From d62f7b201878c6c24c3787f80722a80edcb21c84 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:51:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2003/1xxx/CVE-2003-1039.json | 130 +++++++++--------- 2004/0xxx/CVE-2004-0122.json | 170 +++++++++++------------ 2004/0xxx/CVE-2004-0714.json | 170 +++++++++++------------ 2004/0xxx/CVE-2004-0754.json | 240 ++++++++++++++++----------------- 2004/1xxx/CVE-2004-1063.json | 230 +++++++++++++++---------------- 2004/1xxx/CVE-2004-1445.json | 160 +++++++++++----------- 2004/1xxx/CVE-2004-1553.json | 220 +++++++++++++++--------------- 2004/2xxx/CVE-2004-2012.json | 160 +++++++++++----------- 2004/2xxx/CVE-2004-2698.json | 190 +++++++++++++------------- 2004/2xxx/CVE-2004-2718.json | 130 +++++++++--------- 2008/2xxx/CVE-2008-2205.json | 160 +++++++++++----------- 2008/2xxx/CVE-2008-2444.json | 150 ++++++++++----------- 2008/2xxx/CVE-2008-2893.json | 150 ++++++++++----------- 2008/3xxx/CVE-2008-3772.json | 150 ++++++++++----------- 2008/6xxx/CVE-2008-6004.json | 130 +++++++++--------- 2008/6xxx/CVE-2008-6173.json | 150 ++++++++++----------- 2008/6xxx/CVE-2008-6736.json | 150 ++++++++++----------- 2008/6xxx/CVE-2008-6898.json | 150 ++++++++++----------- 2008/7xxx/CVE-2008-7244.json | 130 +++++++++--------- 2008/7xxx/CVE-2008-7305.json | 34 ++--- 2012/5xxx/CVE-2012-5311.json | 34 ++--- 2012/5xxx/CVE-2012-5400.json | 34 ++--- 2012/5xxx/CVE-2012-5662.json | 160 +++++++++++----------- 2017/11xxx/CVE-2017-11265.json | 160 +++++++++++----------- 2017/11xxx/CVE-2017-11536.json | 130 +++++++++--------- 2017/11xxx/CVE-2017-11563.json | 130 +++++++++--------- 2017/11xxx/CVE-2017-11759.json | 34 ++--- 2017/14xxx/CVE-2017-14706.json | 140 +++++++++---------- 2017/15xxx/CVE-2017-15189.json | 160 +++++++++++----------- 2017/15xxx/CVE-2017-15524.json | 140 +++++++++---------- 2017/15xxx/CVE-2017-15901.json | 34 ++--- 2017/3xxx/CVE-2017-3822.json | 140 +++++++++---------- 2017/8xxx/CVE-2017-8171.json | 122 ++++++++--------- 2017/8xxx/CVE-2017-8287.json | 150 ++++++++++----------- 2017/8xxx/CVE-2017-8508.json | 130 +++++++++--------- 2018/12xxx/CVE-2018-12000.json | 34 ++--- 2018/12xxx/CVE-2018-12029.json | 150 ++++++++++----------- 2018/12xxx/CVE-2018-12456.json | 120 ++++++++--------- 2018/12xxx/CVE-2018-12478.json | 182 ++++++++++++------------- 2018/12xxx/CVE-2018-12522.json | 130 +++++++++--------- 2018/12xxx/CVE-2018-12756.json | 140 +++++++++---------- 2018/13xxx/CVE-2018-13041.json | 120 ++++++++--------- 2018/13xxx/CVE-2018-13076.json | 120 ++++++++--------- 2018/13xxx/CVE-2018-13622.json | 130 +++++++++--------- 2018/16xxx/CVE-2018-16171.json | 130 +++++++++--------- 2018/16xxx/CVE-2018-16397.json | 120 ++++++++--------- 2018/16xxx/CVE-2018-16634.json | 120 ++++++++--------- 2018/17xxx/CVE-2018-17007.json | 120 ++++++++--------- 2018/17xxx/CVE-2018-17303.json | 34 ++--- 2018/17xxx/CVE-2018-17370.json | 34 ++--- 2018/17xxx/CVE-2018-17850.json | 34 ++--- 2018/18xxx/CVE-2018-18798.json | 53 +++++++- 2018/4xxx/CVE-2018-4914.json | 140 +++++++++---------- 53 files changed, 3406 insertions(+), 3357 deletions(-) diff --git a/2003/1xxx/CVE-2003-1039.json b/2003/1xxx/CVE-2003-1039.json index f4a4017d269..1eab60f3e05 100644 --- a/2003/1xxx/CVE-2003-1039.json +++ b/2003/1xxx/CVE-2003-1039.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the mySAP.com architecture for SAP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) Message Server, (2) Web Dispatcher, or (3) Application Server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phenoelit.de/stuff/Phenoelit20c3.pd", - "refsource" : "MISC", - "url" : "http://www.phenoelit.de/stuff/Phenoelit20c3.pd" - }, - { - "name" : "mysap-host-header-bo(15513)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15513" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the mySAP.com architecture for SAP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) Message Server, (2) Web Dispatcher, or (3) Application Server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.phenoelit.de/stuff/Phenoelit20c3.pd", + "refsource": "MISC", + "url": "http://www.phenoelit.de/stuff/Phenoelit20c3.pd" + }, + { + "name": "mysap-host-header-bo(15513)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15513" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0122.json b/2004/0xxx/CVE-2004-0122.json index b71a31930d8..f49e49b9861 100644 --- a/2004/0xxx/CVE-2004-0122.json +++ b/2004/0xxx/CVE-2004-0122.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS04-010", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-010" - }, - { - "name" : "VU#688094", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/688094" - }, - { - "name" : "9828", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9828" - }, - { - "name" : "oval:org.mitre.oval:def:844", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A844" - }, - { - "name" : "msn-ms04010-patch(15427)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15427" - }, - { - "name" : "msn-request-view-files(15415)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9828", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9828" + }, + { + "name": "MS04-010", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-010" + }, + { + "name": "VU#688094", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/688094" + }, + { + "name": "msn-ms04010-patch(15427)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15427" + }, + { + "name": "oval:org.mitre.oval:def:844", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A844" + }, + { + "name": "msn-request-view-files(15415)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15415" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0714.json b/2004/0xxx/CVE-2004-0714.json index 92acb9b57fd..4e02b084a90 100644 --- a/2004/0xxx/CVE-2004-0714.json +++ b/2004/0xxx/CVE-2004-0714.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memory corruption)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040420 Vulnerabilities in SNMP Message Processing", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml" - }, - { - "name" : "TA04-111B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA04-111B.html" - }, - { - "name" : "VU#162451", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/162451" - }, - { - "name" : "10186", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10186" - }, - { - "name" : "oval:org.mitre.oval:def:5845", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5845" - }, - { - "name" : "cisco-ios-snmp-udp-dos(15921)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memory corruption)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-ios-snmp-udp-dos(15921)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15921" + }, + { + "name": "VU#162451", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/162451" + }, + { + "name": "TA04-111B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA04-111B.html" + }, + { + "name": "20040420 Vulnerabilities in SNMP Message Processing", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml" + }, + { + "name": "10186", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10186" + }, + { + "name": "oval:org.mitre.oval:def:5845", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5845" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0754.json b/2004/0xxx/CVE-2004-0754.json index 22d941c6c18..9f4682d146c 100644 --- a/2004/0xxx/CVE-2004-0754.json +++ b/2004/0xxx/CVE-2004-0754.