diff --git a/2003/0xxx/CVE-2003-0433.json b/2003/0xxx/CVE-2003-0433.json
index df8a6be8c5e..71d3af6691e 100644
--- a/2003/0xxx/CVE-2003-0433.json
+++ b/2003/0xxx/CVE-2003-0433.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2003-0433",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Multiple buffer overflows in gnocatan 0.6.1 and earlier allow attackers to execute arbitrary code."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2003-0433",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "DSA-315",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2003/dsa-315"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Multiple buffer overflows in gnocatan 0.6.1 and earlier allow attackers to execute arbitrary code."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "DSA-315",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2003/dsa-315"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2003/0xxx/CVE-2003-0526.json b/2003/0xxx/CVE-2003-0526.json
index 573b79ac357..d31929dfd65 100644
--- a/2003/0xxx/CVE-2003-0526.json
+++ b/2003/0xxx/CVE-2003-0526.json
@@ -1,97 +1,97 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2003-0526",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for \"500 Internal Server error\" or (2) 404.htm for \"404 Not Found.\""
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2003-0526",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20030716 ISA Server - Error Page Cross Site Scripting",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=105838862201266&w=2"
- },
- {
- "name" : "20030716 ISA Server - Error Page Cross Site Scripting",
- "refsource" : "VULNWATCH",
- "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0029.html"
- },
- {
- "name" : "20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=105838519729525&w=2"
- },
- {
- "name" : "20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)",
- "refsource" : "NTBUGTRAQ",
- "url" : "http://marc.info/?l=ntbugtraq&m=105838590030409&w=2"
- },
- {
- "name" : "20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)",
- "refsource" : "VULNWATCH",
- "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0031.html"
- },
- {
- "name" : "http://pivx.com/larholm/adv/TL006",
- "refsource" : "MISC",
- "url" : "http://pivx.com/larholm/adv/TL006"
- },
- {
- "name" : "MS03-028",
- "refsource" : "MS",
- "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-028"
- },
- {
- "name" : "oval:org.mitre.oval:def:117",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A117"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for \"500 Internal Server error\" or (2) 404.htm for \"404 Not Found.\""
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)",
+ "refsource": "NTBUGTRAQ",
+ "url": "http://marc.info/?l=ntbugtraq&m=105838590030409&w=2"
+ },
+ {
+ "name": "20030716 ISA Server - Error Page Cross Site Scripting",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=105838862201266&w=2"
+ },
+ {
+ "name": "20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)",
+ "refsource": "VULNWATCH",
+ "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0031.html"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:117",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A117"
+ },
+ {
+ "name": "MS03-028",
+ "refsource": "MS",
+ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-028"
+ },
+ {
+ "name": "20030716 ISA Server - Error Page Cross Site Scripting",
+ "refsource": "VULNWATCH",
+ "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0029.html"
+ },
+ {
+ "name": "20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=105838519729525&w=2"
+ },
+ {
+ "name": "http://pivx.com/larholm/adv/TL006",
+ "refsource": "MISC",
+ "url": "http://pivx.com/larholm/adv/TL006"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2003/0xxx/CVE-2003-0585.json b/2003/0xxx/CVE-2003-0585.json
index 3c362e776ed..4c56185dec0 100644
--- a/2003/0xxx/CVE-2003-0585.json
+++ b/2003/0xxx/CVE-2003-0585.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2003-0585",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to bypass authentication and execute arbitrary SQL code via the (1) user or (2) pass parameters."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2003-0585",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20030717 eStore SQL Injection Vulnerability & Path Disclosure",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=105845898003616&w=2"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to bypass authentication and execute arbitrary SQL code via the (1) user or (2) pass parameters."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20030717 eStore SQL Injection Vulnerability & Path Disclosure",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=105845898003616&w=2"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2003/0xxx/CVE-2003-0804.json b/2003/0xxx/CVE-2003-0804.json
index f25b305e268..fddb2b46171 100644
--- a/2003/0xxx/CVE-2003-0804.json
+++ b/2003/0xxx/CVE-2003-0804.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2003-0804",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2003-0804",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "FreeBSD-SA-03:14",
- "refsource" : "FREEBSD",
- "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:14.arp.asc"
- },
- {
- "name" : "http://docs.info.apple.com/article.html?artnum=61798",
- "refsource" : "CONFIRM",
- "url" : "http://docs.info.apple.com/article.html?artnum=61798"
- },
- {
- "name" : "20040502-01-P",
- "refsource" : "SGI",
- "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040502-01-P.asc"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20040502-01-P",
+ "refsource": "SGI",
+ "url": "ftp://patches.sgi.com/support/free/security/advisories/20040502-01-P.asc"
+ },
+ {
+ "name": "FreeBSD-SA-03:14",
+ "refsource": "FREEBSD",
+ "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:14.arp.asc"
+ },
+ {
+ "name": "http://docs.info.apple.com/article.html?artnum=61798",
+ "refsource": "CONFIRM",
+ "url": "http://docs.info.apple.com/article.html?artnum=61798"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2003/1xxx/CVE-2003-1332.json b/2003/1xxx/CVE-2003-1332.json
index c674aa5d540..e32d3875ce7 100644
--- a/2003/1xxx/CVE-2003-1332.json
+++ b/2003/1xxx/CVE-2003-1332.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2003-1332",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2003-1332",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.securiteam.com/exploits/5TP0M2AAKS.html",
- "refsource" : "MISC",
- "url" : "http://www.securiteam.com/exploits/5TP0M2AAKS.html"
- },
- {
- "name" : "RHSA-2003:096",
- "refsource" : "REDHAT",
- "url" : "http://www.redhat.com/support/errata/RHSA-2003-096.html"
- },
- {
- "name" : "samba-reply-nttrans-bo(12749)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12749"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "RHSA-2003:096",
+ "refsource": "REDHAT",
+ "url": "http://www.redhat.com/support/errata/RHSA-2003-096.html"
+ },
+ {
+ "name": "http://www.securiteam.com/exploits/5TP0M2AAKS.html",
+ "refsource": "MISC",
+ "url": "http://www.securiteam.com/exploits/5TP0M2AAKS.html"
+ },
+ {
+ "name": "samba-reply-nttrans-bo(12749)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12749"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2004/0xxx/CVE-2004-0412.json b/2004/0xxx/CVE-2004-0412.json
index 14664eb870c..0df93c43c68 100644
--- a/2004/0xxx/CVE-2004-0412.json
+++ b/2004/0xxx/CVE-2004-0412.json
@@ -1,102 +1,102 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2004-0412",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2004-0412",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "[Mailman-Announce] 20040515 RELEASED Mailman 2.1.5",
- "refsource" : "MLIST",
- "url" : "http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html"
- },
- {
- "name" : "CLA-2004:842",
- "refsource" : "CONECTIVA",
- "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842"
- },
- {
- "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559",
- "refsource" : "CONFIRM",
- "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559"
- },
- {
- "name" : "FEDORA-2004-1734",
- "refsource" : "FEDORA",
- "url" : "http://marc.info/?l=bugtraq&m=109034869927955&w=2"
- },
- {
- "name" : "GLSA-200406-04",
- "refsource" : "GENTOO",
- "url" : "http://security.gentoo.org/glsa/glsa-200406-04.xml"
- },
- {
- "name" : "MDKSA-2004:051",
- "refsource" : "MANDRAKE",
- "url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:051"
- },
- {
- "name" : "10412",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/10412"
- },
- {
- "name" : "11701",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/11701"
- },
- {
- "name" : "mailman-obtain-password(16256)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16256"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "10412",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/10412"
+ },
+ {
+ "name": "GLSA-200406-04",
+ "refsource": "GENTOO",
+ "url": "http://security.gentoo.org/glsa/glsa-200406-04.xml"
+ },
+ {
+ "name": "11701",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/11701"
+ },
+ {
+ "name": "mailman-obtain-password(16256)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16256"
+ },
+ {
+ "name": "MDKSA-2004:051",
+ "refsource": "MANDRAKE",
+ "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:051"
+ },
+ {
+ "name": "FEDORA-2004-1734",
+ "refsource": "FEDORA",
+ "url": "http://marc.info/?l=bugtraq&m=109034869927955&w=2"
+ },
+ {
+ "name": "CLA-2004:842",
+ "refsource": "CONECTIVA",
+ "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842"
+ },
+ {
+ "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559",
+ "refsource": "CONFIRM",
+ "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123559"
+ },
+ {
+ "name": "[Mailman-Announce] 20040515 RELEASED Mailman 2.1.5",
+ "refsource": "MLIST",
+ "url": "http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2004/0xxx/CVE-2004-0881.json b/2004/0xxx/CVE-2004-0881.json
index 41ec781a5c2..cff21cb4124 100644
--- a/2004/0xxx/CVE-2004-0881.json
+++ b/2004/0xxx/CVE-2004-0881.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2004-0881",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2004-0881",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20040919 Local root compromise possible with getmail",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=109571883130372&w=2"
- },
- {
- "name" : "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG",
- "refsource" : "CONFIRM",
- "url" : "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
- },
- {
- "name" : "DSA-553",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2004/dsa-553"
- },
- {
- "name" : "GLSA-200409-32",
- "refsource" : "GENTOO",
- "url" : "http://security.gentoo.org/glsa/glsa-200409-32.xml"
- },
- {
- "name" : "getmail-maildir-race-condition(17439)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17439"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20040919 Local root compromise possible with getmail",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=109571883130372&w=2"
