diff --git a/2004/0xxx/CVE-2004-0060.json b/2004/0xxx/CVE-2004-0060.json index 374f9911be2..4355aa634ed 100644 --- a/2004/0xxx/CVE-2004-0060.json +++ b/2004/0xxx/CVE-2004-0060.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WWW File Share Pro 2.42 and earlier allows remote attackers to cause a denial of service (crash) via a large POST request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040114 Multiple vulnerabilities in WWW Fileshare Pro <= 2.42", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107411794303201&w=2" - }, - { - "name" : "1008779", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1008779" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WWW File Share Pro 2.42 and earlier allows remote attackers to cause a denial of service (crash) via a large POST request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040114 Multiple vulnerabilities in WWW Fileshare Pro <= 2.42", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107411794303201&w=2" + }, + { + "name": "1008779", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1008779" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0263.json b/2004/0xxx/CVE-2004-0263.json index b3ea2ce9a7b..54e533c26ce 100644 --- a/2004/0xxx/CVE-2004-0263.json +++ b/2004/0xxx/CVE-2004-0263.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0263", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0263", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200402-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200402-01.xml" - }, - { - "name" : "9599", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9599" - }, - { - "name" : "php-virtualhost-info-disclosure(15072)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15072" - }, - { - "name" : "3878", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3878", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3878" + }, + { + "name": "9599", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9599" + }, + { + "name": "php-virtualhost-info-disclosure(15072)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15072" + }, + { + "name": "GLSA-200402-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200402-01.xml" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0271.json b/2004/0xxx/CVE-2004-0271.json index 525505b853e..cd20b1b35ab 100644 --- a/2004/0xxx/CVE-2004-0271.json +++ b/2004/0xxx/CVE-2004-0271.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040210 XSS, Sql Injection and Avatar ScriptCode Injection in MaxWebPortal", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107643014606515&w=2" - }, - { - "name" : "9625", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9625" - }, - { - "name" : "maxwebportal-multiple-xss(15120)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15120" - }, - { - "name" : "maxwebportal-register-xss(15122)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040210 XSS, Sql Injection and Avatar ScriptCode Injection in MaxWebPortal", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107643014606515&w=2" + }, + { + "name": "9625", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9625" + }, + { + "name": "maxwebportal-register-xss(15122)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15122" + }, + { + "name": "maxwebportal-multiple-xss(15120)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15120" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0458.json b/2004/0xxx/CVE-2004-0458.json index 134d6547bd2..8991260ff75 100644 --- a/2004/0xxx/CVE-2004-0458.json +++ b/2004/0xxx/CVE-2004-0458.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-503", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-503" - }, - { - "name" : "10343", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10343" - }, - { - "name" : "mah-jong-null-dos(16143)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16143" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10343", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10343" + }, + { + "name": "mah-jong-null-dos(16143)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16143" + }, + { + "name": "DSA-503", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-503" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0707.json b/2004/0xxx/CVE-2004-0707.json index 3261c9fe843..4ad08c417d9 100644 --- a/2004/0xxx/CVE-2004-0707.json +++ b/2004/0xxx/CVE-2004-0707.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040710 [BUGZILLA] Multiple vulnerabilities in Bugzilla 2.16.5 and 2.17.7", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108965446813639&w=2" - }, - { - "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=244272", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=244272" - }, - { - "name" : "bugzilla-editusers-sql-injection(16668)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16668" - }, - { - "name" : "10698", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10698" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=244272", + "refsource": "CONFIRM", + "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=244272" + }, + { + "name": "10698", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10698" + }, + { + "name": "20040710 [BUGZILLA] Multiple vulnerabilities in Bugzilla 2.16.5 and 2.17.7", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108965446813639&w=2" + }, + { + "name": "bugzilla-editusers-sql-injection(16668)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16668" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0895.json b/2004/0xxx/CVE-2004-0895.json index 4efa252faad..663b0e2d8c3 100644 --- a/2004/0xxx/CVE-2004-0895.json +++ b/2004/0xxx/CVE-2004-0895.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0895", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0895", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1084.json b/2004/1xxx/CVE-2004-1084.json index 48320c295e9..35aedecde67 100644 --- a/2004/1xxx/CVE-2004-1084.json +++ b/2004/1xxx/CVE-2004-1084.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1084", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1084", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2004-12-02", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html" - }, - { - "name" : "APPLE-SA-2005-08-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2005-08-17", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" - }, - { - "name" : "P-049", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/p-049.shtml" - }, - { - "name" : "11802", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11802" - }, - { - "name" : "13362", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13362/" - }, - { - "name" : "apache-hfs-obtain-info(18349)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11802", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11802" + }, + { + "name": "13362", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13362/" + }, + { + "name": "apache-hfs-obtain-info(18349)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18349" + }, + { + "name": "APPLE-SA-2005-08-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" + }, + { + "name": "APPLE-SA-2004-12-02", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html" + }, + { + "name": "APPLE-SA-2005-08-17", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" + }, + { + "name": "P-049", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/p-049.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1153.json b/2004/1xxx/CVE-2004-1153.json index 3c5f4c2e2dc..52652bcdb84 100644 --- a/2004/1xxx/CVE-2004-1153.json +++ b/2004/1xxx/CVE-2004-1153.