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0754", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the size variable in Groupware server messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gaim.sourceforge.net/security/?id=2", - "refsource" : "CONFIRM", - "url" : "http://gaim.sourceforge.net/security/?id=2" - }, - { - "name" : "FEDORA-2004-278", - "refsource" : "FEDORA", - "url" : "http://www.fedoranews.org/updates/FEDORA-2004-278.shtml" - }, - { - "name" : "FEDORA-2004-279", - "refsource" : "FEDORA", - "url" : "http://www.fedoranews.org/updates/FEDORA-2004-279.shtml" - }, - { - "name" : "GLSA-200408-27", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200408-27.xml" - }, - { - "name" : "RHSA-2004:400", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-400.html" - }, - { - "name" : "11056", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11056" - }, - { - "name" : "9260", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/9260" - }, - { - "name" : "oval:org.mitre.oval:def:10220", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10220" - }, - { - "name" : "1011083", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011083" - }, - { - "name" : "12383", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12383" - }, - { - "name" : "12480", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12480" - }, - { - "name" : "13101", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13101" - }, - { - "name" : "gaim-groupware-integer-overflow(17140)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the size variable in Groupware server messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:10220", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10220" + }, + { + "name": "FEDORA-2004-278", + "refsource": "FEDORA", + "url": "http://www.fedoranews.org/updates/FEDORA-2004-278.shtml" + }, + { + "name": "http://gaim.sourceforge.net/security/?id=2", + "refsource": "CONFIRM", + "url": "http://gaim.sourceforge.net/security/?id=2" + }, + { + "name": "12480", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12480" + }, + { + "name": "FEDORA-2004-279", + "refsource": "FEDORA", + "url": "http://www.fedoranews.org/updates/FEDORA-2004-279.shtml" + }, + { + "name": "13101", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13101" + }, + { + "name": "9260", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/9260" + }, + { + "name": "GLSA-200408-27", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-27.xml" + }, + { + "name": "1011083", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011083" + }, + { + "name": "RHSA-2004:400", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-400.html" + }, + { + "name": "gaim-groupware-integer-overflow(17140)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17140" + }, + { + "name": "11056", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11056" + }, + { + "name": "12383", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12383" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1063.json b/2004/1xxx/CVE-2004-1063.json index 4621eb91d7b..b6267da9f34 100644 --- a/2004/1xxx/CVE-2004-1063.json +++ b/2004/1xxx/CVE-2004-1063.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safe_mode_exec_dir restrictions and execute commands outside of the intended safe_mode_exec_dir via shell metacharacters in the current directory name. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041215 Advisory 01/2004: Multiple vulnerabilities in PHP 4/5", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/384545" - }, - { - "name" : "http://www.hardened-php.net/advisories/012004.txt", - "refsource" : "MISC", - "url" : "http://www.hardened-php.net/advisories/012004.txt" - }, - { - "name" : "http://www.php.net/release_4_3_10.php", - "refsource" : "CONFIRM", - "url" : "http://www.php.net/release_4_3_10.php" - }, - { - "name" : "CLA-2005:915", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000915" - }, - { - "name" : "GLSA-200412-14", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml" - }, - { - "name" : "HPSBMA01212", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/advisories/9028" - }, - { - "name" : "MDKSA-2004:151", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:151" - }, - { - "name" : "MDKSA-2005:072", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:072" - }, - { - "name" : "USN-99-1", - "refsource" : "UBUNTU", - "url" : "https://www.ubuntu.com/usn/usn-99-1/" - }, - { - "name" : "11964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11964" - }, - { - "name" : "12412", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/12412" - }, - { - "name" : "php-safemodeexecdir-restriction-bypass(18511)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18511" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safe_mode_exec_dir restrictions and execute commands outside of the intended safe_mode_exec_dir via shell metacharacters in the current directory name. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12412", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/12412" + }, + { + "name": "MDKSA-2005:072", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:072" + }, + { + "name": "11964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11964" + }, + { + "name": "php-safemodeexecdir-restriction-bypass(18511)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18511" + }, + { + "name": "http://www.php.net/release_4_3_10.php", + "refsource": "CONFIRM", + "url": "http://www.php.net/release_4_3_10.php" + }, + { + "name": "MDKSA-2004:151", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:151" + }, + { + "name": "http://www.hardened-php.net/advisories/012004.txt", + "refsource": "MISC", + "url": "http://www.hardened-php.net/advisories/012004.txt" + }, + { + "name": "CLA-2005:915", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000915" + }, + { + "name": "GLSA-200412-14", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml" + }, + { + "name": "20041215 Advisory 01/2004: Multiple vulnerabilities in PHP 4/5", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/384545" + }, + { + "name": "HPSBMA01212", + "refsource": "HP", + "url": "http://www.securityfocus.com/advisories/9028" + }, + { + "name": "USN-99-1", + "refsource": "UBUNTU", + "url": "https://www.ubuntu.com/usn/usn-99-1/" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1445.json b/2004/1xxx/CVE-2004-1445.json index afc09b04f1a..e3d92eb8bba 100644 --- a/2004/1xxx/CVE-2004-1445.json +++ b/2004/1xxx/CVE-2004-1445.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set, allows local users to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.nessus.org/nessus_2_0.html", - "refsource" : "CONFIRM", - "url" : "http://www.nessus.org/nessus_2_0.html" - }, - { - "name" : "GLSA-200408-11", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200408-11.xml" - }, - { - "name" : "12127", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12127/" - }, - { - "name" : "10784", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10784" - }, - { - "name" : "nessus-adduser-race-condition(16768)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16768" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set, allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.nessus.org/nessus_2_0.html", + "refsource": "CONFIRM", + "url": "http://www.nessus.org/nessus_2_0.html" + }, + { + "name": "nessus-adduser-race-condition(16768)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16768" + }, + { + "name": "12127", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12127/" + }, + { + "name": "GLSA-200408-11", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-11.xml" + }, + { + "name": "10784", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10784" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1553.json b/2004/1xxx/CVE-2004-1553.json index 26af342fdd2..27d9acfcac8 100644 --- a/2004/1xxx/CVE-2004-1553.json +++ b/2004/1xxx/CVE-2004-1553.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040923 aspWebCalendar /aspWebAlbum: SQL injection", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109604910025090&w=2" - }, - { - "name" : "6357", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6357" - }, - { - "name" : "6420", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6420" - }, - { - "name" : "11246", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11246" - }, - { - "name" : "30996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30996" - }, - { - "name" : "47913", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/47913" - }, - { - "name" : "47914", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/47914" - }, - { - "name" : "31649", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31649" - }, - { - "name" : "aspwebalbum-sql-injection(17507)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17507" - }, - { - "name" : "aspwebalbum-album-sql-injection(44877)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44877" - }, - { - "name" : "aspwebalbum-image-file-upload(44876)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44876" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11246", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11246" + }, + { + "name": "31649", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31649" + }, + { + "name": "30996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30996" + }, + { + "name": "aspwebalbum-album-sql-injection(44877)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44877" + }, + { + "name": "20040923 aspWebCalendar /aspWebAlbum: SQL injection", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109604910025090&w=2" + }, + { + "name": "6420", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6420" + }, + { + "name": "6357", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6357" + }, + { + "name": "47913", + "refsource": "OSVDB", + "url": "http://osvdb.org/47913" + }, + { + "name": "47914", + "refsource": "OSVDB", + "url": "http://osvdb.org/47914" + }, + { + "name": "aspwebalbum-image-file-upload(44876)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44876" + }, + { + "name": "aspwebalbum-sql-injection(17507)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17507" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2012.json b/2004/2xxx/CVE-2004-2012.json index 1a590fdcb1b..874f2588e3c 100644 --- a/2004/2xxx/CVE-2004-2012.json +++ b/2004/2xxx/CVE-2004-2012.