+ },
+ {
+ "name": "DSA-553",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2004/dsa-553"
+ },
+ {
+ "name": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG",
+ "refsource": "CONFIRM",
+ "url": "http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG"
+ },
+ {
+ "name": "GLSA-200409-32",
+ "refsource": "GENTOO",
+ "url": "http://security.gentoo.org/glsa/glsa-200409-32.xml"
+ },
+ {
+ "name": "getmail-maildir-race-condition(17439)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17439"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2004/1xxx/CVE-2004-1071.json b/2004/1xxx/CVE-2004-1071.json
index 375182daa73..b994c5d30a1 100644
--- a/2004/1xxx/CVE-2004-1071.json
+++ b/2004/1xxx/CVE-2004-1071.json
@@ -1,152 +1,152 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2004-1071",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2004-1071",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt",
- "refsource" : "MISC",
- "url" : "http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt"
- },
- {
- "name" : "DSA-1070",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2006/dsa-1070"
- },
- {
- "name" : "DSA-1067",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2006/dsa-1067"
- },
- {
- "name" : "DSA-1069",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2006/dsa-1069"
- },
- {
- "name" : "DSA-1082",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2006/dsa-1082"
- },
- {
- "name" : "FLSA:2336",
- "refsource" : "FEDORA",
- "url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2336"
- },
- {
- "name" : "MDKSA-2005:022",
- "refsource" : "MANDRAKE",
- "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022"
- },
- {
- "name" : "RHSA-2004:537",
- "refsource" : "REDHAT",
- "url" : "http://www.redhat.com/support/errata/RHSA-2004-537.html"
- },
- {
- "name" : "RHSA-2004:504",
- "refsource" : "REDHAT",
- "url" : "http://www.redhat.com/support/errata/RHSA-2004-504.html"
- },
- {
- "name" : "RHSA-2004:505",
- "refsource" : "REDHAT",
- "url" : "http://www.redhat.com/support/errata/RHSA-2004-505.html"
- },
- {
- "name" : "20060402-01-U",
- "refsource" : "SGI",
- "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U"
- },
- {
- "name" : "11646",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/11646"
- },
- {
- "name" : "oval:org.mitre.oval:def:9917",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9917"
- },
- {
- "name" : "20162",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/20162"
- },
- {
- "name" : "20163",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/20163"
- },
- {
- "name" : "20202",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/20202"
- },
- {
- "name" : "20338",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/20338"
- },
- {
- "name" : "19607",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/19607"
- },
- {
- "name" : "linux-elf-setuid-gain-privileges(18025)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18025"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20163",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/20163"
+ },
+ {
+ "name": "DSA-1082",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2006/dsa-1082"
+ },
+ {
+ "name": "MDKSA-2005:022",
+ "refsource": "MANDRAKE",
+ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022"
+ },
+ {
+ "name": "http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt",
+ "refsource": "MISC",
+ "url": "http://www.isec.pl/vulnerabilities/isec-0017-binfmt_elf.txt"
+ },
+ {
+ "name": "FLSA:2336",
+ "refsource": "FEDORA",
+ "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2336"
+ },
+ {
+ "name": "19607",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/19607"
+ },
+ {
+ "name": "DSA-1070",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2006/dsa-1070"
+ },
+ {
+ "name": "RHSA-2004:537",
+ "refsource": "REDHAT",
+ "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html"
+ },
+ {
+ "name": "20162",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/20162"
+ },
+ {
+ "name": "linux-elf-setuid-gain-privileges(18025)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18025"
+ },
+ {
+ "name": "DSA-1067",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2006/dsa-1067"
+ },
+ {
+ "name": "11646",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/11646"
+ },
+ {
+ "name": "DSA-1069",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2006/dsa-1069"
+ },
+ {
+ "name": "20060402-01-U",
+ "refsource": "SGI",
+ "url": "ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U"
+ },
+ {
+ "name": "RHSA-2004:505",
+ "refsource": "REDHAT",
+ "url": "http://www.redhat.com/support/errata/RHSA-2004-505.html"
+ },
+ {
+ "name": "20202",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/20202"
+ },
+ {
+ "name": "RHSA-2004:504",
+ "refsource": "REDHAT",
+ "url": "http://www.redhat.com/support/errata/RHSA-2004-504.html"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:9917",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9917"
+ },
+ {
+ "name": "20338",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/20338"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2004/1xxx/CVE-2004-1148.json b/2004/1xxx/CVE-2004-1148.json
index 34c2682b97f..2c302711529 100644
--- a/2004/1xxx/CVE-2004-1148.json
+++ b/2004/1xxx/CVE-2004-1148.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2004-1148",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2004-1148",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20041213 Multiple vulnerabilities in phpMyAdmin",
- "refsource" : "BUGTRAQ",
- "url" : "http://marc.info/?l=bugtraq&m=110295781828323&w=2"
- },
- {
- "name" : "http://www.exaprobe.com/labs/advisories/esa-2004-1213.html",
- "refsource" : "MISC",
- "url" : "http://www.exaprobe.com/labs/advisories/esa-2004-1213.html"
- },
- {
- "name" : "phpmyadmin-command-execute(18441)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18441"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "phpmyadmin-command-execute(18441)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18441"
+ },
+ {
+ "name": "20041213 Multiple vulnerabilities in phpMyAdmin",
+ "refsource": "BUGTRAQ",
+ "url": "http://marc.info/?l=bugtraq&m=110295781828323&w=2"
+ },
+ {
+ "name": "http://www.exaprobe.com/labs/advisories/esa-2004-1213.html",
+ "refsource": "MISC",
+ "url": "http://www.exaprobe.com/labs/advisories/esa-2004-1213.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2004/2xxx/CVE-2004-2306.json b/2004/2xxx/CVE-2004-2306.json
index 0c0d99f20b4..aebdfea3f90 100644
--- a/2004/2xxx/CVE-2004-2306.json
+++ b/2004/2xxx/CVE-2004-2306.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2004-2306",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2004-2306",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "57483",
- "refsource" : "SUNALERT",
- "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57483-1"
- },
- {
- "name" : "O-070",
- "refsource" : "CIAC",
- "url" : "http://www.ciac.org/ciac/bulletins/o-070.shtml"
- },
- {
- "name" : "13724",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/13724"
- },
- {
- "name" : "solaris-bsm-sunwscpu-weak-security(15042)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15042"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "13724",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/13724"
+ },
+ {
+ "name": "solaris-bsm-sunwscpu-weak-security(15042)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15042"
+ },
+ {
+ "name": "O-070",
+ "refsource": "CIAC",
+ "url": "http://www.ciac.org/ciac/bulletins/o-070.shtml"
+ },
+ {
+ "name": "57483",
+ "refsource": "SUNALERT",
+ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57483-1"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2004/2xxx/CVE-2004-2316.json b/2004/2xxx/CVE-2004-2316.json
index 536035b8896..b26fe5dd326 100644
--- a/2004/2xxx/CVE-2004-2316.json
+++ b/2004/2xxx/CVE-2004-2316.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2004-2316",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via a GET request containing an MS-DOS device name such as COM1."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2004-2316",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "9494",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/9494"
- },
- {
- "name" : "10710",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/10710/"
- },
- {
- "name" : "mbedthis-multiple-dos(14926)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14926"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via a GET request containing an MS-DOS device name such as COM1."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "9494",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/9494"
+ },
+ {
+ "name": "10710",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/10710/"
+ },
+ {
+ "name": "mbedthis-multiple-dos(14926)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14926"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2004/2xxx/CVE-2004-2660.json b/2004/2xxx/CVE-2004-2660.json
index 0ce9dd9af60..f8e56800862 100644
--- a/2004/2xxx/CVE-2004-2660.json
+++ b/2004/2xxx/CVE-2004-2660.json
@@ -1,107 +1,107 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2004-2660",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows local users to cause a denial of service (memory consumption) via certain O_DIRECT (direct IO) write requests."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2004-2660",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://linux.bkbits.net:8080/linux-2.6/cset@4182a613oVsK0-8eCWpyYFrUf8rhLA",
- "refsource" : "CONFIRM",
- "url" : "http://linux.bkbits.net:8080/linux-2.6/cset@4182a613oVsK0-8eCWpyYFrUf8rhLA"
- },
- {
- "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.10",
- "refsource" : "CONFIRM",
- "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.10"
- },
- {
- "name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm",
- "refsource" : "CONFIRM",
- "url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm"
- },
- {
- "name" : "DSA-1184",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2006/dsa-1184"
- },
- {
- "name" : "RHSA-2006:0617",
- "refsource" : "REDHAT",
- "url" : "http://www.redhat.com/support/errata/RHSA-2006-0617.html"
- },
- {
- "name" : "19665",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/19665"
- },
- {
- "name" : "oval:org.mitre.oval:def:10165",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10165"
- },
- {
- "name" : "21605",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/21605"
- },
- {
- "name" : "22093",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/22093"
- },
- {
- "name" : "22174",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/22174"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows local users to cause a denial of service (memory consumption) via certain O_DIRECT (direct IO) write requests."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "oval:org.mitre.oval:def:10165",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10165"
+ },
+ {
+ "name": "RHSA-2006:0617",
+ "refsource": "REDHAT",