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an .ETD document containing format string specifiers in (1) title or (2) baseurl fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041214 Adobe Reader 6.0 .ETD File Format String Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=163&type=vulnerabilities" - }, - { - "name" : "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679" - }, - { - "name" : "oval:org.mitre.oval:def:2919", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2919" - }, - { - "name" : "adobe-acrobat-etd-format-string(18478)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an .ETD document containing format string specifiers in (1) title or (2) baseurl fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041214 Adobe Reader 6.0 .ETD File Format String Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=163&type=vulnerabilities" + }, + { + "name": "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2679" + }, + { + "name": "oval:org.mitre.oval:def:2919", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2919" + }, + { + "name": "adobe-acrobat-etd-format-string(18478)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18478" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1269.json b/2004/1xxx/CVE-2004-1269.json index 36aa49b7aa5..095cad4a0c5 100644 --- a/2004/1xxx/CVE-2004-1269.json +++ b/2004/1xxx/CVE-2004-1269.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tigger.uic.edu/~jlongs2/holes/cups2.txt", - "refsource" : "MISC", - "url" : "http://tigger.uic.edu/~jlongs2/holes/cups2.txt" - }, - { - "name" : "MDKSA-2005:008", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:008" - }, - { - "name" : "GLSA-200412-25", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml" - }, - { - "name" : "RHSA-2005:013", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-013.html" - }, - { - "name" : "RHSA-2005:053", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-053.html" - }, - { - "name" : "USN-50-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/50-1/" - }, - { - "name" : "oval:org.mitre.oval:def:9545", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9545" - }, - { - "name" : "cups-lppasswd-dos(18608)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:013", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-013.html" + }, + { + "name": "cups-lppasswd-dos(18608)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18608" + }, + { + "name": "oval:org.mitre.oval:def:9545", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9545" + }, + { + "name": "MDKSA-2005:008", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:008" + }, + { + "name": "RHSA-2005:053", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-053.html" + }, + { + "name": "USN-50-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/50-1/" + }, + { + "name": "GLSA-200412-25", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml" + }, + { + "name": "http://tigger.uic.edu/~jlongs2/holes/cups2.txt", + "refsource": "MISC", + "url": "http://tigger.uic.edu/~jlongs2/holes/cups2.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1672.json b/2004/1xxx/CVE-2004-1672.json index 32cf44f8fc9..9075fb0cda1 100644 --- a/2004/1xxx/CVE-2004-1672.json +++ b/2004/1xxx/CVE-2004-1672.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to view other users' attachments by specifying the username and message ID in an HTTP request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040910 Multiple vulnerabilities in Icewarp Web Mail 5.2.7", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109483971420067&w=2" - }, - { - "name" : "11371", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11371" - }, - { - "name" : "12789", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12789" - }, - { - "name" : "merak-icewarp-view-attachment(17316)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to view other users' attachments by specifying the username and message ID in an HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "merak-icewarp-view-attachment(17316)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17316" + }, + { + "name": "20040910 Multiple vulnerabilities in Icewarp Web Mail 5.2.7", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109483971420067&w=2" + }, + { + "name": "12789", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12789" + }, + { + "name": "11371", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11371" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1733.json b/2004/1xxx/CVE-2004-1733.json index 2d6aabe3042..b97c11339cf 100644 --- a/2004/1xxx/CVE-2004-1733.json +++ b/2004/1xxx/CVE-2004-1733.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in MyDMS 1.4.2 and other versions allows remote registered users to read arbitrary files via .. (dot dot) sequences in the URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040820 Multiple vulnerabilities in MyDMS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109314495007280&w=2" - }, - { - "name" : "10996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10996" - }, - { - "name" : "12340", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12340" - }, - { - "name" : "mydms-dotdot-file-download(17058)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17058" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in MyDMS 1.4.2 and other versions allows remote registered users to read arbitrary files via .. (dot dot) sequences in the URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10996" + }, + { + "name": "12340", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12340" + }, + { + "name": "20040820 Multiple vulnerabilities in MyDMS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109314495007280&w=2" + }, + { + "name": "mydms-dotdot-file-download(17058)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17058" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2223.json b/2004/2xxx/CVE-2004-2223.json index 0c0f9be90a2..8e7b611e463 100644 --- a/2004/2xxx/CVE-2004-2223.json +++ b/2004/2xxx/CVE-2004-2223.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FsPHPGallery before 1.2 allows remote attackers to cause a denial of service via an image with a large size attribute, which causes a crash when the server attempts to resize the image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "11594", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11594" - }, - { - "name" : "11389", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11389" - }, - { - "name" : "1012063", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012063" - }, - { - "name" : "13074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13074" - }, - { - "name" : "fsphpgallery-size-dos(17947)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17947" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FsPHPGallery before 1.2 allows remote attackers to cause a denial of service via an image with a large size attribute, which causes a crash when the server attempts to resize the image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11594", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11594" + }, + { + "name": "1012063", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012063" + }, + { + "name": "13074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13074" + }, + { + "name": "11389", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11389" + }, + { + "name": "fsphpgallery-size-dos(17947)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17947" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2156.json b/2008/2xxx/CVE-2008-2156.json index fc036fee11f..591f5a04a46 100644 --- a/2008/2xxx/CVE-2008-2156.json +++ b/2008/2xxx/CVE-2008-2156.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2156", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2156", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2442.json b/2008/2xxx/CVE-2008-2442.json index dcca169c04a..ee6e4237888 100644 --- a/2008/2xxx/CVE-2008-2442.json +++ b/2008/2xxx/CVE-2008-2442.