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040510 Advisory 04/2004: Net(Free)BSD Systrace local root vulnerabilitiy", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108432258920570&w=2" - }, - { - "name" : "NetBSD-SA2004-007", - "refsource" : "NETBSD", - "url" : "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-007.txt.asc" - }, - { - "name" : "10320", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10320" - }, - { - "name" : "11585", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11585" - }, - { - "name" : "systrace-gain-privileges(16110)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040510 Advisory 04/2004: Net(Free)BSD Systrace local root vulnerabilitiy", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108432258920570&w=2" + }, + { + "name": "10320", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10320" + }, + { + "name": "systrace-gain-privileges(16110)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16110" + }, + { + "name": "11585", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11585" + }, + { + "name": "NetBSD-SA2004-007", + "refsource": "NETBSD", + "url": "ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-007.txt.asc" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2698.json b/2004/2xxx/CVE-2004-2698.json index 61d0637b6a3..47575a9a5db 100644 --- a/2004/2xxx/CVE-2004-2698.json +++ b/2004/2xxx/CVE-2004-2698.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2698", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink attack on the imwheel.pid file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2698", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040820 CAU-2004-0002 - imwheel Predictable PidFile Name Race Condition", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0914.html" - }, - { - "name" : "http://www.caughq.org/advisories/CAU-2004-0002.txt", - "refsource" : "MISC", - "url" : "http://www.caughq.org/advisories/CAU-2004-0002.txt" - }, - { - "name" : "http://imwheel.sourceforge.net/files/DEVELOPMENT.txt", - "refsource" : "CONFIRM", - "url" : "http://imwheel.sourceforge.net/files/DEVELOPMENT.txt" - }, - { - "name" : "11008", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11008" - }, - { - "name" : "9111", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/9111" - }, - { - "name" : "1011049", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011049" - }, - { - "name" : "12349", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12349" - }, - { - "name" : "imwheel-race-condition(17082)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink attack on the imwheel.pid file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "imwheel-race-condition(17082)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17082" + }, + { + "name": "1011049", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011049" + }, + { + "name": "12349", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12349" + }, + { + "name": "11008", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11008" + }, + { + "name": "http://www.caughq.org/advisories/CAU-2004-0002.txt", + "refsource": "MISC", + "url": "http://www.caughq.org/advisories/CAU-2004-0002.txt" + }, + { + "name": "http://imwheel.sourceforge.net/files/DEVELOPMENT.txt", + "refsource": "CONFIRM", + "url": "http://imwheel.sourceforge.net/files/DEVELOPMENT.txt" + }, + { + "name": "20040820 CAU-2004-0002 - imwheel Predictable PidFile Name Race Condition", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0914.html" + }, + { + "name": "9111", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/9111" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2718.json b/2004/2xxx/CVE-2004-2718.json index 9f694968a65..abf4540e874 100644 --- a/2004/2xxx/CVE-2004-2718.json +++ b/2004/2xxx/CVE-2004-2718.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/unixfocus/6D00S0KC0S.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/unixfocus/6D00S0KC0S.html" - }, - { - "name" : "11894", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11894", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11894" + }, + { + "name": "http://www.securiteam.com/unixfocus/6D00S0KC0S.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/unixfocus/6D00S0KC0S.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2205.json b/2008/2xxx/CVE-2008-2205.json index bc199968e0a..d0cbf3ea508 100644 --- a/2008/2xxx/CVE-2008-2205.json +++ b/2008/2xxx/CVE-2008-2205.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Maian Music 1.1 allows remote attackers to execute arbitrary SQL commands via the album parameter in an album action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080503 Maian Music v1.1 Multiple Vulnerabilities (Xss/SQL Injection)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491590/100/0/threaded" - }, - { - "name" : "29032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29032" - }, - { - "name" : "30066", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30066" - }, - { - "name" : "3884", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3884" - }, - { - "name" : "maian-music-album-sql-injection(42209)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42209" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Maian Music 1.1 allows remote attackers to execute arbitrary SQL commands via the album parameter in an album action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29032" + }, + { + "name": "3884", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3884" + }, + { + "name": "maian-music-album-sql-injection(42209)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42209" + }, + { + "name": "30066", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30066" + }, + { + "name": "20080503 Maian Music v1.1 Multiple Vulnerabilities (Xss/SQL Injection)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491590/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2444.json b/2008/2xxx/CVE-2008-2444.json index adec082c59f..9a0aa70ba57 100644 --- a/2008/2xxx/CVE-2008-2444.json +++ b/2008/2xxx/CVE-2008-2444.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2444", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in userreg.php in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary SQL commands via the langsel parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2444", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5607", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5607" - }, - { - "name" : "29193", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29193" - }, - { - "name" : "30186", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30186" - }, - { - "name" : "calogic-calendars-userreg-sql-injection(42391)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42391" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in userreg.php in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary SQL commands via the langsel parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5607", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5607" + }, + { + "name": "calogic-calendars-userreg-sql-injection(42391)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42391" + }, + { + "name": "29193", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29193" + }, + { + "name": "30186", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30186" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2893.json b/2008/2xxx/CVE-2008-2893.json index ca3c1b5fdcf..89ea163aa42 100644 --- a/2008/2xxx/CVE-2008-2893.json +++ b/2008/2xxx/CVE-2008-2893.