+ "url": "http://www.redhat.com/support/errata/RHSA-2006-0617.html"
+ },
+ {
+ "name": "21605",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/21605"
+ },
+ {
+ "name": "22174",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/22174"
+ },
+ {
+ "name": "http://linux.bkbits.net:8080/linux-2.6/cset@4182a613oVsK0-8eCWpyYFrUf8rhLA",
+ "refsource": "CONFIRM",
+ "url": "http://linux.bkbits.net:8080/linux-2.6/cset@4182a613oVsK0-8eCWpyYFrUf8rhLA"
+ },
+ {
+ "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.10",
+ "refsource": "CONFIRM",
+ "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.10"
+ },
+ {
+ "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm",
+ "refsource": "CONFIRM",
+ "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm"
+ },
+ {
+ "name": "19665",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/19665"
+ },
+ {
+ "name": "22093",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/22093"
+ },
+ {
+ "name": "DSA-1184",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2006/dsa-1184"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/2xxx/CVE-2008-2197.json b/2008/2xxx/CVE-2008-2197.json
index e0e85388763..27c6f792b78 100644
--- a/2008/2xxx/CVE-2008-2197.json
+++ b/2008/2xxx/CVE-2008-2197.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-2197",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "SQL injection vulnerability in the blogwriter module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter to index.php."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-2197",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "5548",
- "refsource" : "EXPLOIT-DB",
- "url" : "https://www.exploit-db.com/exploits/5548"
- },
- {
- "name" : "29061",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/29061"
- },
- {
- "name" : "30085",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/30085"
- },
- {
- "name" : "blogwriter-historymonth-sql-injection(42220)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42220"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "SQL injection vulnerability in the blogwriter module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter to index.php."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "blogwriter-historymonth-sql-injection(42220)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42220"
+ },
+ {
+ "name": "30085",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/30085"
+ },
+ {
+ "name": "29061",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/29061"
+ },
+ {
+ "name": "5548",
+ "refsource": "EXPLOIT-DB",
+ "url": "https://www.exploit-db.com/exploits/5548"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/2xxx/CVE-2008-2615.json b/2008/2xxx/CVE-2008-2615.json
index 83bdeec1fb8..35e4df63194 100644
--- a/2008/2xxx/CVE-2008-2615.json
+++ b/2008/2xxx/CVE-2008-2615.json
@@ -1,102 +1,102 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-2615",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2616, CVE-2008-2617, CVE-2008-2618, CVE-2008-2620, CVE-2008-2621, and CVE-2008-2622."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-2615",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
- },
- {
- "name" : "HPSBMA02133",
- "refsource" : "HP",
- "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
- },
- {
- "name" : "SSRT061201",
- "refsource" : "HP",
- "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
- },
- {
- "name" : "ADV-2008-2115",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2008/2115"
- },
- {
- "name" : "ADV-2008-2109",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2008/2109/references"
- },
- {
- "name" : "1020497",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id?1020497"
- },
- {
- "name" : "31113",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/31113"
- },
- {
- "name" : "31087",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/31087"
- },
- {
- "name" : "oracle-peoplesoft-peoptools-priv-escalation1(43816)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43816"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2616, CVE-2008-2617, CVE-2008-2618, CVE-2008-2620, CVE-2008-2621, and CVE-2008-2622."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
+ },
+ {
+ "name": "ADV-2008-2115",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2008/2115"
+ },
+ {
+ "name": "SSRT061201",
+ "refsource": "HP",
+ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
+ },
+ {
+ "name": "1020497",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id?1020497"
+ },
+ {
+ "name": "HPSBMA02133",
+ "refsource": "HP",
+ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
+ },
+ {
+ "name": "ADV-2008-2109",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2008/2109/references"
+ },
+ {
+ "name": "oracle-peoplesoft-peoptools-priv-escalation1(43816)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43816"
+ },
+ {
+ "name": "31087",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/31087"
+ },
+ {
+ "name": "31113",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/31113"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/2xxx/CVE-2008-2726.json b/2008/2xxx/CVE-2008-2726.json
index 75a367e4f45..1271d919c65 100644
--- a/2008/2xxx/CVE-2008-2726.json
+++ b/2008/2xxx/CVE-2008-2726.json
@@ -1,272 +1,272 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-2726",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the \"beg + rlen\" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert@redhat.com",
+ "ID": "CVE-2008-2726",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20080626 rPSA-2008-0206-1 ruby",
- "refsource" : "BUGTRAQ",
- "url" : "http://www.securityfocus.com/archive/1/493688/100/0/threaded"
- },
- {
- "name" : "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/",
- "refsource" : "MISC",
- "url" : "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/"
- },
- {
- "name" : "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities",
- "refsource" : "MISC",
- "url" : "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities"
- },
- {
- "name" : "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/",
- "refsource" : "MISC",
- "url" : "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/"
- },
- {
- "name" : "http://www.ruby-forum.com/topic/157034",
- "refsource" : "MISC",
- "url" : "http://www.ruby-forum.com/topic/157034"
- },
- {
- "name" : "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html",
- "refsource" : "MISC",
- "url" : "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html"
- },
- {
- "name" : "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html",
- "refsource" : "MISC",
- "url" : "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html"
- },
- {
- "name" : "[fedora-security-commits] 20080620 fedora-security/audit f10, 1.7, 1.8 f8, 1.225, 1.226 f9, 1.215, 1.216",
- "refsource" : "MLIST",
- "url" : "http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html"
- },
- {
- "name" : "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657",
- "refsource" : "CONFIRM",
- "url" : "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657"
- },
- {
- "name" : "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460",
- "refsource" : "CONFIRM",
- "url" : "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460"
- },
- {
- "name" : "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/",
- "refsource" : "CONFIRM",
- "url" : "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"
- },
- {
- "name" : "http://support.apple.com/kb/HT2163",
- "refsource" : "CONFIRM",
- "url" : "http://support.apple.com/kb/HT2163"
- },
- {
- "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206",
- "refsource" : "CONFIRM",
- "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206"
- },
- {
- "name" : "https://issues.rpath.com/browse/RPL-2626",
- "refsource" : "CONFIRM",
- "url" : "https://issues.rpath.com/browse/RPL-2626"
- },
- {
- "name" : "APPLE-SA-2008-06-30",
- "refsource" : "APPLE",
- "url" : "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
- },
- {
- "name" : "DSA-1612",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2008/dsa-1612"
- },
- {
- "name" : "DSA-1618",
- "refsource" : "DEBIAN",
- "url" : "http://www.debian.org/security/2008/dsa-1618"
- },
- {
- "name" : "FEDORA-2008-5649",
- "refsource" : "FEDORA",
- "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html"
- },
- {
- "name" : "GLSA-200812-17",
- "refsource" : "GENTOO",
- "url" : "http://security.gentoo.org/glsa/glsa-200812-17.xml"
- },
- {
- "name" : "MDVSA-2008:140",
- "refsource" : "MANDRIVA",
- "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140"
- },
- {
- "name" : "MDVSA-2008:141",
- "refsource" : "MANDRIVA",
- "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141"
- },
- {
- "name" : "MDVSA-2008:142",
- "refsource" : "MANDRIVA",
- "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142"
- },
- {
- "name" : "RHSA-2008:0561",
- "refsource" : "REDHAT",
- "url" : "http://www.redhat.com/support/errata/RHSA-2008-0561.html"
- },
- {
- "name" : "SSA:2008-179-01",
- "refsource" : "SLACKWARE",
- "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562"
- },
- {
- "name" : "SUSE-SR:2008:017",
- "refsource" : "SUSE",
- "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
- },
- {
- "name" : "USN-621-1",
- "refsource" : "UBUNTU",
- "url" : "http://www.ubuntu.com/usn/usn-621-1"
- },
- {
- "name" : "29903",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/29903"
- },
- {
- "name" : "oval:org.mitre.oval:def:9959",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959"
- },
- {
- "name" : "ADV-2008-1907",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2008/1907/references"
- },
- {
- "name" : "ADV-2008-1981",
- "refsource" : "VUPEN",
- "url" : "http://www.vupen.com/english/advisories/2008/1981/references"
- },
- {
- "name" : "1020347",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id?1020347"
- },
- {
- "name" : "30831",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/30831"
- },
- {
- "name" : "30802",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/30802"
- },
- {
- "name" : "31062",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/31062"
- },
- {
- "name" : "31090",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/31090"
- },
- {
- "name" : "31181",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/31181"
- },
- {
- "name" : "31256",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/31256"
- },
- {
- "name" : "31687",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/31687"
- },
- {
- "name" : "30867",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/30867"
- },
- {
- "name" : "30875",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/30875"
- },
- {
- "name" : "30894",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/30894"
- },
- {
- "name" : "33178",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/33178"
- },
- {
- "name" : "ruby-rbarysplice-begrlen-code-execution(43351)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43351"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the \"beg + rlen\" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "SUSE-SR:2008:017",