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2442", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2442", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3115.json b/2008/3xxx/CVE-2008-3115.json index e184eb062f4..0989741449b 100644 --- a/2008/3xxx/CVE-2008-3115.json +++ b/2008/3xxx/CVE-2008-3115.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=122331139823057&w=2" - }, - { - "name" : "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497041/100/0/threaded" - }, - { - "name" : "http://support.apple.com/kb/HT3178", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3178" - }, - { - "name" : "http://support.apple.com/kb/HT3179", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3179" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" - }, - { - "name" : "APPLE-SA-2008-09-24", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" - }, - { - "name" : "GLSA-200911-02", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" - }, - { - "name" : "238966", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238966-1" - }, - { - "name" : "SUSE-SA:2008:042", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" - }, - { - "name" : "TA08-193A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" - }, - { - "name" : "30142", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30142" - }, - { - "name" : "37386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37386" - }, - { - "name" : "ADV-2008-2056", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2056/references" - }, - { - "name" : "ADV-2008-2740", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2740" - }, - { - "name" : "1020460", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020460" - }, - { - "name" : "31010", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31010" - }, - { - "name" : "31600", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31600" - }, - { - "name" : "32018", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32018" - }, - { - "name" : "32180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32180" - }, - { - "name" : "32179", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32179" - }, - { - "name" : "sun-securestatic-weak-security(43665)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43665" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2008-09-24", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html" + }, + { + "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=122331139823057&w=2" + }, + { + "name": "30142", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30142" + }, + { + "name": "31600", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31600" + }, + { + "name": "SUSE-SA:2008:042", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html" + }, + { + "name": "32018", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32018" + }, + { + "name": "GLSA-200911-02", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml" + }, + { + "name": "32179", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32179" + }, + { + "name": "ADV-2008-2740", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2740" + }, + { + "name": "ADV-2008-2056", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2056/references" + }, + { + "name": "1020460", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020460" + }, + { + "name": "32180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32180" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" + }, + { + "name": "sun-securestatic-weak-security(43665)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43665" + }, + { + "name": "http://support.apple.com/kb/HT3178", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3178" + }, + { + "name": "238966", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238966-1" + }, + { + "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded" + }, + { + "name": "TA08-193A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html" + }, + { + "name": "37386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37386" + }, + { + "name": "http://support.apple.com/kb/HT3179", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3179" + }, + { + "name": "31010", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31010" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3122.json b/2008/3xxx/CVE-2008-3122.json index 9a474182859..a47b8ee0375 100644 --- a/2008/3xxx/CVE-2008-3122.json +++ b/2008/3xxx/CVE-2008-3122.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3122", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Xerox CentreWare Web (CWW) before 4.6.46 allow remote authenticated users to execute arbitrary SQL commands via the unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3122", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX08_008.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX08_008.pdf" - }, - { - "name" : "30151", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30151" - }, - { - "name" : "30978", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30978" - }, - { - "name" : "xerox-centreware-unspecified-sql-injection(43672)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Xerox CentreWare Web (CWW) before 4.6.46 allow remote authenticated users to execute arbitrary SQL commands via the unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX08_008.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX08_008.pdf" + }, + { + "name": "30151", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30151" + }, + { + "name": "30978", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30978" + }, + { + "name": "xerox-centreware-unspecified-sql-injection(43672)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43672" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3213.json b/2008/3xxx/CVE-2008-3213.json index c170cd4d7bf..0cefdc03389 100644 --- a/2008/3xxx/CVE-2008-3213.json +++ b/2008/3xxx/CVE-2008-3213.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3213", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in secciones/tablon/tablon.php in WebCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter to portal/index.php in a tablon action. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6056", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6056" - }, - { - "name" : "30204", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30204" - }, - { - "name" : "31047", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31047" - }, - { - "name" : "4009", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4009" - }, - { - "name" : "webcms-index-sql-injection(43739)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in secciones/tablon/tablon.php in WebCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter to portal/index.php in a tablon action. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30204", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30204" + }, + { + "name": "4009", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4009" + }, + { + "name": "6056", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6056" + }, + { + "name": "webcms-index-sql-injection(43739)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43739" + }, + { + "name": "31047", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31047" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3336.json b/2008/3xxx/CVE-2008-3336.json index 876e13e0576..7fcfaa07e82 100644 --- a/2008/3xxx/CVE-2008-3336.json +++ b/2008/3xxx/CVE-2008-3336.