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-2532." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5890", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5890" - }, - { - "name" : "29863", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29863" - }, - { - "name" : "30794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30794" - }, - { - "name" : "ajhyip-news-sql-injection(43247)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-2532." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30794" + }, + { + "name": "5890", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5890" + }, + { + "name": "ajhyip-news-sql-injection(43247)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43247" + }, + { + "name": "29863", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29863" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3772.json b/2008/3xxx/CVE-2008-3772.json index 6b60d6e5d5a..bafdae20cbf 100644 --- a/2008/3xxx/CVE-2008-3772.json +++ b/2008/3xxx/CVE-2008-3772.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3772", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in categories_portal.php in Pars4u Videosharing 1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6279", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6279" - }, - { - "name" : "30779", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30779" - }, - { - "name" : "31571", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31571" - }, - { - "name" : "videosharing-categoriesportal-sql-injection(44579)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in categories_portal.php in Pars4u Videosharing 1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6279", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6279" + }, + { + "name": "31571", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31571" + }, + { + "name": "30779", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30779" + }, + { + "name": "videosharing-categoriesportal-sql-injection(44579)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44579" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6004.json b/2008/6xxx/CVE-2008-6004.json index 65c0df31119..319e786e765 100644 --- a/2008/6xxx/CVE-2008-6004.json +++ b/2008/6xxx/CVE-2008-6004.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6004", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the product parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6561", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6561" - }, - { - "name" : "ajauctionpro-search-xss(45431)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the product parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ajauctionpro-search-xss(45431)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45431" + }, + { + "name": "6561", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6561" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6173.json b/2008/6xxx/CVE-2008-6173.json index ab323b0a801..d102742fd2e 100644 --- a/2008/6xxx/CVE-2008-6173.json +++ b/2008/6xxx/CVE-2008-6173.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in fullscreen.php in ClipShare Pro 4.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/31898.html", - "refsource" : "MISC", - "url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/31898.html" - }, - { - "name" : "31898", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31898" - }, - { - "name" : "32399", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32399" - }, - { - "name" : "clipshare-fullscreen-xss(46072)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46072" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in fullscreen.php in ClipShare Pro 4.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32399", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32399" + }, + { + "name": "clipshare-fullscreen-xss(46072)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46072" + }, + { + "name": "http://downloads.securityfocus.com/vulnerabilities/exploits/31898.html", + "refsource": "MISC", + "url": "http://downloads.securityfocus.com/vulnerabilities/exploits/31898.html" + }, + { + "name": "31898", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31898" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6736.json b/2008/6xxx/CVE-2008-6736.json index 4646ee05cae..c3fb2ef6eb4 100644 --- a/2008/6xxx/CVE-2008-6736.json +++ b/2008/6xxx/CVE-2008-6736.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080611 Flat Calendar v1.1 Remote Permission Bypass Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493278/100/0/threaded" - }, - { - "name" : "29662", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29662" - }, - { - "name" : "51506", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51506" - }, - { - "name" : "flatcalendar-add-deleteevent-security-bypass(43039)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43039" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Flat Calendar 1.1 does not properly restrict access to administrative functions, which allows remote attackers to (1) add new events via calAdd.php, as reachable from admin/add.php, or (2) delete events via admin/deleteEvent.php. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29662", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29662" + }, + { + "name": "flatcalendar-add-deleteevent-security-bypass(43039)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43039" + }, + { + "name": "20080611 Flat Calendar v1.1 Remote Permission Bypass Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493278/100/0/threaded" + }, + { + "name": "51506", + "refsource": "OSVDB", + "url": "http://osvdb.org/51506" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6898.json b/2008/6xxx/CVE-2008-6898.json index 067fa5b85c8..2a207f8d146 100644 --- a/2008/6xxx/CVE-2008-6898.json +++ b/2008/6xxx/CVE-2008-6898.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6898", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the XHTTP Module 4.1.0.0 in the ActiveX control for SaschArt SasCam Webcam Server 2.6.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Get method and other unspecified methods." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6898", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "14195", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/14195" - }, - { - "name" : "7617", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7617" - }, - { - "name" : "33053", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33053" - }, - { - "name" : "sascam-webcamserver-bo(47654)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47654" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the XHTTP Module 4.1.0.0 in the ActiveX control for SaschArt SasCam Webcam Server 2.6.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Get method and other unspecified methods." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sascam-webcamserver-bo(47654)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47654" + }, + { + "name": "33053", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33053" + }, + { + "name": "14195", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/14195" + }, + { + "name": "7617", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7617" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7244.json b/2008/7xxx/CVE-2008-7244.json index 0283b4efbb6..2407bfbdbe1 100644 --- a/2008/7xxx/CVE-2008-7244.json +++ b/2008/7xxx/CVE-2008-7244.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a denial of service (browser hang) by calling the window.print function in a loop, aka a \"printing DoS attack,\" possibly a related issue to CVE-2009-0821." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090908 Re: DoS vulnerability in Google Chrome", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/506328/100/100/threaded" - }, - { - "name" : "http://websecurity.com.ua/2456/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/2456/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a denial of service (browser hang) by calling the window.print function in a loop, aka a \"printing DoS attack,\" possibly a related issue to CVE-2009-0821." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://websecurity.com.ua/2456/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/2456/" + }, + { + "name": "20090908 Re: DoS vulnerability in Google Chrome", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/506328/100/100/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7305.json b/2008/7xxx/CVE-2008-7305.json index 394818cede2..fed9beaa3c2 100644 --- a/2008/7xxx/CVE-2008-7305.json +++ b/2008/7xxx/CVE-2008-7305.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7305", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7305", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5311.json b/2012/5xxx/CVE-2012-5311.json index fb8fd510efd..5fa0193ebaf 100644 --- a/2012/5xxx/CVE-2012-5311.json +++ b/2012/5xxx/CVE-2012-5311.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5311", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0227. Reason: This candidate is a duplicate of CVE-2012-0227. Notes: All CVE users should reference CVE-2012-0227 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-5311", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0227. Reason: This candidate is a duplicate of CVE-2012-0227. Notes: All CVE users should reference CVE-2012-0227 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5400.json b/2012/5xxx/CVE-2012-5400.json index 63e9a42e0ea..997aa40df94 100644 --- a/2012/5xxx/CVE-2012-5400.json +++ b/2012/5xxx/CVE-2012-5400.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5400", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5400", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5662.json b/2012/5xxx/CVE-2012-5662.json index 717da3e8038..bca875a1ad5 100644 --- a/2012/5xxx/CVE-2012-5662.json +++ b/2012/5xxx/CVE-2012-5662.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/projects/x3270/files/x3270/3.3.12ga12/", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/projects/x3270/files/x3270/3.3.12ga12/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=889373", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=889373" - }, - { - "name" : "91572", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/91572" - }, - { - "name" : "52650", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/52650" - }, - { - "name" : "x3270-cve20125662-spoofing(82984)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52650", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/52650" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=889373", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889373" + }, + { + "name": "91572", + "refsource": "OSVDB", + "url": "http://osvdb.org/91572" + }, + { + "name": "http://sourceforge.net/projects/x3270/files/x3270/3.3.12ga12/", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/projects/x3270/files/x3270/3.3.12ga12/" + }, + { + "name": "x3270-cve20125662-spoofing(82984)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82984" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11265.json b/2017/11xxx/CVE-2017-11265.json index 35335230ead..404c0acc1a0 100644 --- a/2017/11xxx/CVE-2017-11265.json +++ b/2017/11xxx/CVE-2017-11265.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-11265", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Acrobat Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2017.009.20058 and earlier" - }, - { - "version_value" : "2017.008.30051 and earlier" - }, - { - "version_value" : "2015.006.30306 and earlier" - }, - { - "version_value" : "11.0.20 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe Systems Incorporated" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager module. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-11265", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat Reader", + "version": { + "version_data": [ + { + "version_value": "2017.009.20058 and earlier" + }, + { + "version_value": "2017.008.30051 and earlier" + }, + { + "version_value": "2015.006.30306 and earlier" + }, + { + "version_value": "11.0.20 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Adobe Systems Incorporated" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" - }, - { - "name" : "100184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100184" - }, - { - "name" : "1039098", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager module. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100184" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" + }, + { + "name": "1039098", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039098" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11536.json b/2017/11xxx/CVE-2017-11536.json index 117d4d2ccc4..e1e2b0134cf 100644 --- a/2017/11xxx/CVE-2017-11536.json +++ b/2017/11xxx/CVE-2017-11536.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/567", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/567" - }, - { - "name" : "100000", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100000" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/567", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/567" + }, + { + "name": "100000", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100000" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11563.json b/2017/11xxx/CVE-2017-11563.json index b8f735bd5e7..9200cfd0c8a 100644 --- a/2017/11xxx/CVE-2017-11563.json +++ b/2017/11xxx/CVE-2017-11563.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP \"Discover\" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker can send a crafted UDP request to finderd to perform stack overflow and execute arbitrary code with root privilege on the device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180821 CVE-2017-11563: Remote Code Execution via stack overflow in D-Link EyeOn Baby Monitor (DCS-825L)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Aug/18" - }, - { - "name" : "https://documents.trendmicro.com/assets/tech_brief_Device_Vulnerabilities_in_the_Connected_Home2.pdf", - "refsource" : "MISC", - "url" : "https://documents.trendmicro.com/assets/tech_brief_Device_Vulnerabilities_in_the_Connected_Home2.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP \"Discover\" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker can send a crafted UDP request to finderd to perform stack overflow and execute arbitrary code with root privilege on the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://documents.trendmicro.com/assets/tech_brief_Device_Vulnerabilities_in_the_Connected_Home2.pdf", + "refsource": "MISC", + "url": "https://documents.trendmicro.com/assets/tech_brief_Device_Vulnerabilities_in_the_Connected_Home2.pdf" + }, + { + "name": "20180821 CVE-2017-11563: Remote Code Execution via stack overflow in D-Link EyeOn Baby Monitor (DCS-825L)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Aug/18" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11759.json b/2017/11xxx/CVE-2017-11759.json index ffc9df4560a..0d3daeb0298 100644 --- a/2017/11xxx/CVE-2017-11759.json +++ b/2017/11xxx/CVE-2017-11759.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11759", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11759", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14706.json b/2017/14xxx/CVE-2017-14706.json index 02965739d9a..3849b390f57 100644 --- a/2017/14xxx/CVE-2017-14706.json +++ b/2017/14xxx/CVE-2017-14706.