+ "refsource": "SUSE",
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
+ },
+ {
+ "name": "http://support.apple.com/kb/HT2163",
+ "refsource": "CONFIRM",
+ "url": "http://support.apple.com/kb/HT2163"
+ },
+ {
+ "name": "31090",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/31090"
+ },
+ {
+ "name": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities",
+ "refsource": "MISC",
+ "url": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities"
+ },
+ {
+ "name": "MDVSA-2008:141",
+ "refsource": "MANDRIVA",
+ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141"
+ },
+ {
+ "name": "30875",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/30875"
+ },
+ {
+ "name": "ADV-2008-1981",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2008/1981/references"
+ },
+ {
+ "name": "ruby-rbarysplice-begrlen-code-execution(43351)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43351"
+ },
+ {
+ "name": "ADV-2008-1907",
+ "refsource": "VUPEN",
+ "url": "http://www.vupen.com/english/advisories/2008/1907/references"
+ },
+ {
+ "name": "DSA-1618",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2008/dsa-1618"
+ },
+ {
+ "name": "31687",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/31687"
+ },
+ {
+ "name": "30894",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/30894"
+ },
+ {
+ "name": "31062",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/31062"
+ },
+ {
+ "name": "31256",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/31256"
+ },
+ {
+ "name": "20080626 rPSA-2008-0206-1 ruby",
+ "refsource": "BUGTRAQ",
+ "url": "http://www.securityfocus.com/archive/1/493688/100/0/threaded"
+ },
+ {
+ "name": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/",
+ "refsource": "MISC",
+ "url": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/"
+ },
+ {
+ "name": "SSA:2008-179-01",
+ "refsource": "SLACKWARE",
+ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562"
+ },
+ {
+ "name": "APPLE-SA-2008-06-30",
+ "refsource": "APPLE",
+ "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
+ },
+ {
+ "name": "1020347",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id?1020347"
+ },
+ {
+ "name": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html",
+ "refsource": "MISC",
+ "url": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html"
+ },
+ {
+ "name": "[fedora-security-commits] 20080620 fedora-security/audit f10, 1.7, 1.8 f8, 1.225, 1.226 f9, 1.215, 1.216",
+ "refsource": "MLIST",
+ "url": "http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html"
+ },
+ {
+ "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206",
+ "refsource": "CONFIRM",
+ "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206"
+ },
+ {
+ "name": "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657",
+ "refsource": "CONFIRM",
+ "url": "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657"
+ },
+ {
+ "name": "FEDORA-2008-5649",
+ "refsource": "FEDORA",
+ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html"
+ },
+ {
+ "name": "MDVSA-2008:140",
+ "refsource": "MANDRIVA",
+ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140"
+ },
+ {
+ "name": "30802",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/30802"
+ },
+ {
+ "name": "30831",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/30831"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:9959",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959"
+ },
+ {
+ "name": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460",
+ "refsource": "CONFIRM",
+ "url": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460"
+ },
+ {
+ "name": "RHSA-2008:0561",
+ "refsource": "REDHAT",
+ "url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html"
+ },
+ {
+ "name": "https://issues.rpath.com/browse/RPL-2626",
+ "refsource": "CONFIRM",
+ "url": "https://issues.rpath.com/browse/RPL-2626"
+ },
+ {
+ "name": "DSA-1612",
+ "refsource": "DEBIAN",
+ "url": "http://www.debian.org/security/2008/dsa-1612"
+ },
+ {
+ "name": "GLSA-200812-17",
+ "refsource": "GENTOO",
+ "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
+ },
+ {
+ "name": "33178",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/33178"
+ },
+ {
+ "name": "29903",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/29903"
+ },
+ {
+ "name": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html",
+ "refsource": "MISC",
+ "url": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html"
+ },
+ {
+ "name": "30867",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/30867"
+ },
+ {
+ "name": "MDVSA-2008:142",
+ "refsource": "MANDRIVA",
+ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142"
+ },
+ {
+ "name": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/",
+ "refsource": "CONFIRM",
+ "url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"
+ },
+ {
+ "name": "http://www.ruby-forum.com/topic/157034",
+ "refsource": "MISC",
+ "url": "http://www.ruby-forum.com/topic/157034"
+ },
+ {
+ "name": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/",
+ "refsource": "MISC",
+ "url": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/"
+ },
+ {
+ "name": "USN-621-1",
+ "refsource": "UBUNTU",
+ "url": "http://www.ubuntu.com/usn/usn-621-1"
+ },
+ {
+ "name": "31181",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/31181"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/6xxx/CVE-2008-6056.json b/2008/6xxx/CVE-2008-6056.json
index ef6dbca0939..9ec937fd4e8 100644
--- a/2008/6xxx/CVE-2008-6056.json
+++ b/2008/6xxx/CVE-2008-6056.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-6056",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Multiple cross-site scripting (XSS) vulnerabilities in World Recipe 2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to emailrecipe.aspx, (2) id parameter to recipedetail.aspx, and the (3) catid parameter to validatefieldlength.aspx."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-6056",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20081215 Multiple XSS Vulnerabilities in World Recipe 2.11",
- "refsource" : "BUGTRAQ",
- "url" : "http://www.securityfocus.com/archive/1/499217/100/0/threaded"
- },
- {
- "name" : "32837",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/32837"
- },
- {
- "name" : "worldrecipe-multiple-xss(47366)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47366"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Multiple cross-site scripting (XSS) vulnerabilities in World Recipe 2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to emailrecipe.aspx, (2) id parameter to recipedetail.aspx, and the (3) catid parameter to validatefieldlength.aspx."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "32837",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/32837"
+ },
+ {
+ "name": "20081215 Multiple XSS Vulnerabilities in World Recipe 2.11",
+ "refsource": "BUGTRAQ",
+ "url": "http://www.securityfocus.com/archive/1/499217/100/0/threaded"
+ },
+ {
+ "name": "worldrecipe-multiple-xss(47366)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47366"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2008/6xxx/CVE-2008-6927.json b/2008/6xxx/CVE-2008-6927.json
index d9fc023b88b..948203e1f61 100644
--- a/2008/6xxx/CVE-2008-6927.json
+++ b/2008/6xxx/CVE-2008-6927.json
@@ -1,97 +1,97 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2008-6927",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2008-6927",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20081031 Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani",
- "refsource" : "BUGTRAQ",
- "url" : "http://www.securityfocus.com/archive/1/497964/100/0/threaded"
- },
- {
- "name" : "20081120 Re: Cpanel 11 Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani",
- "refsource" : "BUGTRAQ",
- "url" : "http://www.securityfocus.com/archive/1/498519"
- },
- {
- "name" : "20081120 Re: Cpanel 11 Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani",
- "refsource" : "BUGTRAQ",
- "url" : "http://www.securityfocus.com/archive/1/498526"
- },
- {
- "name" : "6897",
- "refsource" : "EXPLOIT-DB",
- "url" : "https://www.exploit-db.com/exploits/6897"
- },
- {
- "name" : "http://www.netenberg.com/forum/index.php?topic=6832",
- "refsource" : "MISC",
- "url" : "http://www.netenberg.com/forum/index.php?topic=6832"
- },
- {
- "name" : "49518",
- "refsource" : "OSVDB",
- "url" : "http://www.osvdb.org/49518"
- },
- {
- "name" : "32423",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/32423"
- },
- {
- "name" : "cpanel-autoinstall-xss(46253)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46253"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "20081120 Re: Cpanel 11 Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani",
+ "refsource": "BUGTRAQ",
+ "url": "http://www.securityfocus.com/archive/1/498526"
+ },
+ {
+ "name": "6897",
+ "refsource": "EXPLOIT-DB",
+ "url": "https://www.exploit-db.com/exploits/6897"
+ },
+ {
+ "name": "49518",
+ "refsource": "OSVDB",
+ "url": "http://www.osvdb.org/49518"
+ },
+ {
+ "name": "20081120 Re: Cpanel 11 Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani",
+ "refsource": "BUGTRAQ",
+ "url": "http://www.securityfocus.com/archive/1/498519"
+ },
+ {
+ "name": "32423",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/32423"
+ },
+ {
+ "name": "http://www.netenberg.com/forum/index.php?topic=6832",
+ "refsource": "MISC",
+ "url": "http://www.netenberg.com/forum/index.php?topic=6832"
+ },
+ {
+ "name": "20081031 Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani",
+ "refsource": "BUGTRAQ",
+ "url": "http://www.securityfocus.com/archive/1/497964/100/0/threaded"
+ },
+ {
+ "name": "cpanel-autoinstall-xss(46253)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46253"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/1xxx/CVE-2012-1698.json b/2012/1xxx/CVE-2012-1698.json
index 399925c3ead..5c8dc775429 100644
--- a/2012/1xxx/CVE-2012-1698.json
+++ b/2012/1xxx/CVE-2012-1698.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-1698",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Unspecified vulnerability in Oracle Sun Solaris 11 allows remote authenticated users to affect confidentiality, related to Kernel/GLD."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert_us@oracle.com",
+ "ID": "CVE-2012-1698",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
- },
- {
- "name" : "MDVSA-2013:150",
- "refsource" : "MANDRIVA",
- "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
- },
- {
- "name" : "53128",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/53128"
- },
- {
- "name" : "1026940",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id?1026940"
- },
- {
- "name" : "48809",
- "refsource" : "SECUNIA",
- "url" : "http://secunia.com/advisories/48809"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Unspecified vulnerability in Oracle Sun Solaris 11 allows remote authenticated users to affect confidentiality, related to Kernel/GLD."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "53128",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/53128"