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://punbb.informer.com/", - "refsource" : "CONFIRM", - "url" : "http://punbb.informer.com/" - }, - { - "name" : "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt", - "refsource" : "CONFIRM", - "url" : "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt" - }, - { - "name" : "http://punbb.informer.com/forums/topic/19539/punbb-1219/", - "refsource" : "CONFIRM", - "url" : "http://punbb.informer.com/forums/topic/19539/punbb-1219/" - }, - { - "name" : "30396", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30396" - }, - { - "name" : "31219", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31219" - }, - { - "name" : "punbb-parser-moderate-xss(44009)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44009" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt", + "refsource": "CONFIRM", + "url": "http://punbb.informer.com/download/changelogs/1.2.17_to_1.2.19.txt" + }, + { + "name": "30396", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30396" + }, + { + "name": "http://punbb.informer.com/", + "refsource": "CONFIRM", + "url": "http://punbb.informer.com/" + }, + { + "name": "http://punbb.informer.com/forums/topic/19539/punbb-1219/", + "refsource": "CONFIRM", + "url": "http://punbb.informer.com/forums/topic/19539/punbb-1219/" + }, + { + "name": "31219", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31219" + }, + { + "name": "punbb-parser-moderate-xss(44009)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44009" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3917.json b/2008/3xxx/CVE-2008-3917.json index d04dc3f5c92..9e728233105 100644 --- a/2008/3xxx/CVE-2008-3917.json +++ b/2008/3xxx/CVE-2008-3917.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter in a search action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080818 Ovidentia 6.6.5 XSS (index.php)‏", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495562/100/0/threaded" - }, - { - "name" : "30735", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30735" - }, - { - "name" : "31425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31425" - }, - { - "name" : "4219", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4219" - }, - { - "name" : "ovidentia-index-xss(45064)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter in a search action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4219", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4219" + }, + { + "name": "ovidentia-index-xss(45064)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45064" + }, + { + "name": "31425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31425" + }, + { + "name": "30735", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30735" + }, + { + "name": "20080818 Ovidentia 6.6.5 XSS (index.php)‏", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495562/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3978.json b/2008/3xxx/CVE-2008-3978.json index 5cf374af4d7..ae0e3a2ae36 100644 --- a/2008/3xxx/CVE-2008-3978.json +++ b/2008/3xxx/CVE-2008-3978.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3978", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2008-3978", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" - }, - { - "name" : "33177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33177" - }, - { - "name" : "ADV-2009-0115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0115" - }, - { - "name" : "51353", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51353" - }, - { - "name" : "1021561", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021561" - }, - { - "name" : "33525", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33525", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33525" + }, + { + "name": "1021561", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021561" + }, + { + "name": "ADV-2009-0115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0115" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" + }, + { + "name": "51353", + "refsource": "OSVDB", + "url": "http://osvdb.org/51353" + }, + { + "name": "33177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33177" + } + ] + } +} \ No newline at end of file diff --git a/2008/4xxx/CVE-2008-4998.json b/2008/4xxx/CVE-2008-4998.json index b26bb02e231..2585d99d36a 100644 --- a/2008/4xxx/CVE-2008-4998.json +++ b/2008/4xxx/CVE-2008-4998.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-4998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating \"this bug is invalid.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-4998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494648", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494648" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770", - "refsource" : "MISC", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770" - }, - { - "name" : "https://bugs.gentoo.org/show_bug.cgi?id=235802", - "refsource" : "MISC", - "url" : "https://bugs.gentoo.org/show_bug.cgi?id=235802" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** postinst in twiki 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/twiki temporary file. NOTE: the vendor disputes this vulnerability, stating \"this bug is invalid.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494648", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494648" + }, + { + "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=235770", + "refsource": "MISC", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770" + }, + { + "name": "https://bugs.gentoo.org/show_bug.cgi?id=235802", + "refsource": "MISC", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=235802" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6277.json b/2008/6xxx/CVE-2008-6277.json index 26c51a7a2de..30c54db851a 100644 --- a/2008/6xxx/CVE-2008-6277.json +++ b/2008/6xxx/CVE-2008-6277.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to execute arbitrary SQL commands via the subcategory_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7250", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7250" - }, - { - "name" : "http://packetstormsecurity.com/0811-exploits/rakhi-sqlxssfpd.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/0811-exploits/rakhi-sqlxssfpd.txt" - }, - { - "name" : "50313", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/50313" - }, - { - "name" : "32897", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32897" - }, - { - "name" : "pricecomparison-product-sql-injection(46920)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46920" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to execute arbitrary SQL commands via the subcategory_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7250", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7250" + }, + { + "name": "pricecomparison-product-sql-injection(46920)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46920" + }, + { + "name": "50313", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/50313" + }, + { + "name": "http://packetstormsecurity.com/0811-exploits/rakhi-sqlxssfpd.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/0811-exploits/rakhi-sqlxssfpd.txt" + }, + { + "name": "32897", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32897" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6536.json b/2008/6xxx/CVE-2008-6536.json index 2d9fb5eb0fa..22fe8d55cfa 100644 --- a/2008/6xxx/CVE-2008-6536.json +++ b/2008/6xxx/CVE-2008-6536.