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14706", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14706", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rapid7/metasploit-framework/pull/8980", - "refsource" : "MISC", - "url" : "https://github.com/rapid7/metasploit-framework/pull/8980" - }, - { - "name" : "https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-remote-code-execution/", - "refsource" : "MISC", - "url" : "https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-remote-code-execution/" - }, - { - "name" : "https://www.denyall.com/blog/advisories/advisory-unauthenticated-remote-code-execution-denyall-web-application-firewall/", - "refsource" : "MISC", - "url" : "https://www.denyall.com/blog/advisories/advisory-unauthenticated-remote-code-execution-denyall-web-application-firewall/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/rapid7/metasploit-framework/pull/8980", + "refsource": "MISC", + "url": "https://github.com/rapid7/metasploit-framework/pull/8980" + }, + { + "name": "https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-remote-code-execution/", + "refsource": "MISC", + "url": "https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-remote-code-execution/" + }, + { + "name": "https://www.denyall.com/blog/advisories/advisory-unauthenticated-remote-code-execution-denyall-web-application-firewall/", + "refsource": "MISC", + "url": "https://www.denyall.com/blog/advisories/advisory-unauthenticated-remote-code-execution-denyall-web-application-firewall/" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15189.json b/2017/15xxx/CVE-2017-15189.json index e8ff1df8eec..95dd42231ec 100644 --- a/2017/15xxx/CVE-2017-15189.json +++ b/2017/15xxx/CVE-2017-15189.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080" - }, - { - "name" : "https://code.wireshark.org/review/23663", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/23663" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=625bab309d9dd21db2d8ae2aa3511810d32842a8", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=625bab309d9dd21db2d8ae2aa3511810d32842a8" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2017-46.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2017-46.html" - }, - { - "name" : "101228", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101228", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101228" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=625bab309d9dd21db2d8ae2aa3511810d32842a8", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=625bab309d9dd21db2d8ae2aa3511810d32842a8" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080" + }, + { + "name": "https://code.wireshark.org/review/23663", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/23663" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2017-46.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2017-46.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15524.json b/2017/15xxx/CVE-2017-15524.json index ef7d63c3df5..f1be2fc3a12 100644 --- a/2017/15xxx/CVE-2017-15524.json +++ b/2017/15xxx/CVE-2017-15524.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15524", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15524", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20171214 ADVISORY - Kemp Load Balancers - Module Application Firewall Pack (AFP) - Web Application Firewall (WAF) does not inspect HTTP POST data - CVE-2017-15524", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/541602/100/0/threaded" - }, - { - "name" : "https://www.pallas.com/advisories/cve_2017_15524_kemp_afp_waf_bug_on_post_data", - "refsource" : "MISC", - "url" : "https://www.pallas.com/advisories/cve_2017_15524_kemp_afp_waf_bug_on_post_data" - }, - { - "name" : "https://kemptechnologies.com/files/assets/documentation/7.2/release-notes/Release_Notes-LoadMaster.pdf?pdf-file-view=1", - "refsource" : "CONFIRM", - "url" : "https://kemptechnologies.com/files/assets/documentation/7.2/release-notes/Release_Notes-LoadMaster.pdf?pdf-file-view=1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kemptechnologies.com/files/assets/documentation/7.2/release-notes/Release_Notes-LoadMaster.pdf?pdf-file-view=1", + "refsource": "CONFIRM", + "url": "https://kemptechnologies.com/files/assets/documentation/7.2/release-notes/Release_Notes-LoadMaster.pdf?pdf-file-view=1" + }, + { + "name": "https://www.pallas.com/advisories/cve_2017_15524_kemp_afp_waf_bug_on_post_data", + "refsource": "MISC", + "url": "https://www.pallas.com/advisories/cve_2017_15524_kemp_afp_waf_bug_on_post_data" + }, + { + "name": "20171214 ADVISORY - Kemp Load Balancers - Module Application Firewall Pack (AFP) - Web Application Firewall (WAF) does not inspect HTTP POST data - CVE-2017-15524", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/541602/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15901.json b/2017/15xxx/CVE-2017-15901.json index 97d78be91eb..c3466b261ea 100644 --- a/2017/15xxx/CVE-2017-15901.json +++ b/2017/15xxx/CVE-2017-15901.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15901", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15901", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3822.json b/2017/3xxx/CVE-2017-3822.json index 7844e18d0b2..4d2e0e9377a 100644 --- a/2017/3xxx/CVE-2017-3822.json +++ b/2017/3xxx/CVE-2017-3822.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Firepower Threat Defense Software versions 6.1.x", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Firepower Threat Defense Software versions 6.1.x" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log. This vulnerability affects Cisco Firepower Threat Defense Software versions 6.1.x on the following vulnerable products that have enabled FDM: ASA5506-X ASA5506W-X ASA5506H-X ASA5508-X ASA5516-X ASA5512-X ASA5515-X ASA5525-X ASA5545-X ASA5555-X. More Information: CSCvb86860. Known Affected Releases: FRANGELICO. Known Fixed Releases: 6.2.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "add arbitrary entries to the audit log" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Firepower Threat Defense Software versions 6.1.x", + "version": { + "version_data": [ + { + "version_value": "Cisco Firepower Threat Defense Software versions 6.1.x" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw2", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw2" - }, - { - "name" : "95944", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95944" - }, - { - "name" : "1037775", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log. This vulnerability affects Cisco Firepower Threat Defense Software versions 6.1.x on the following vulnerable products that have enabled FDM: ASA5506-X ASA5506W-X ASA5506H-X ASA5508-X ASA5516-X ASA5512-X ASA5515-X ASA5525-X ASA5545-X ASA5555-X. More Information: CSCvb86860. Known Affected Releases: FRANGELICO. Known Fixed Releases: 6.2.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "add arbitrary entries to the audit log" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw2", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw2" + }, + { + "name": "1037775", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037775" + }, + { + "name": "95944", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95944" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8171.json b/2017/8xxx/CVE-2017-8171.json index 2d12bf9dea2..d7df6b31714 100644 --- a/2017/8xxx/CVE-2017-8171.json +++ b/2017/8xxx/CVE-2017-8171.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Vicky-AL00A", - "version" : { - "version_data" : [ - { - "version_value" : "Earlier than Vicky-AL00AC00B172D versions" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei smart phones with software earlier than Vicky-AL00AC00B172D versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and can perform some operations to bypass the Google account verification. As a result, the FRP function is bypassed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "FRP Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Vicky-AL00A", + "version": { + "version_data": [ + { + "version_value": "Earlier than Vicky-AL00AC00B172D versions" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-frpbypass-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-frpbypass-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei smart phones with software earlier than Vicky-AL00AC00B172D versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Talkback mode and can perform some operations to bypass the Google account verification. As a result, the FRP function is bypassed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "FRP Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-frpbypass-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-frpbypass-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8287.json b/2017/8xxx/CVE-2017-8287.json index 93acdf018f7..194b60dbff4 100644 --- a/2017/8xxx/CVE-2017-8287.json +++ b/2017/8xxx/CVE-2017-8287.