+ },
+ {
+ "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
+ },
+ {
+ "name": "1026940",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id?1026940"
+ },
+ {
+ "name": "MDVSA-2013:150",
+ "refsource": "MANDRIVA",
+ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
+ },
+ {
+ "name": "48809",
+ "refsource": "SECUNIA",
+ "url": "http://secunia.com/advisories/48809"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/1xxx/CVE-2012-1726.json b/2012/1xxx/CVE-2012-1726.json
index 4f77fef501f..0e9774e501f 100644
--- a/2012/1xxx/CVE-2012-1726.json
+++ b/2012/1xxx/CVE-2012-1726.json
@@ -1,92 +1,92 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-1726",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert_us@oracle.com",
+ "ID": "CVE-2012-1726",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html"
- },
- {
- "name" : "GLSA-201406-32",
- "refsource" : "GENTOO",
- "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
- },
- {
- "name" : "HPSBUX02805",
- "refsource" : "HP",
- "url" : "http://marc.info/?l=bugtraq&m=134496371727681&w=2"
- },
- {
- "name" : "SSRT100919",
- "refsource" : "HP",
- "url" : "http://marc.info/?l=bugtraq&m=134496371727681&w=2"
- },
- {
- "name" : "SUSE-SU-2012:1231",
- "refsource" : "SUSE",
- "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html"
- },
- {
- "name" : "53948",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/53948"
- },
- {
- "name" : "oval:org.mitre.oval:def:16699",
- "refsource" : "OVAL",
- "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16699"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "GLSA-201406-32",
+ "refsource": "GENTOO",
+ "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
+ },
+ {
+ "name": "SUSE-SU-2012:1231",
+ "refsource": "SUSE",
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html"
+ },
+ {
+ "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html"
+ },
+ {
+ "name": "SSRT100919",
+ "refsource": "HP",
+ "url": "http://marc.info/?l=bugtraq&m=134496371727681&w=2"
+ },
+ {
+ "name": "oval:org.mitre.oval:def:16699",
+ "refsource": "OVAL",
+ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16699"
+ },
+ {
+ "name": "53948",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/53948"
+ },
+ {
+ "name": "HPSBUX02805",
+ "refsource": "HP",
+ "url": "http://marc.info/?l=bugtraq&m=134496371727681&w=2"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/1xxx/CVE-2012-1838.json b/2012/1xxx/CVE-2012-1838.json
index b4b0d3ff02a..2b02d6dace3 100644
--- a/2012/1xxx/CVE-2012-1838.json
+++ b/2012/1xxx/CVE-2012-1838.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-1838",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The web management interface on the LG-Nortel ELO GS24M switch allows remote attackers to bypass authentication, and consequently obtain cleartext credential and configuration information, via a direct request to a configuration web page."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2012-1838",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "VU#523027",
- "refsource" : "CERT-VN",
- "url" : "http://www.kb.cert.org/vuls/id/523027"
- },
- {
- "name" : "80370",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/80370"
- },
- {
- "name" : "lgnortel-switch-info-disclosure(74237)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74237"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The web management interface on the LG-Nortel ELO GS24M switch allows remote attackers to bypass authentication, and consequently obtain cleartext credential and configuration information, via a direct request to a configuration web page."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "VU#523027",
+ "refsource": "CERT-VN",
+ "url": "http://www.kb.cert.org/vuls/id/523027"
+ },
+ {
+ "name": "80370",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/80370"
+ },
+ {
+ "name": "lgnortel-switch-info-disclosure(74237)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74237"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/5xxx/CVE-2012-5629.json b/2012/5xxx/CVE-2012-5629.json
index 67a8cec0fd7..f907aac0e62 100644
--- a/2012/5xxx/CVE-2012-5629.json
+++ b/2012/5xxx/CVE-2012-5629.json
@@ -1,107 +1,107 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-5629",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert@redhat.com",
+ "ID": "CVE-2012-5629",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569",
- "refsource" : "MISC",
- "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569"
- },
- {
- "name" : "RHSA-2013:0229",
- "refsource" : "REDHAT",
- "url" : "http://rhn.redhat.com/errata/RHSA-2013-0229.html"
- },
- {
- "name" : "RHSA-2013:0230",
- "refsource" : "REDHAT",
- "url" : "http://rhn.redhat.com/errata/RHSA-2013-0230.html"
- },
- {
- "name" : "RHSA-2013:0231",
- "refsource" : "REDHAT",
- "url" : "http://rhn.redhat.com/errata/RHSA-2013-0231.html"
- },
- {
- "name" : "RHSA-2013:0232",
- "refsource" : "REDHAT",
- "url" : "http://rhn.redhat.com/errata/RHSA-2013-0232.html"
- },
- {
- "name" : "RHSA-2013:0233",
- "refsource" : "REDHAT",
- "url" : "http://rhn.redhat.com/errata/RHSA-2013-0233.html"
- },
- {
- "name" : "RHSA-2013:0234",
- "refsource" : "REDHAT",
- "url" : "http://rhn.redhat.com/errata/RHSA-2013-0234.html"
- },
- {
- "name" : "RHSA-2013:0248",
- "refsource" : "REDHAT",
- "url" : "http://rhn.redhat.com/errata/RHSA-2013-0248.html"
- },
- {
- "name" : "RHSA-2013:0586",
- "refsource" : "REDHAT",
- "url" : "http://rhn.redhat.com/errata/RHSA-2013-0586.html"
- },
- {
- "name" : "RHSA-2013:0533",
- "refsource" : "REDHAT",
- "url" : "http://rhn.redhat.com/errata/RHSA-2013-0533.html"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "RHSA-2013:0234",
+ "refsource": "REDHAT",
+ "url": "http://rhn.redhat.com/errata/RHSA-2013-0234.html"
+ },
+ {
+ "name": "RHSA-2013:0586",
+ "refsource": "REDHAT",
+ "url": "http://rhn.redhat.com/errata/RHSA-2013-0586.html"
+ },
+ {
+ "name": "RHSA-2013:0248",
+ "refsource": "REDHAT",
+ "url": "http://rhn.redhat.com/errata/RHSA-2013-0248.html"
+ },
+ {
+ "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569",
+ "refsource": "MISC",
+ "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=885569"
+ },
+ {
+ "name": "RHSA-2013:0229",
+ "refsource": "REDHAT",
+ "url": "http://rhn.redhat.com/errata/RHSA-2013-0229.html"
+ },
+ {
+ "name": "RHSA-2013:0230",
+ "refsource": "REDHAT",
+ "url": "http://rhn.redhat.com/errata/RHSA-2013-0230.html"
+ },
+ {
+ "name": "RHSA-2013:0232",
+ "refsource": "REDHAT",
+ "url": "http://rhn.redhat.com/errata/RHSA-2013-0232.html"
+ },
+ {
+ "name": "RHSA-2013:0533",
+ "refsource": "REDHAT",
+ "url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html"
+ },
+ {
+ "name": "RHSA-2013:0231",
+ "refsource": "REDHAT",
+ "url": "http://rhn.redhat.com/errata/RHSA-2013-0231.html"
+ },
+ {
+ "name": "RHSA-2013:0233",
+ "refsource": "REDHAT",
+ "url": "http://rhn.redhat.com/errata/RHSA-2013-0233.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/5xxx/CVE-2012-5848.json b/2012/5xxx/CVE-2012-5848.json
index efea3d59a68..95d6f5a843a 100644
--- a/2012/5xxx/CVE-2012-5848.json
+++ b/2012/5xxx/CVE-2012-5848.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-5848",
- "STATE" : "REJECT"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
- }
- ]
- }
-}
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2012-5848",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "REJECT"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2012/5xxx/CVE-2012-5876.json b/2012/5xxx/CVE-2012-5876.json
index 2f5234938f2..5562e2442f3 100644
--- a/2012/5xxx/CVE-2012-5876.json
+++ b/2012/5xxx/CVE-2012-5876.json
@@ -1,92 +1,92 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2012-5876",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or (2) HTTP Referer header to TCP port 54444, which triggers a heap-based buffer overflow."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2012-5876",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20130109 Nero MediaHome Multiple Remote DoS Vulnerabilities",
- "refsource" : "BUGTRAQ",
- "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-01/0037.html"
- },
- {
- "name" : "24022",
- "refsource" : "EXPLOIT-DB",
- "url" : "http://www.exploit-db.com/exploits/24022"
- },
- {
- "name" : "https://www.htbridge.com/advisory/HTB23130",
- "refsource" : "MISC",
- "url" : "https://www.htbridge.com/advisory/HTB23130"
- },
- {
- "name" : "57253",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/57253"
- },
- {
- "name" : "89149",
- "refsource" : "OSVDB",
- "url" : "http://osvdb.org/89149"
- },
- {
- "name" : "89150",
- "refsource" : "OSVDB",
- "url" : "http://www.osvdb.org/89150"
- },
- {
- "name" : "mediahome-nmmediaserver-dos(81103)",
- "refsource" : "XF",
- "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81103"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or (2) HTTP Referer header to TCP port 54444, which triggers a heap-based buffer overflow."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "mediahome-nmmediaserver-dos(81103)",
+ "refsource": "XF",
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81103"
+ },
+ {
+ "name": "89150",
+ "refsource": "OSVDB",
+ "url": "http://www.osvdb.org/89150"
+ },
+ {
+ "name": "57253",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/57253"
+ },
+ {
+ "name": "20130109 Nero MediaHome Multiple Remote DoS Vulnerabilities",
+ "refsource": "BUGTRAQ",
+ "url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0037.html"
+ },
+ {
+ "name": "89149",
+ "refsource": "OSVDB",
+ "url": "http://osvdb.org/89149"
+ },
+ {
+ "name": "https://www.htbridge.com/advisory/HTB23130",
+ "refsource": "MISC",
+ "url": "https://www.htbridge.com/advisory/HTB23130"
+ },
+ {
+ "name": "24022",
+ "refsource": "EXPLOIT-DB",
+ "url": "http://www.exploit-db.com/exploits/24022"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/11xxx/CVE-2017-11091.json b/2017/11xxx/CVE-2017-11091.json
index 609ceacce15..439bef9ccd3 100644
--- a/2017/11xxx/CVE-2017-11091.json
+++ b/2017/11xxx/CVE-2017-11091.json
@@ -1,63 +1,63 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "product-security@qualcomm.com",
- "DATE_PUBLIC" : "2017-11-01T00:00:00",
- "ID" : "CVE-2017-11091",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
- "version" : {
- "version_data" : [
- {
- "version_value" : "All Android releases from CAF using the Linux kernel"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Qualcomm, Inc."
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function mdss_rotator_ioctl in the driver /dev/mdss_rotator, a Use-After-Free condition can potentially occur due to a fence being installed too early."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Use After Free in Display"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "product-security@qualcomm.com",
+ "DATE_PUBLIC": "2017-11-01T00:00:00",
+ "ID": "CVE-2017-11091",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "All Android releases from CAF using the Linux kernel"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Qualcomm, Inc."