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html", - "refsource" : "MISC", - "url" : "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html" - }, - { - "name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/", - "refsource" : "MISC", - "url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/" - }, - { - "name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" - }, - { - "name" : "28285", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28285" - }, - { - "name" : "43649", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/43649" - }, - { - "name" : "29434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29434" - }, - { - "name" : "ADV-2008-0914", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0914/references" - }, - { - "name" : "7zip-archives-code-execution(41247)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41247" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0914", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0914/references" + }, + { + "name": "29434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29434" + }, + { + "name": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html", + "refsource": "MISC", + "url": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html" + }, + { + "name": "7zip-archives-code-execution(41247)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41247" + }, + { + "name": "43649", + "refsource": "OSVDB", + "url": "http://osvdb.org/43649" + }, + { + "name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/", + "refsource": "MISC", + "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/" + }, + { + "name": "28285", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28285" + }, + { + "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6695.json b/2008/6xxx/CVE-2008-6695.json index 43672d88ca0..5ca032d85c8 100644 --- a/2008/6xxx/CVE-2008-6695.json +++ b/2008/6xxx/CVE-2008-6695.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in TIMTAB social bookmark icons (timtab_sociable) 2.0.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/" - }, - { - "name" : "http://typo3.org/extensions/repository/view/timtab_sociable/2.0.5/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/timtab_sociable/2.0.5/" - }, - { - "name" : "29823", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29823" - }, - { - "name" : "46392", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46392" - }, - { - "name" : "30737", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30737" - }, - { - "name" : "timtabsociable-unspecified-sql-injection(43210)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in TIMTAB social bookmark icons (timtab_sociable) 2.0.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "timtabsociable-unspecified-sql-injection(43210)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43210" + }, + { + "name": "30737", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30737" + }, + { + "name": "29823", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29823" + }, + { + "name": "http://typo3.org/extensions/repository/view/timtab_sociable/2.0.5/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/timtab_sociable/2.0.5/" + }, + { + "name": "46392", + "refsource": "OSVDB", + "url": "http://osvdb.org/46392" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6876.json b/2008/6xxx/CVE-2008-6876.json index 04fa8c85287..2f66aa1efd4 100644 --- a/2008/6xxx/CVE-2008-6876.json +++ b/2008/6xxx/CVE-2008-6876.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in login.php in EsPartenaires 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the EsContacts 1.0 issue is covered in CVE-2008-2037." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstorm.linuxsecurity.com/0903-exploits/editeurscripts-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstorm.linuxsecurity.com/0903-exploits/editeurscripts-xss.txt" - }, - { - "name" : "34112", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34112" - }, - { - "name" : "34284", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34284" - }, - { - "name" : "editeurscripts-login-xss(49237)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49237" - }, - { - "name" : "espartenaires-login-xss(52437)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52437" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in login.php in EsPartenaires 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the EsContacts 1.0 issue is covered in CVE-2008-2037." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "espartenaires-login-xss(52437)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52437" + }, + { + "name": "34284", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34284" + }, + { + "name": "34112", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34112" + }, + { + "name": "http://packetstorm.linuxsecurity.com/0903-exploits/editeurscripts-xss.txt", + "refsource": "MISC", + "url": "http://packetstorm.linuxsecurity.com/0903-exploits/editeurscripts-xss.txt" + }, + { + "name": "editeurscripts-login-xss(49237)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49237" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7294.json b/2008/7xxx/CVE-2008-7294.json index 2c2f03b46c8..cf55aa40b5a 100644 --- a/2008/7xxx/CVE-2008-7294.json +++ b/2008/7xxx/CVE-2008-7294.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a \"cookie forcing\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[public-webapps] 20090918 fyi: Strict Transport Security specification", - "refsource" : "MLIST", - "url" : "http://lists.w3.org/Archives/Public/public-webapps/2009JulSep/1148.html" - }, - { - "name" : "http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies", - "refsource" : "MISC", - "url" : "http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies" - }, - { - "name" : "http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html", - "refsource" : "MISC", - "url" : "http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html" - }, - { - "name" : "http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html", - "refsource" : "MISC", - "url" : "http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html" - }, - { - "name" : "http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html", - "refsource" : "MISC", - "url" : "http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=660053", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=660053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a \"cookie forcing\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html", + "refsource": "MISC", + "url": "http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html" + }, + { + "name": "http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies", + "refsource": "MISC", + "url": "http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies" + }, + { + "name": "http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html", + "refsource": "MISC", + "url": "http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=660053", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=660053" + }, + { + "name": "[public-webapps] 20090918 fyi: Strict Transport Security specification", + "refsource": "MLIST", + "url": "http://lists.w3.org/Archives/Public/public-webapps/2009JulSep/1148.html" + }, + { + "name": "http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html", + "refsource": "MISC", + "url": "http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7311.json b/2008/7xxx/CVE-2008-7311.json index 74134085c85..1f9cac9cd52 100644 --- a/2008/7xxx/CVE-2008-7311.json +++ b/2008/7xxx/CVE-2008-7311.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://spreecommerce.com/blog/2008/08/12/security-vulernability-session-cookie-store/", - "refsource" : "CONFIRM", - "url" : "http://spreecommerce.com/blog/2008/08/12/security-vulernability-session-cookie-store/" - }, - { - "name" : "http://support.spreehq.org/issues/show/63", - "refsource" : "CONFIRM", - "url" : "http://support.spreehq.org/issues/show/63" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The session cookie store implementation in Spree 0.2.0 uses a hardcoded config.action_controller_session hash value (aka secret key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging an application that contains this value within the config/environment.rb file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.spreehq.org/issues/show/63", + "refsource": "CONFIRM", + "url": "http://support.spreehq.org/issues/show/63" + }, + { + "name": "http://spreecommerce.com/blog/2008/08/12/security-vulernability-session-cookie-store/", + "refsource": "CONFIRM", + "url": "http://spreecommerce.com/blog/2008/08/12/security-vulernability-session-cookie-store/" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2162.json b/2013/2xxx/CVE-2013-2162.json index 4a191fef19f..9f18943b0f7 100644 --- a/2013/2xxx/CVE-2013-2162.json +++ b/2013/2xxx/CVE-2013-2162.