167.json +++ b/2018/12xxx/CVE-2018-12167.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2019-01-08T00:00:00", - "ID" : "CVE-2018-12167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel(R) Optane(TM) SSD DC P4800X", - "version" : { - "version_data" : [ - { - "version_value" : "before version E2010435." - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Firmware update routine in bootloader for Intel(R) Optane(TM) SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2019-01-08T00:00:00", + "ID": "CVE-2018-12167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel(R) Optane(TM) SSD DC P4800X", + "version": { + "version_data": [ + { + "version_value": "before version E2010435." + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00175.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00175.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firmware update routine in bootloader for Intel(R) Optane(TM) SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00175.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00175.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12181.json b/2018/12xxx/CVE-2018-12181.json index 08f5439eeb0..90f3ca18a38 100644 --- a/2018/12xxx/CVE-2018-12181.json +++ b/2018/12xxx/CVE-2018-12181.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12181", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12181", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12321.json b/2018/12xxx/CVE-2018-12321.json index 1595bbad9e7..82bda0f9626 100644 --- a/2018/12xxx/CVE-2018-12321.json +++ b/2018/12xxx/CVE-2018-12321.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/radare/radare2/commit/224e6bc13fa353dd3b7f7a2334588f1c4229e58d", - "refsource" : "MISC", - "url" : "https://github.com/radare/radare2/commit/224e6bc13fa353dd3b7f7a2334588f1c4229e58d" - }, - { - "name" : "https://github.com/radare/radare2/issues/10296", - "refsource" : "MISC", - "url" : "https://github.com/radare/radare2/issues/10296" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/radare/radare2/issues/10296", + "refsource": "MISC", + "url": "https://github.com/radare/radare2/issues/10296" + }, + { + "name": "https://github.com/radare/radare2/commit/224e6bc13fa353dd3b7f7a2334588f1c4229e58d", + "refsource": "MISC", + "url": "https://github.com/radare/radare2/commit/224e6bc13fa353dd3b7f7a2334588f1c4229e58d" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12693.json b/2018/12xxx/CVE-2018-12693.json index b6cd268e0d0..a880e0f3a82 100644 --- a/2018/12xxx/CVE-2018-12693.json +++ b/2018/12xxx/CVE-2018-12693.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12693", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12693", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/advisability/the-in-security-of-the-tp-link-technologies-tl-wa850re-wi-fi-range-extender-26db87a7a0cc", - "refsource" : "MISC", - "url" : "https://medium.com/advisability/the-in-security-of-the-tp-link-technologies-tl-wa850re-wi-fi-range-extender-26db87a7a0cc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/advisability/the-in-security-of-the-tp-link-technologies-tl-wa850re-wi-fi-range-extender-26db87a7a0cc", + "refsource": "MISC", + "url": "https://medium.com/advisability/the-in-security-of-the-tp-link-technologies-tl-wa850re-wi-fi-range-extender-26db87a7a0cc" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12749.json b/2018/12xxx/CVE-2018-12749.json index c867862146a..fb49069e867 100644 --- a/2018/12xxx/CVE-2018-12749.json +++ b/2018/12xxx/CVE-2018-12749.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12749", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12749", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12855.json b/2018/12xxx/CVE-2018-12855.json index 92a36b8125e..e466970f76a 100644 --- a/2018/12xxx/CVE-2018-12855.json +++ b/2018/12xxx/CVE-2018-12855.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Errors" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105437", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105437" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Errors" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + }, + { + "name": "105437", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105437" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13183.json b/2018/13xxx/CVE-2018-13183.json index e5c56087ee2..26bc9a1c7db 100644 --- a/2018/13xxx/CVE-2018-13183.json +++ b/2018/13xxx/CVE-2018-13183.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for JWC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JWCToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JWCToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for JWC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JWCToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JWCToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13556.json b/2018/13xxx/CVE-2018-13556.json index c5e85586877..aec58de38b0 100644 --- a/2018/13xxx/CVE-2018-13556.json +++ b/2018/13xxx/CVE-2018-13556.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for COSMOTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/COSMOTokenERC20", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/COSMOTokenERC20" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for COSMOTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/COSMOTokenERC20", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/COSMOTokenERC20" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16064.json b/2018/16xxx/CVE-2018-16064.json index 53586a35cb9..1b3193ab6c0 100644 --- a/2018/16xxx/CVE-2018-16064.json +++ b/2018/16xxx/CVE-2018-16064.