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://source.android.com/security/bulletin/pixel/2017-11-01",
- "refsource" : "CONFIRM",
- "url" : "https://source.android.com/security/bulletin/pixel/2017-11-01"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the function mdss_rotator_ioctl in the driver /dev/mdss_rotator, a Use-After-Free condition can potentially occur due to a fence being installed too early."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Use After Free in Display"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://source.android.com/security/bulletin/pixel/2017-11-01",
+ "refsource": "CONFIRM",
+ "url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/11xxx/CVE-2017-11105.json b/2017/11xxx/CVE-2017-11105.json
index a3d55b25486..18bf28ab31e 100644
--- a/2017/11xxx/CVE-2017-11105.json
+++ b/2017/11xxx/CVE-2017-11105.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-11105",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The OnePlus 2 Primary Bootloader (PBL) does not validate the SBL1 partition before executing it, although it contains a certificate. This allows attackers with write access to that partition to disable signature validation."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-11105",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://alephsecurity.com/vulns/aleph-2017026",
- "refsource" : "MISC",
- "url" : "https://alephsecurity.com/vulns/aleph-2017026"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The OnePlus 2 Primary Bootloader (PBL) does not validate the SBL1 partition before executing it, although it contains a certificate. This allows attackers with write access to that partition to disable signature validation."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://alephsecurity.com/vulns/aleph-2017026",
+ "refsource": "MISC",
+ "url": "https://alephsecurity.com/vulns/aleph-2017026"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/11xxx/CVE-2017-11307.json b/2017/11xxx/CVE-2017-11307.json
index 26c9c282855..604c147bdde 100644
--- a/2017/11xxx/CVE-2017-11307.json
+++ b/2017/11xxx/CVE-2017-11307.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "psirt@adobe.com",
- "ID" : "CVE-2017-11307",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions",
- "version" : {
- "version_data" : [
- {
- "version_value" : "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Out-of-bounds read"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@adobe.com",
+ "ID": "CVE-2017-11307",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html",
- "refsource" : "MISC",
- "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Out-of-bounds read"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html",
+ "refsource": "MISC",
+ "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/15xxx/CVE-2017-15521.json b/2017/15xxx/CVE-2017-15521.json
index 59ef316e029..be5c3f1d893 100644
--- a/2017/15xxx/CVE-2017-15521.json
+++ b/2017/15xxx/CVE-2017-15521.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-15521",
- "STATE" : "REJECT"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
- }
- ]
- }
-}
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2017-15521",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "REJECT"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/3xxx/CVE-2017-3119.json b/2017/3xxx/CVE-2017-3119.json
index 1e89d1bebb6..b0242276629 100644
--- a/2017/3xxx/CVE-2017-3119.json
+++ b/2017/3xxx/CVE-2017-3119.json
@@ -1,82 +1,82 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "psirt@adobe.com",
- "DATE_PUBLIC" : "2017-08-08T00:00:00",
- "ID" : "CVE-2017-3119",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Acrobat Reader",
- "version" : {
- "version_data" : [
- {
- "version_value" : "2017.009.20058 and earlier"
- },
- {
- "version_value" : "2017.008.30051 and earlier"
- },
- {
- "version_value" : "2015.006.30306 and earlier"
- },
- {
- "version_value" : "11.0.20 and earlier"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Adobe Systems Incorporated"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in Acrobat/Reader 11.0.19 engine. Successful exploitation could lead to arbitrary code execution."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Memory Corruption"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@adobe.com",
+ "DATE_PUBLIC": "2017-08-08T00:00:00",
+ "ID": "CVE-2017-3119",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Acrobat Reader",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "2017.009.20058 and earlier"
+ },
+ {
+ "version_value": "2017.008.30051 and earlier"
+ },
+ {
+ "version_value": "2015.006.30306 and earlier"
+ },
+ {
+ "version_value": "11.0.20 and earlier"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Adobe Systems Incorporated"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html",
- "refsource" : "CONFIRM",
- "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
- },
- {
- "name" : "100179",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/100179"
- },
- {
- "name" : "1039098",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1039098"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in Acrobat/Reader 11.0.19 engine. Successful exploitation could lead to arbitrary code execution."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Memory Corruption"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html",
+ "refsource": "CONFIRM",
+ "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
+ },
+ {
+ "name": "1039098",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1039098"
+ },
+ {
+ "name": "100179",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/100179"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/3xxx/CVE-2017-3156.json b/2017/3xxx/CVE-2017-3156.json
index 22252206f72..6dbba425291 100644
--- a/2017/3xxx/CVE-2017-3156.json
+++ b/2017/3xxx/CVE-2017-3156.json
@@ -1,76 +1,76 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "security@apache.org",
- "DATE_PUBLIC" : "2017-02-20T00:00:00",
- "ID" : "CVE-2017-3156",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Apache CXF",
- "version" : {
- "version_data" : [
- {
- "version_value" : "prior to 3.0.13"
- },
- {
- "version_value" : "3.1.x prior to 3.1.10"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Apache Software Foundation"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Timing attack"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "security@apache.org",
+ "DATE_PUBLIC": "2017-02-20T00:00:00",
+ "ID": "CVE-2017-3156",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Apache CXF",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "prior to 3.0.13"
+ },
+ {
+ "version_value": "3.1.x prior to 3.1.10"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Apache Software Foundation"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://cxf.apache.org/security-advisories.data/CVE-2017-3156.txt.asc",
- "refsource" : "CONFIRM",
- "url" : "http://cxf.apache.org/security-advisories.data/CVE-2017-3156.txt.asc"
- },
- {
- "name" : "RHSA-2017:1832",
- "refsource" : "REDHAT",
- "url" : "https://access.redhat.com/errata/RHSA-2017:1832"
- },
- {
- "name" : "96398",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/96398"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Timing attack"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "96398",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/96398"
+ },
+ {
+ "name": "RHSA-2017:1832",
+ "refsource": "REDHAT",
+ "url": "https://access.redhat.com/errata/RHSA-2017:1832"
+ },
+ {
+ "name": "http://cxf.apache.org/security-advisories.data/CVE-2017-3156.txt.asc",
+ "refsource": "CONFIRM",
+ "url": "http://cxf.apache.org/security-advisories.data/CVE-2017-3156.txt.asc"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/3xxx/CVE-2017-3538.json b/2017/3xxx/CVE-2017-3538.json
index 47a4faa57f6..19644decd39 100644
--- a/2017/3xxx/CVE-2017-3538.json
+++ b/2017/3xxx/CVE-2017-3538.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "secalert_us@oracle.com",
- "ID" : "CVE-2017-3538",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Oracle VM VirtualBox",
- "version" : {
- "version_data" : [
- {
- "version_affected" : "<",
- "version_value" : "5.0.34"
- },
- {
- "version_affected" : "<",
- "version_value" : "5.1.16"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Oracle Corporation"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.34 and Prior to 5.1.16. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N)."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data."
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert_us@oracle.com",
+ "ID": "CVE-2017-3538",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Oracle VM VirtualBox",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<",
+ "version_value": "5.0.34"
+ },
+ {
+ "version_affected": "<",
+ "version_value": "5.1.16"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Oracle Corporation"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
- "refsource" : "CONFIRM",
- "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
- },
- {
- "name" : "97698",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/97698"
- },
- {
- "name" : "1038288",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1038288"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.34 and Prior to 5.1.16. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N)."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data."