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2162", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2162", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130608 Re: CVE request: Debian's package \"mysql-server\" leaks credential information", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2013/q2/528" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711600", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711600" - }, - { - "name" : "DSA-2818", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2818" - }, - { - "name" : "USN-1909-1", - "refsource" : "UBUNTU", - "url" : "http://ubuntu.com/usn/usn-1909-1" - }, - { - "name" : "60424", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60424" - }, - { - "name" : "54300", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54300", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54300" + }, + { + "name": "DSA-2818", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2818" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711600", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711600" + }, + { + "name": "[oss-security] 20130608 Re: CVE request: Debian's package \"mysql-server\" leaks credential information", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2013/q2/528" + }, + { + "name": "60424", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60424" + }, + { + "name": "USN-1909-1", + "refsource": "UBUNTU", + "url": "http://ubuntu.com/usn/usn-1909-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2855.json b/2013/2xxx/CVE-2013-2855.json index 593d69461ef..edd4f30e926 100644 --- a/2013/2xxx/CVE-2013-2855.json +++ b/2013/2xxx/CVE-2013-2855.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Developer Tools API in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2013-2855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=242322", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=242322" - }, - { - "name" : "DSA-2706", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2706" - }, - { - "name" : "oval:org.mitre.oval:def:16793", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Developer Tools API in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:16793", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16793" + }, + { + "name": "DSA-2706", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2706" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=242322", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=242322" + }, + { + "name": "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2013/06/stable-channel-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11053.json b/2017/11xxx/CVE-2017-11053.json index 7bf9c411dfd..d7f4edc6c24 100644 --- a/2017/11xxx/CVE-2017-11053.json +++ b/2017/11xxx/CVE-2017-11053.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2017-10-02T00:00:00", - "ID" : "CVE-2017-11053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when qos map set IE of length less than 16 is received in association response or in qos map configure action frame, a buffer overflow can potentially occur in ConvertQosMapsetFrame()." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2017-10-02T00:00:00", + "ID": "CVE-2017-11053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-10-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-10-01" - }, - { - "name" : "101117", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101117" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when qos map set IE of length less than 16 is received in association response or in qos map configure action frame, a buffer overflow can potentially occur in ConvertQosMapsetFrame()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-10-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-10-01" + }, + { + "name": "101117", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101117" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11773.json b/2017/11xxx/CVE-2017-11773.json index 3d5c6993e3b..e440e16886d 100644 --- a/2017/11xxx/CVE-2017-11773.json +++ b/2017/11xxx/CVE-2017-11773.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11773", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11773", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14552.json b/2017/14xxx/CVE-2017-14552.json index fcf1f2be393..0ec782c98fa 100644 --- a/2017/14xxx/CVE-2017-14552.json +++ b/2017/14xxx/CVE-2017-14552.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14552", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a \"User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d9a9.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14552", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14552", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14552" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a \"User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d9a9.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14552", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14552" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14604.json b/2017/14xxx/CVE-2017-14604.json index 1d2601e98bc..2e5cd8db399 100644 --- a/2017/14xxx/CVE-2017-14604.json +++ b/2017/14xxx/CVE-2017-14604.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious \"sh -c\" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860268", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860268" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=777991", - "refsource" : "MISC", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=777991" - }, - { - "name" : "https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a8d3bb0", - "refsource" : "MISC", - "url" : "https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a8d3bb0" - }, - { - "name" : "https://github.com/GNOME/nautilus/commit/bc919205bf774f6af3fa7154506c46039af5a69b", - "refsource" : "MISC", - "url" : "https://github.com/GNOME/nautilus/commit/bc919205bf774f6af3fa7154506c46039af5a69b" - }, - { - "name" : "https://github.com/freedomofpress/securedrop/issues/2238", - "refsource" : "MISC", - "url" : "https://github.com/freedomofpress/securedrop/issues/2238" - }, - { - "name" : "https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/", - "refsource" : "MISC", - "url" : "https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/" - }, - { - "name" : "DSA-3994", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3994" - }, - { - "name" : "RHSA-2018:0223", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0223" - }, - { - "name" : "101012", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious \"sh -c\" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/freedomofpress/securedrop/issues/2238", + "refsource": "MISC", + "url": "https://github.com/freedomofpress/securedrop/issues/2238" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860268", + "refsource": "MISC", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860268" + }, + { + "name": "https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a8d3bb0", + "refsource": "MISC", + "url": "https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a8d3bb0" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=777991", + "refsource": "MISC", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=777991" + }, + { + "name": "101012", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101012" + }, + { + "name": "DSA-3994", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3994" + }, + { + "name": "https://github.com/GNOME/nautilus/commit/bc919205bf774f6af3fa7154506c46039af5a69b", + "refsource": "MISC", + "url": "https://github.com/GNOME/nautilus/commit/bc919205bf774f6af3fa7154506c46039af5a69b" + }, + { + "name": "https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/", + "refsource": "MISC", + "url": "https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/" + }, + { + "name": "RHSA-2018:0223", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0223" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15161.json b/2017/15xxx/CVE-2017-15161.json index f6a96c859fd..3e072d8948e 100644 --- a/2017/15xxx/CVE-2017-15161.json +++ b/2017/15xxx/CVE-2017-15161.