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16064", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16064", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16598.json b/2018/16xxx/CVE-2018-16598.json index 87e06830ade..3af6ffd2418 100644 --- a/2018/16xxx/CVE-2018-16598.json +++ b/2018/16xxx/CVE-2018-16598.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches a sent DNS request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/", - "refsource" : "MISC", - "url" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/" - }, - { - "name" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/", - "refsource" : "MISC", - "url" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/" - }, - { - "name" : "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md", - "refsource" : "CONFIRM", - "url" : "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches a sent DNS request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md", + "refsource": "CONFIRM", + "url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md" + }, + { + "name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/", + "refsource": "MISC", + "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/" + }, + { + "name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/", + "refsource": "MISC", + "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16712.json b/2018/16xxx/CVE-2018-16712.json index 558695f6e1f..e0f11ace28e 100644 --- a/2018/16xxx/CVE-2018-16712.json +++ b/2018/16xxx/CVE-2018-16712.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send a specially crafted IOCTL 0x9C406104 to read physical memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://downwithup.github.io/CVEPosts.html", - "refsource" : "MISC", - "url" : "https://downwithup.github.io/CVEPosts.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send a specially crafted IOCTL 0x9C406104 to read physical memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://downwithup.github.io/CVEPosts.html", + "refsource": "MISC", + "url": "https://downwithup.github.io/CVEPosts.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16979.json b/2018/16xxx/CVE-2018-16979.json index 40f2cccb509..f5391bac153 100644 --- a/2018/16xxx/CVE-2018-16979.json +++ b/2018/16xxx/CVE-2018-16979.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/howchen/howchen/issues/4", - "refsource" : "MISC", - "url" : "https://github.com/howchen/howchen/issues/4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/howchen/howchen/issues/4", + "refsource": "MISC", + "url": "https://github.com/howchen/howchen/issues/4" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4148.json b/2018/4xxx/CVE-2018-4148.json index 0cf5f09c3ec..10984cc1fc0 100644 --- a/2018/4xxx/CVE-2018-4148.json +++ b/2018/4xxx/CVE-2018-4148.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4148", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the \"Telephony\" component. A buffer overflow allows remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://comsecuris.com/blog/posts/theres_life_in_the_old_dog_yet_tearing_new_holes_into_inteliphone_cellular_modems/", - "refsource" : "MISC", - "url" : "https://comsecuris.com/blog/posts/theres_life_in_the_old_dog_yet_tearing_new_holes_into_inteliphone_cellular_modems/" - }, - { - "name" : "https://support.apple.com/HT208693", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208693" - }, - { - "name" : "103578", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103578" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the \"Telephony\" component. A buffer overflow allows remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208693", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208693" + }, + { + "name": "103578", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103578" + }, + { + "name": "https://comsecuris.com/blog/posts/theres_life_in_the_old_dog_yet_tearing_new_holes_into_inteliphone_cellular_modems/", + "refsource": "MISC", + "url": "https://comsecuris.com/blog/posts/theres_life_in_the_old_dog_yet_tearing_new_holes_into_inteliphone_cellular_modems/" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4211.json b/2018/4xxx/CVE-2018-4211.json index 357ea15764b..b4c99525b53 100644 --- a/2018/4xxx/CVE-2018-4211.json +++ b/2018/4xxx/CVE-2018-4211.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"FontParser\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208848", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208848" - }, - { - "name" : "https://support.apple.com/HT208849", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208849" - }, - { - "name" : "https://support.apple.com/HT208850", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208850" - }, - { - "name" : "https://support.apple.com/HT208851", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208851" - }, - { - "name" : "1041027", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"FontParser\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208850", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208850" + }, + { + "name": "https://support.apple.com/HT208851", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208851" + }, + { + "name": "1041027", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041027" + }, + { + "name": "https://support.apple.com/HT208848", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208848" + }, + { + "name": "https://support.apple.com/HT208849", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208849" + } + ] + } +} \ No newline at end of file