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8287", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8287", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0", - "refsource" : "MISC", - "url" : "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0" - }, - { - "name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941" - }, - { - "name" : "DSA-3839", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3839" - }, - { - "name" : "GLSA-201706-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-14" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201706-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-14" + }, + { + "name": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0", + "refsource": "MISC", + "url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0" + }, + { + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=941" + }, + { + "name": "DSA-3839", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3839" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8508.json b/2017/8xxx/CVE-2017-8508.json index b1505f49f54..e47073b1904 100644 --- a/2017/8xxx/CVE-2017-8508.json +++ b/2017/8xxx/CVE-2017-8508.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Outlook 2007 Service Pack 3, Microsoft Outlook 2010 Service Pack 2, Microsoft Outlook 2013 RT Service Pack 1, Microsoft Outlook 2013 Service Pack 1, and Microsoft Outlook 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka \"Microsoft Office Security Feature Bypass Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "Microsoft Outlook 2007 Service Pack 3, Microsoft Outlook 2010 Service Pack 2, Microsoft Outlook 2013 RT Service Pack 1, Microsoft Outlook 2013 Service Pack 1, and Microsoft Outlook 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8508", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8508" - }, - { - "name" : "98828", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98828" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka \"Microsoft Office Security Feature Bypass Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98828", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98828" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8508", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8508" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12000.json b/2018/12xxx/CVE-2018-12000.json index d17d592e103..7373c2681d8 100644 --- a/2018/12xxx/CVE-2018-12000.json +++ b/2018/12xxx/CVE-2018-12000.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12000", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12000", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12029.json b/2018/12xxx/CVE-2018-12029.json index cfb40f7a004..2614b7628a3 100644 --- a/2018/12xxx/CVE-2018-12029.json +++ b/2018/12xxx/CVE-2018-12029.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180627 [SECURITY] [DLA 1399-1] ruby-passenger security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html" - }, - { - "name" : "https://blog.phusion.nl/passenger-5-3-2", - "refsource" : "MISC", - "url" : "https://blog.phusion.nl/passenger-5-3-2" - }, - { - "name" : "https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc", - "refsource" : "MISC", - "url" : "https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc" - }, - { - "name" : "GLSA-201807-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201807-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.phusion.nl/passenger-5-3-2", + "refsource": "MISC", + "url": "https://blog.phusion.nl/passenger-5-3-2" + }, + { + "name": "GLSA-201807-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201807-02" + }, + { + "name": "https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc", + "refsource": "MISC", + "url": "https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc" + }, + { + "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1399-1] ruby-passenger security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12456.json b/2018/12xxx/CVE-2018-12456.json index 86a3ec4fed3..cd1f501473b 100644 --- a/2018/12xxx/CVE-2018-12456.json +++ b/2018/12xxx/CVE-2018-12456.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181008 Multiple vulnerabilities in NPLUG wireless repeater", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Oct/18" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181008 Multiple vulnerabilities in NPLUG wireless repeater", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Oct/18" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12478.json b/2018/12xxx/CVE-2018-12478.json index e83c94165a3..aa5268be79b 100644 --- a/2018/12xxx/CVE-2018-12478.json +++ b/2018/12xxx/CVE-2018-12478.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@suse.de", - "DATE_PUBLIC" : "2018-09-26T00:00:00.000Z", - "ID" : "CVE-2018-12478", - "STATE" : "PUBLIC", - "TITLE" : "obs-service-replace_using_package_version allows to specify arbitrary input files " - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Open Build Service", - "version" : { - "version_data" : [ - { - "affected" : "<", - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "openSUSE" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Matthias Gerstner of SUSE" - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected releases are openSUSE Open Build Service: status of is unknown." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "NETWORK", - "availabilityImpact" : "NONE", - "baseScore" : 4.8, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "NONE", - "privilegesRequired" : "LOW", - "scope" : "UNCHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20: Improper Input Validation" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2018-09-26T00:00:00.000Z", + "ID": "CVE-2018-12478", + "STATE": "PUBLIC", + "TITLE": "obs-service-replace_using_package_version allows to specify arbitrary input files " + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Open Build Service", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1108280", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1108280" - } - ] - }, - "source" : { - "defect" : [ - "https://bugzilla.suse.com/show_bug.cgi?id=1108280" - ], - "discovery" : "INTERNAL" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Matthias Gerstner of SUSE" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected releases are openSUSE Open Build Service: status of is unknown." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1108280", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1108280" + } + ] + }, + "source": { + "defect": [ + "https://bugzilla.suse.com/show_bug.cgi?id=1108280" + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12522.json b/2018/12xxx/CVE-2018-12522.json index 445f00bef6b..b8a3534d11d 100644 --- a/2018/12xxx/CVE-2018-12522.json +++ b/2018/12xxx/CVE-2018-12522.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12522", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /style/ provides a directory listing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12522", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44910", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44910/" - }, - { - "name" : "https://pastebin.com/eA5tGKf0", - "refsource" : "MISC", - "url" : "https://pastebin.com/eA5tGKf0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /style/ provides a directory listing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pastebin.com/eA5tGKf0", + "refsource": "MISC", + "url": "https://pastebin.com/eA5tGKf0" + }, + { + "name": "44910", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44910/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12756.json b/2018/12xxx/CVE-2018-12756.json index dd017418e65..c91d57701df 100644 --- a/2018/12xxx/CVE-2018-12756.json +++ b/2018/12xxx/CVE-2018-12756.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12756", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "104701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104701" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + }, + { + "name": "104701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104701" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13041.json b/2018/13xxx/CVE-2018-13041.json index 5028f2e7a9a..2e4ab4627d4 100644 --- a/2018/13xxx/CVE-2018-13041.json +++ b/2018/13xxx/CVE-2018-13041.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/dwfault/AirTokens/blob/master/Link_Platform__LNK_/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/dwfault/AirTokens/blob/master/Link_Platform__LNK_/mint%20integer%20overflow.