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15161", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15161", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15382.json b/2017/15xxx/CVE-2017-15382.json index a3f1f6e9135..d1e62de2f75 100644 --- a/2017/15xxx/CVE-2017-15382.json +++ b/2017/15xxx/CVE-2017-15382.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15382", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15382", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15476.json b/2017/15xxx/CVE-2017-15476.json index 26252f194c6..780376898cc 100644 --- a/2017/15xxx/CVE-2017-15476.json +++ b/2017/15xxx/CVE-2017-15476.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15476", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15476", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15482.json b/2017/15xxx/CVE-2017-15482.json index 0e8f16b69be..57f4d511944 100644 --- a/2017/15xxx/CVE-2017-15482.json +++ b/2017/15xxx/CVE-2017-15482.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15482", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15482", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15892.json b/2017/15xxx/CVE-2017-15892.json index 5183c241558..7d7917d40b6 100644 --- a/2017/15xxx/CVE-2017-15892.json +++ b/2017/15xxx/CVE-2017-15892.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@synology.com", - "DATE_PUBLIC" : "2017-12-18T00:00:00", - "ID" : "CVE-2017-15892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chat", - "version" : { - "version_data" : [ - { - "version_value" : "before 2.0.0-1124" - } - ] - } - } - ] - }, - "vendor_name" : "Synology" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Neutralization of Input During Web Page Generation (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "security@synology.com", + "DATE_PUBLIC": "2017-12-18T00:00:00", + "ID": "CVE-2017-15892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chat", + "version": { + "version_data": [ + { + "version_value": "before 2.0.0-1124" + } + ] + } + } + ] + }, + "vendor_name": "Synology" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.synology.com/en-global/support/security/Synology_SA_17_78", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/en-global/support/security/Synology_SA_17_78" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.synology.com/en-global/support/security/Synology_SA_17_78", + "refsource": "CONFIRM", + "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_78" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8202.json b/2017/8xxx/CVE-2017-8202.json index 6d128718398..428b1b165c3 100644 --- a/2017/8xxx/CVE-2017-8202.json +++ b/2017/8xxx/CVE-2017-8202.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8202", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Prague-AL00A,Prague-AL00B,Prague-AL00C,Prague-TL00A,Prague-TL10A", - "version" : { - "version_data" : [ - { - "version_value" : "Versions earlier than Prague-AL00AC00B205,Versions earlier than Prague-AL00BC00B205,Versions earlier than Prague-AL00CC00B205,Versions earlier than Prague-TL00AC01B205,Versions earlier than Prague-TL10AC01B205" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CameraISP driver of some Huawei smart phones with software of versions earlier than Prague-AL00AC00B205,versions earlier than Prague-AL00BC00B205,versions earlier than Prague-AL00CC00B205,versions earlier than Prague-TL00AC01B205,versions earlier than Prague-TL10AC01B205 has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP, the APP can send a specific parameter to the CameraISP driver of the smart phone, causing system reboot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Prague-AL00A,Prague-AL00B,Prague-AL00C,Prague-TL00A,Prague-TL10A", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than Prague-AL00AC00B205,Versions earlier than Prague-AL00BC00B205,Versions earlier than Prague-AL00CC00B205,Versions earlier than Prague-TL00AC01B205,Versions earlier than Prague-TL10AC01B205" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-smartphone-en" - }, - { - "name" : "101959", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CameraISP driver of some Huawei smart phones with software of versions earlier than Prague-AL00AC00B205,versions earlier than Prague-AL00BC00B205,versions earlier than Prague-AL00CC00B205,versions earlier than Prague-TL00AC01B205,versions earlier than Prague-TL10AC01B205 has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP, the APP can send a specific parameter to the CameraISP driver of the smart phone, causing system reboot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-smartphone-en" + }, + { + "name": "101959", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101959" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8700.json b/2017/8xxx/CVE-2017-8700.json index 70f24ac26c6..dd6b42c6dac 100644 --- a/2017/8xxx/CVE-2017-8700.json +++ b/2017/8xxx/CVE-2017-8700.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-11-14T00:00:00", - "ID" : "CVE-2017-8700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ASP.NET Core", - "version" : { - "version_data" : [ - { - "version_value" : "ASP.NET Core 1.0, 1.1, and 2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka \"ASP.NET Core Information Disclosure Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-11-14T00:00:00", + "ID": "CVE-2017-8700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ASP.NET Core", + "version": { + "version_data": [ + { + "version_value": "ASP.NET Core 1.0, 1.1, and 2.0" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700" - }, - { - "name" : "101712", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101712" - }, - { - "name" : "1039793", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039793" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka \"ASP.NET Core Information Disclosure Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8700" + }, + { + "name": "1039793", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039793" + }, + { + "name": "101712", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101712" + } + ] + } +} \ No newline at end of file diff --git a/2017/9xxx/CVE-2017-9725.json b/2017/9xxx/CVE-2017-9725.json index ef117dafb1e..84c5ae18a4a 100644 --- a/2017/9xxx/CVE-2017-9725.json +++ b/2017/9xxx/CVE-2017-9725.