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
+ "refsource": "CONFIRM",
+ "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
+ },
+ {
+ "name": "1038288",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1038288"
+ },
+ {
+ "name": "97698",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/97698"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/8xxx/CVE-2017-8550.json b/2017/8xxx/CVE-2017-8550.json
index c50e829648c..19469f008d4 100644
--- a/2017/8xxx/CVE-2017-8550.json
+++ b/2017/8xxx/CVE-2017-8550.json
@@ -1,72 +1,72 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "secure@microsoft.com",
- "ID" : "CVE-2017-8550",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Skype for Business",
- "version" : {
- "version_data" : [
- {
- "version_value" : "Microsoft Office 2016 Click-to-Run (C2R)"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Microsoft Corporation"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka \"Skype for Business Remote Code Execution Vulnerability\"."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Remote Code Execution"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secure@microsoft.com",
+ "ID": "CVE-2017-8550",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Skype for Business",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Microsoft Office 2016 Click-to-Run (C2R)"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Microsoft Corporation"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "42316",
- "refsource" : "EXPLOIT-DB",
- "url" : "https://www.exploit-db.com/exploits/42316/"
- },
- {
- "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8550",
- "refsource" : "CONFIRM",
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8550"
- },
- {
- "name" : "98916",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/98916"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka \"Skype for Business Remote Code Execution Vulnerability\"."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Remote Code Execution"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8550",
+ "refsource": "CONFIRM",
+ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8550"
+ },
+ {
+ "name": "42316",
+ "refsource": "EXPLOIT-DB",
+ "url": "https://www.exploit-db.com/exploits/42316/"
+ },
+ {
+ "name": "98916",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/98916"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/8xxx/CVE-2017-8617.json b/2017/8xxx/CVE-2017-8617.json
index f64b359865c..3333e6a1268 100644
--- a/2017/8xxx/CVE-2017-8617.json
+++ b/2017/8xxx/CVE-2017-8617.json
@@ -1,68 +1,68 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "secure@microsoft.com",
- "DATE_PUBLIC" : "2017-07-11T00:00:00",
- "ID" : "CVE-2017-8617",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Windows 10 1703",
- "version" : {
- "version_data" : [
- {
- "version_value" : "Microsoft Edge"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Microsoft Corporation"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Microsoft Edge in Windows 10 1703 Microsoft Edge allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka \"Microsoft Edge Remote Code Execution Vulnerability.\""
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Remote Code Execution"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secure@microsoft.com",
+ "DATE_PUBLIC": "2017-07-11T00:00:00",
+ "ID": "CVE-2017-8617",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Windows 10 1703",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Microsoft Edge"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Microsoft Corporation"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8617",
- "refsource" : "CONFIRM",
- "url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8617"
- },
- {
- "name" : "99422",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/99422"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Microsoft Edge in Windows 10 1703 Microsoft Edge allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka \"Microsoft Edge Remote Code Execution Vulnerability.\""
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Remote Code Execution"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "99422",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/99422"
+ },
+ {
+ "name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8617",
+ "refsource": "CONFIRM",
+ "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8617"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/8xxx/CVE-2017-8658.json b/2017/8xxx/CVE-2017-8658.json
index 7e4ba8bc8d3..3a7822d4e45 100644
--- a/2017/8xxx/CVE-2017-8658.json
+++ b/2017/8xxx/CVE-2017-8658.json
@@ -1,68 +1,68 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "secure@microsoft.com",
- "DATE_PUBLIC" : "2017-08-10T00:00:00",
- "ID" : "CVE-2017-8658",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "ChakraCore",
- "version" : {
- "version_data" : [
- {
- "version_value" : "ChakraCore V1.7.1"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Microsoft Corporation"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\"."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Remote Code Execution"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secure@microsoft.com",
+ "DATE_PUBLIC": "2017-08-10T00:00:00",
+ "ID": "CVE-2017-8658",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "ChakraCore",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "ChakraCore V1.7.1"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Microsoft Corporation"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658",
- "refsource" : "CONFIRM",
- "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658"
- },
- {
- "name" : "100036",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/100036"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\"."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Remote Code Execution"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "100036",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/100036"
+ },
+ {
+ "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658",
+ "refsource": "CONFIRM",
+ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8658"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/8xxx/CVE-2017-8773.json b/2017/8xxx/CVE-2017-8773.json
index 62af501deb7..c76fcec0dac 100644
--- a/2017/8xxx/CVE-2017-8773.json
+++ b/2017/8xxx/CVE-2017-8773.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2017-8773",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This vulnerability can be exploited to gain Remote Code Execution as well as Privilege Escalation."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2017-8773",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "http://payatu.com/oob-write-heap-buffer-dwcompressionsize-ms-wim/",
- "refsource" : "MISC",
- "url" : "http://payatu.com/oob-write-heap-buffer-dwcompressionsize-ms-wim/"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This vulnerability can be exploited to gain Remote Code Execution as well as Privilege Escalation."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "http://payatu.com/oob-write-heap-buffer-dwcompressionsize-ms-wim/",
+ "refsource": "MISC",
+ "url": "http://payatu.com/oob-write-heap-buffer-dwcompressionsize-ms-wim/"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2017/8xxx/CVE-2017-8957.json b/2017/8xxx/CVE-2017-8957.json
index e5d21d7521a..f4ee47d75fd 100644
--- a/2017/8xxx/CVE-2017-8957.json
+++ b/2017/8xxx/CVE-2017-8957.json
@@ -1,68 +1,68 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "security-alert@hpe.com",
- "DATE_PUBLIC" : "2017-07-22T00:00:00",
- "ID" : "CVE-2017-8957",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Intelligent Management Center (iMC) PLAT",
- "version" : {
- "version_data" : [
- {
- "version_value" : "PLAT 7.2"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Hewlett Packard Enterprise"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Remote Code Execution"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "security-alert@hpe.com",
+ "DATE_PUBLIC": "2017-07-22T00:00:00",
+ "ID": "CVE-2017-8957",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Intelligent Management Center (iMC) PLAT",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "PLAT 7.2"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Hewlett Packard Enterprise"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03764en_us",
- "refsource" : "CONFIRM",
- "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03764en_us"
- },
- {
- "name" : "99925",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/99925"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Remote Code Execution"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "99925",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/99925"
+ },
+ {
+ "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03764en_us",
+ "refsource": "CONFIRM",
+ "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03764en_us"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/10xxx/CVE-2018-10404.json b/2018/10xxx/CVE-2018-10404.json
index 8bfb018a244..af519d73e8e 100644
--- a/2018/10xxx/CVE-2018-10404.json
+++ b/2018/10xxx/CVE-2018-10404.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-10404",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-10404",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/",
- "refsource" : "MISC",
- "url" : "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/",
+ "refsource": "MISC",
+ "url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/10xxx/CVE-2018-10897.json b/2018/10xxx/CVE-2018-10897.json
index 7a2f22318f2..3281d432e46 100644
--- a/2018/10xxx/CVE-2018-10897.json
+++ b/2018/10xxx/CVE-2018-10897.json
@@ -1,112 +1,112 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "psampaio@redhat.com",
- "ID" : "CVE-2018-10897",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "yum-utils:",
- "version" : {
- "version_data" : [
- {
- "version_value" : "1.1.31"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "The RPM Project"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected."
- }
- ]
- },
- "impact" : {
- "cvss" : [
- [
- {
- "vectorString" : "8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "version" : "3.0"
- }
- ]
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "CWE-59"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secalert@redhat.com",
+ "ID": "CVE-2018-10897",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "yum-utils:",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "1.1.31"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "The RPM Project"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897",
- "refsource" : "CONFIRM",
- "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897"
- },
- {
- "name" : "https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c",
- "refsource" : "CONFIRM",
- "url" : "https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c"
- },
- {
- "name" : "https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c",
- "refsource" : "CONFIRM",
- "url" : "https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c"
- },
- {
- "name" : "https://github.com/rpm-software-management/yum-utils/pull/43",
- "refsource" : "CONFIRM",
- "url" : "https://github.com/rpm-software-management/yum-utils/pull/43"
- },
- {
- "name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
- "refsource" : "CONFIRM",
- "url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
- },
- {
- "name" : "RHSA-2018:2284",
- "refsource" : "REDHAT",
- "url" : "https://access.redhat.com/errata/RHSA-2018:2284"
- },
- {
- "name" : "RHSA-2018:2285",
- "refsource" : "REDHAT",
- "url" : "https://access.redhat.com/errata/RHSA-2018:2285"
- },
- {
- "name" : "RHSA-2018:2626",
- "refsource" : "REDHAT",
- "url" : "https://access.redhat.com/errata/RHSA-2018:2626"
- },
- {
- "name" : "1041594",
- "refsource" : "SECTRACK",
- "url" : "http://www.securitytracker.com/id/1041594"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected."
+ }
+ ]
+ },
+ "impact": {
+ "cvss": [
+ [
+ {
+ "vectorString": "8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.0"
+ }
+ ]
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-59"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "1041594",
+ "refsource": "SECTRACK",
+ "url": "http://www.securitytracker.com/id/1041594"
+ },
+ {
+ "name": "RHSA-2018:2285",
+ "refsource": "REDHAT",
+ "url": "https://access.redhat.com/errata/RHSA-2018:2285"
+ },
+ {
+ "name": "RHSA-2018:2284",
+ "refsource": "REDHAT",
+ "url": "https://access.redhat.com/errata/RHSA-2018:2284"
+ },
+ {
+ "name": "https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c",
+ "refsource": "CONFIRM",
+ "url": "https://github.com/rpm-software-management/yum-utils/commit/6a8de061f8fdc885e74ebe8c94625bf53643b71c"
+ },
+ {
+ "name": "RHSA-2018:2626",
+ "refsource": "REDHAT",
+ "url": "https://access.redhat.com/errata/RHSA-2018:2626"
+ },
+ {
+ "name": "https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c",
+ "refsource": "CONFIRM",
+ "url": "https://github.com/rpm-software-management/yum-utils/commit/7554c0133eb830a71dc01846037cc047d0acbc2c"
+ },
+ {
+ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897",
+ "refsource": "CONFIRM",
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10897"
+ },
+ {
+ "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
+ "refsource": "CONFIRM",
+ "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
+ },
+ {
+ "name": "https://github.com/rpm-software-management/yum-utils/pull/43",
+ "refsource": "CONFIRM",
+ "url": "https://github.com/rpm-software-management/yum-utils/pull/43"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/12xxx/CVE-2018-12203.json b/2018/12xxx/CVE-2018-12203.json
index 96f98ed1970..651fe2c846f 100644
--- a/2018/12xxx/CVE-2018-12203.json
+++ b/2018/12xxx/CVE-2018-12203.json
@@ -1,63 +1,63 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "secure@intel.com",
- "DATE_PUBLIC" : "2019-03-12T00:00:00",
- "ID" : "CVE-2018-12203",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Intel Platform Sample / Silicon Reference firmware",
- "version" : {
- "version_data" : [
- {
- "version_value" : "Multiple versions."
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "Intel Corporation"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Denial of service vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel Core Processor, 7th Generation Intel Core Processor may allow privileged user to potentially execute arbitrary code via local access."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Escalation of privilege"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "secure@intel.com",
+ "DATE_PUBLIC": "2019-03-12T00:00:00",
+ "ID": "CVE-2018-12203",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Intel Platform Sample / Silicon Reference firmware",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Multiple versions."