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/dwfault/AirTokens/blob/master/Link_Platform__LNK_/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/dwfault/AirTokens/blob/master/Link_Platform__LNK_/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13076.json b/2018/13xxx/CVE-2018-13076.json index efe217a92e6..2c73e6efc55 100644 --- a/2018/13xxx/CVE-2018-13076.json +++ b/2018/13xxx/CVE-2018-13076.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for Betcash (BC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/VenusADLab/EtherTokens/blob/master/Betcash/Betcash.md", - "refsource" : "MISC", - "url" : "https://github.com/VenusADLab/EtherTokens/blob/master/Betcash/Betcash.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for Betcash (BC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/VenusADLab/EtherTokens/blob/master/Betcash/Betcash.md", + "refsource": "MISC", + "url": "https://github.com/VenusADLab/EtherTokens/blob/master/Betcash/Betcash.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13622.json b/2018/13xxx/CVE-2018-13622.json index 390910e746c..201f9839885 100644 --- a/2018/13xxx/CVE-2018-13622.json +++ b/2018/13xxx/CVE-2018-13622.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13622", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ObjectToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ObjectToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ObjectToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ObjectToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16171.json b/2018/16xxx/CVE-2018-16171.json index 8211d671a17..6f0cd41d050 100644 --- a/2018/16xxx/CVE-2018-16171.json +++ b/2018/16xxx/CVE-2018-16171.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-16171", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cybozu Remote Service", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.0 to 3.1.8" - } - ] - } - } - ] - }, - "vendor_name" : "Cybozu, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 allows remote attackers to execute Java code file on the server via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory traversal" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16171", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Remote Service", + "version": { + "version_data": [ + { + "version_value": "3.0.0 to 3.1.8" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.cybozu.support/article/35259/", - "refsource" : "MISC", - "url" : "https://kb.cybozu.support/article/35259/" - }, - { - "name" : "JVN#23161885", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN23161885/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Cybozu Remote Service 3.0.0 to 3.1.8 allows remote attackers to execute Java code file on the server via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.cybozu.support/article/35259/", + "refsource": "MISC", + "url": "https://kb.cybozu.support/article/35259/" + }, + { + "name": "JVN#23161885", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN23161885/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16397.json b/2018/16xxx/CVE-2018-16397.json index 952e7c470cb..3c902def37a 100644 --- a/2018/16xxx/CVE-2018-16397.json +++ b/2018/16xxx/CVE-2018-16397.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In LimeSurvey before 3.14.7, an admin user can leverage a \"file upload\" question to read an arbitrary file," - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/LimeSurvey/LimeSurvey/blob/3be9b41e76826b57f5860d18d93b23f47d59d2e4/docs/release_notes.txt#L51", - "refsource" : "MISC", - "url" : "https://github.com/LimeSurvey/LimeSurvey/blob/3be9b41e76826b57f5860d18d93b23f47d59d2e4/docs/release_notes.txt#L51" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In LimeSurvey before 3.14.7, an admin user can leverage a \"file upload\" question to read an arbitrary file," + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/LimeSurvey/LimeSurvey/blob/3be9b41e76826b57f5860d18d93b23f47d59d2e4/docs/release_notes.txt#L51", + "refsource": "MISC", + "url": "https://github.com/LimeSurvey/LimeSurvey/blob/3be9b41e76826b57f5860d18d93b23f47d59d2e4/docs/release_notes.txt#L51" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16634.json b/2018/16xxx/CVE-2018-16634.json index 314a139ef30..59afc1b7ae0 100644 --- a/2018/16xxx/CVE-2018-16634.json +++ b/2018/16xxx/CVE-2018-16634.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pluck v4.7.7 allows CSRF via admin.php?action=settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/security-breachlock/CVE-2018-16634/blob/master/PLUCK_CSRF.pdf", - "refsource" : "MISC", - "url" : "https://github.com/security-breachlock/CVE-2018-16634/blob/master/PLUCK_CSRF.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pluck v4.7.7 allows CSRF via admin.php?action=settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/security-breachlock/CVE-2018-16634/blob/master/PLUCK_CSRF.pdf", + "refsource": "MISC", + "url": "https://github.com/security-breachlock/CVE-2018-16634/blob/master/PLUCK_CSRF.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17007.json b/2018/17xxx/CVE-2018-17007.json index e374fdec03b..c562a9e7caa 100644 --- a/2018/17xxx/CVE-2018-17007.json +++ b/2018/17xxx/CVE-2018-17007.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_wds_2g ssid." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_03/README.md", - "refsource" : "MISC", - "url" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_03/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for wireless wlan_wds_2g ssid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_03/README.md", + "refsource": "MISC", + "url": "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_03/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17303.json b/2018/17xxx/CVE-2018-17303.json index 440742fdafa..210c490cad6 100644 --- a/2018/17xxx/CVE-2018-17303.json +++ b/2018/17xxx/CVE-2018-17303.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17303", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17303", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17370.json b/2018/17xxx/CVE-2018-17370.json index 51a49f5d944..b935b9dd2e8 100644 --- a/2018/17xxx/CVE-2018-17370.json +++ b/2018/17xxx/CVE-2018-17370.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17370", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17370", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17850.json b/2018/17xxx/CVE-2018-17850.json index a9fb93bba06..9801bbd1a0f 100644 --- a/2018/17xxx/CVE-2018-17850.json +++ b/2018/17xxx/CVE-2018-17850.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17850", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-17850", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/18xxx/CVE-2018-18798.json b/2018/18xxx/CVE-2018-18798.json index baaf98a6358..2ce8df83092 100644 --- a/2018/18xxx/CVE-2018-18798.json +++ b/2018/18xxx/CVE-2018-18798.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18798", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "School Attendance Monitoring System 1.0 has SQL Injection via user/controller.php?action=edit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/150010/School-Attendance-Monitoring-System-1.0-SQL-Injection.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/150010/School-Attendance-Monitoring-System-1.0-SQL-Injection.html" + }, + { + "refsource": "EXPLOIT-DB", + "name": "45727", + "url": "https://www.exploit-db.com/exploits/45727/" } ] } diff --git a/2018/4xxx/CVE-2018-4914.json b/2018/4xxx/CVE-2018-4914.json index b47c4f439ec..c0edc2bbbcb 100644 --- a/2018/4xxx/CVE-2018-4914.json +++ b/2018/4xxx/CVE-2018-4914.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4914", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing in the XPS engine. A successful attack can lead to sensitive data exposure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4914", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "name" : "102996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102996" - }, - { - "name" : "1040364", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing in the XPS engine. A successful attack can lead to sensitive data exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102996" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" + }, + { + "name": "1040364", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040364" + } + ] + } +} \ No newline at end of file