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "Intel Corporation"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html",
- "refsource" : "CONFIRM",
- "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Denial of service vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel Core Processor, 7th Generation Intel Core Processor may allow privileged user to potentially execute arbitrary code via local access."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Escalation of privilege"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html",
+ "refsource": "CONFIRM",
+ "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/12xxx/CVE-2018-12498.json b/2018/12xxx/CVE-2018-12498.json
index 86ce5f883b3..80fe7898e68 100644
--- a/2018/12xxx/CVE-2018-12498.json
+++ b/2018/12xxx/CVE-2018-12498.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-12498",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-12498",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://github.com/idreamsoft/iCMS/issues/26",
- "refsource" : "MISC",
- "url" : "https://github.com/idreamsoft/iCMS/issues/26"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://github.com/idreamsoft/iCMS/issues/26",
+ "refsource": "MISC",
+ "url": "https://github.com/idreamsoft/iCMS/issues/26"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/12xxx/CVE-2018-12815.json b/2018/12xxx/CVE-2018-12815.json
index 20816c66ab1..e86a4aaf988 100644
--- a/2018/12xxx/CVE-2018-12815.json
+++ b/2018/12xxx/CVE-2018-12815.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "psirt@adobe.com",
- "ID" : "CVE-2018-12815",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions",
- "version" : {
- "version_data" : [
- {
- "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Use-after-free"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "psirt@adobe.com",
+ "ID": "CVE-2018-12815",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html",
- "refsource" : "CONFIRM",
- "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
- },
- {
- "name" : "105536",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/105536"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Use-after-free"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html",
+ "refsource": "CONFIRM",
+ "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
+ },
+ {
+ "name": "105536",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/105536"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/13xxx/CVE-2018-13148.json b/2018/13xxx/CVE-2018-13148.json
index 6262329f069..097b381fadb 100644
--- a/2018/13xxx/CVE-2018-13148.json
+++ b/2018/13xxx/CVE-2018-13148.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-13148",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-13148",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/13xxx/CVE-2018-13459.json b/2018/13xxx/CVE-2018-13459.json
index b91608589f4..20883b0cef5 100644
--- a/2018/13xxx/CVE-2018-13459.json
+++ b/2018/13xxx/CVE-2018-13459.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-13459",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-13459",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/13xxx/CVE-2018-13632.json b/2018/13xxx/CVE-2018-13632.json
index 34faa45849d..63a217b5505 100644
--- a/2018/13xxx/CVE-2018-13632.json
+++ b/2018/13xxx/CVE-2018-13632.json
@@ -1,67 +1,67 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-13632",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The mintToken function of a smart contract implementation for NEXPARA, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-13632",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
- "refsource" : "MISC",
- "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
- },
- {
- "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NEXPARA",
- "refsource" : "MISC",
- "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NEXPARA"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The mintToken function of a smart contract implementation for NEXPARA, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
+ "refsource": "MISC",
+ "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
+ },
+ {
+ "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NEXPARA",
+ "refsource": "MISC",
+ "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NEXPARA"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/13xxx/CVE-2018-13820.json b/2018/13xxx/CVE-2018-13820.json
index 9520b22fca1..bd2071eee88 100644
--- a/2018/13xxx/CVE-2018-13820.json
+++ b/2018/13xxx/CVE-2018-13820.json
@@ -1,68 +1,68 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "vuln@ca.com",
- "DATE_PUBLIC" : "2018-08-29T00:00:00",
- "ID" : "CVE-2018-13820",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "Unified Infrastructure Management",
- "version" : {
- "version_data" : [
- {
- "version_value" : "8.5.1, 8.5, 8.4.7"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "CA Technologies"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "Use of Hard-coded Password"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "vuln@ca.com",
+ "DATE_PUBLIC": "2018-08-29T00:00:00",
+ "ID": "CVE-2018-13820",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Unified Infrastructure Management",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "8.5.1, 8.5, 8.4.7"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "CA Technologies"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html",
- "refsource" : "CONFIRM",
- "url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
- },
- {
- "name" : "105199",
- "refsource" : "BID",
- "url" : "http://www.securityfocus.com/bid/105199"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Use of Hard-coded Password"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "105199",
+ "refsource": "BID",
+ "url": "http://www.securityfocus.com/bid/105199"
+ },
+ {
+ "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html",
+ "refsource": "CONFIRM",
+ "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180829-02--security-notice-for-ca-unified-infrastructure-mgt.html"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/17xxx/CVE-2018-17339.json b/2018/17xxx/CVE-2018-17339.json
index ded8a85c3d0..5f51184ac96 100644
--- a/2018/17xxx/CVE-2018-17339.json
+++ b/2018/17xxx/CVE-2018-17339.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-17339",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-17339",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/17xxx/CVE-2018-17561.json b/2018/17xxx/CVE-2018-17561.json
index 79496e98222..f8b95e10893 100644
--- a/2018/17xxx/CVE-2018-17561.json
+++ b/2018/17xxx/CVE-2018-17561.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-17561",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-17561",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/17xxx/CVE-2018-17846.json b/2018/17xxx/CVE-2018-17846.json
index fe8e63db419..31d13ddddc1 100644
--- a/2018/17xxx/CVE-2018-17846.json
+++ b/2018/17xxx/CVE-2018-17846.json
@@ -1,62 +1,62 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-17846",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "The html package (aka x/net/html) through 2018-09-25 in Go mishandles , leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-17846",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "https://github.com/golang/go/issues/27842",
- "refsource" : "MISC",
- "url" : "https://github.com/golang/go/issues/27842"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "The html package (aka x/net/html) through 2018-09-25 in Go mishandles , leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://github.com/golang/go/issues/27842",
+ "refsource": "MISC",
+ "url": "https://github.com/golang/go/issues/27842"
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/17xxx/CVE-2018-17862.json b/2018/17xxx/CVE-2018-17862.json
index 12948331580..d8e0886595a 100644
--- a/2018/17xxx/CVE-2018-17862.json
+++ b/2018/17xxx/CVE-2018-17862.json
@@ -1,18 +1,18 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-17862",
- "STATE" : "RESERVED"
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
- }
- ]
- }
-}
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-17862",
+ "STATE": "RESERVED"
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/2018/17xxx/CVE-2018-17872.json b/2018/17xxx/CVE-2018-17872.json
index 3f59f074424..25e07ea298c 100644
--- a/2018/17xxx/CVE-2018-17872.json
+++ b/2018/17xxx/CVE-2018-17872.json
@@ -1,77 +1,77 @@
{
- "CVE_data_meta" : {
- "ASSIGNER" : "cve@mitre.org",
- "ID" : "CVE-2018-17872",
- "STATE" : "PUBLIC"
- },
- "affects" : {
- "vendor" : {
- "vendor_data" : [
- {
- "product" : {
- "product_data" : [
- {
- "product_name" : "n/a",
- "version" : {
- "version_data" : [
- {
- "version_value" : "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name" : "n/a"
- }
- ]
- }
- },
- "data_format" : "MITRE",
- "data_type" : "CVE",
- "data_version" : "4.0",
- "description" : {
- "description_data" : [
- {
- "lang" : "eng",
- "value" : "Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Insecure Permissions."
- }
- ]
- },
- "problemtype" : {
- "problemtype_data" : [
- {
- "description" : [
- {
- "lang" : "eng",
- "value" : "n/a"
- }
+ "CVE_data_meta": {
+ "ASSIGNER": "cve@mitre.org",
+ "ID": "CVE-2018-17872",
+ "STATE": "PUBLIC"
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "product": {
+ "product_data": [
+ {
+ "product_name": "n/a",
+ "version": {
+ "version_data": [
+ {
+ "version_value": "n/a"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "vendor_name": "n/a"
+ }
]
- }
- ]
- },
- "references" : {
- "reference_data" : [
- {
- "name" : "20181002 [SYSS-2018-024] Privilege Escalation in Verint Verba Collaboration Compliance and Quality Management Platform (CVE-2018-17872)",
- "refsource" : "BUGTRAQ",
- "url" : "https://seclists.org/bugtraq/2018/Oct/13"
- },
- {
- "name" : "http://packetstormsecurity.com/files/149652/Collaboration-Compliance-And-Quality-Management-Platform-9.1.1.5482-Improper-Access-Control.html",
- "refsource" : "MISC",
- "url" : "http://packetstormsecurity.com/files/149652/Collaboration-Compliance-And-Quality-Management-Platform-9.1.1.5482-Improper-Access-Control.html"
- },
- {
- "name" : "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-024.txt",
- "refsource" : "MISC",
- "url" : "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-024.txt"
- },
- {
- "name" : "https://releases.verba.com/?v=9.2",
- "refsource" : "CONFIRM",
- "url" : "https://releases.verba.com/?v=9.2"
- }
- ]
- }
-}
+ }
+ },
+ "data_format": "MITRE",
+ "data_type": "CVE",
+ "data_version": "4.0",
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "Verba Collaboration Compliance and Quality Management Platform before 9.2.1.5545 has Insecure Permissions."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "references": {
+ "reference_data": [
+ {
+ "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-024.txt",
+ "refsource": "MISC",
+ "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-024.txt"
+ },
+ {
+ "name": "20181002 [SYSS-2018-024] Privilege Escalation in Verint Verba Collaboration Compliance and Quality Management Platform (CVE-2018-17872)",
+ "refsource": "BUGTRAQ",
+ "url": "https://seclists.org/bugtraq/2018/Oct/13"
+ },
+ {
+ "name": "https://releases.verba.com/?v=9.2",
+ "refsource": "CONFIRM",
+ "url": "https://releases.verba.com/?v=9.2"
+ },
+ {
+ "name": "http://packetstormsecurity.com/files/149652/Collaboration-Compliance-And-Quality-Management-Platform-9.1.1.5482-Improper-Access-Control.html",
+ "refsource": "MISC",
+ "url": "http://packetstormsecurity.com/files/149652/Collaboration-Compliance-And-Quality-Management-Platform-9.1.1.5482-Improper-Access-Control.html"
+ }
+ ]
+ }
+}
\ No newline at end of file