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-9725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-9725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-09-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-09-01" - }, - { - "name" : "RHSA-2018:0676", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0676" - }, - { - "name" : "RHSA-2018:1062", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1062" - }, - { - "name" : "RHSA-2018:1130", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1130" - }, - { - "name" : "RHSA-2018:1170", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1170" - }, - { - "name" : "100658", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-09-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-09-01" + }, + { + "name": "RHSA-2018:1062", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1062" + }, + { + "name": "RHSA-2018:0676", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0676" + }, + { + "name": "RHSA-2018:1170", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1170" + }, + { + "name": "RHSA-2018:1130", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1130" + }, + { + "name": "100658", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100658" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12266.json b/2018/12xxx/CVE-2018-12266.json index e1241dc0ee9..54cacaaa3a9 100644 --- a/2018/12xxx/CVE-2018-12266.json +++ b/2018/12xxx/CVE-2018-12266.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "system\\errors\\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/lzlzh2016/CVE/blob/master/XSS.md", - "refsource" : "MISC", - "url" : "https://github.com/lzlzh2016/CVE/blob/master/XSS.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "system\\errors\\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/lzlzh2016/CVE/blob/master/XSS.md", + "refsource": "MISC", + "url": "https://github.com/lzlzh2016/CVE/blob/master/XSS.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12523.json b/2018/12xxx/CVE-2018-12523.json index cbfb87b9b56..4b887e5b38e 100644 --- a/2018/12xxx/CVE-2018-12523.json +++ b/2018/12xxx/CVE-2018-12523.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /etc/ provides a directory listing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44910", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44910/" - }, - { - "name" : "https://pastebin.com/eA5tGKf0", - "refsource" : "MISC", - "url" : "https://pastebin.com/eA5tGKf0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /etc/ provides a directory listing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pastebin.com/eA5tGKf0", + "refsource": "MISC", + "url": "https://pastebin.com/eA5tGKf0" + }, + { + "name": "44910", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44910/" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13004.json b/2018/13xxx/CVE-2018-13004.json index c61d34e2f13..1e15605248b 100644 --- a/2018/13xxx/CVE-2018-13004.json +++ b/2018/13xxx/CVE-2018-13004.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13004", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13004", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16014.json b/2018/16xxx/CVE-2018-16014.json index cd42b14f4e8..0fe8253ec14 100644 --- a/2018/16xxx/CVE-2018-16014.json +++ b/2018/16xxx/CVE-2018-16014.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-16014", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-16014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" - }, - { - "name" : "106164", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106164" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106164", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106164" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16140.json b/2018/16xxx/CVE-2018-16140.json index cc04d781973..ee655067588 100644 --- a/2018/16xxx/CVE-2018-16140.json +++ b/2018/16xxx/CVE-2018-16140.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16140", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceforge.net/p/mcj/tickets/28/", - "refsource" : "MISC", - "url" : "https://sourceforge.net/p/mcj/tickets/28/" - }, - { - "name" : "USN-3760-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3760-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/mcj/tickets/28/", + "refsource": "MISC", + "url": "https://sourceforge.net/p/mcj/tickets/28/" + }, + { + "name": "USN-3760-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3760-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16481.json b/2018/16xxx/CVE-2018-16481.json index ce3fed066cf..85aaa087e06 100644 --- a/2018/16xxx/CVE-2018-16481.json +++ b/2018/16xxx/CVE-2018-16481.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "support@hackerone.com", - "ID" : "CVE-2018-16481", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "html-pages", - "version" : { - "version_data" : [ - { - "version_value" : "<=2.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "HackerOne" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site Scripting (XSS) - Generic (CWE-79)" - } + "CVE_data_meta": { + "ASSIGNER": "support@hackerone.com", + "ID": "CVE-2018-16481", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "html-pages", + "version": { + "version_data": [ + { + "version_value": "<=2.1.1" + } + ] + } + } + ] + }, + "vendor_name": "HackerOne" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://hackerone.com/reports/330356", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/330356" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Generic (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/330356", + "refsource": "MISC", + "url": "https://hackerone.com/reports/330356" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16630.json b/2018/16xxx/CVE-2018-16630.json index 1668773b726..eb8c6435049 100644 --- a/2018/16xxx/CVE-2018-16630.json +++ b/2018/16xxx/CVE-2018-16630.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kirby v2.5.12 allows XSS by using the \"site files\" Add option to upload an SVG file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/security-breachlock/CVE-2018-16630/blob/master/Kirby_Insecure%20file%20validation.pdf", - "refsource" : "MISC", - "url" : "https://github.com/security-breachlock/CVE-2018-16630/blob/master/Kirby_Insecure%20file%20validation.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kirby v2.5.12 allows XSS by using the \"site files\" Add option to upload an SVG file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/security-breachlock/CVE-2018-16630/blob/master/Kirby_Insecure%20file%20validation.pdf", + "refsource": "MISC", + "url": "https://github.com/security-breachlock/CVE-2018-16630/blob/master/Kirby_Insecure%20file%20validation.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16636.json b/2018/16xxx/CVE-2018-16636.json index a92ffb17e5d..0354d2c5cec 100644 --- a/2018/16xxx/CVE-2018-16636.json +++ b/2018/16xxx/CVE-2018-16636.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16636", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/security-breachlock/CVE-2018-16636/blob/master/nucleus_html.pdf", - "refsource" : "MISC", - "url" : "https://github.com/security-breachlock/CVE-2018-16636/blob/master/nucleus_html.pdf" - }, - { - "name" : "https://github.com/NucleusCMS/NucleusCMS/issues/84", - "refsource" : "CONFIRM", - "url" : "https://github.com/NucleusCMS/NucleusCMS/issues/84" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/NucleusCMS/NucleusCMS/issues/84", + "refsource": "CONFIRM", + "url": "https://github.com/NucleusCMS/NucleusCMS/issues/84" + }, + { + "name": "https://github.com/security-breachlock/CVE-2018-16636/blob/master/nucleus_html.pdf", + "refsource": "MISC", + "url": "https://github.com/security-breachlock/CVE-2018-16636/blob/master/nucleus_html.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16693.json b/2018/16xxx/CVE-2018-16693.json index 997d8003a2f..74abe77b490 100644 --- a/2018/16xxx/CVE-2018-16693.json +++ b/2018/16xxx/CVE-2018-16693.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16693", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16693", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4133.json b/2018/4xxx/CVE-2018-4133.json index 3c613cfe7fd..ee6d2d57881 100644 --- a/2018/4xxx/CVE-2018-4133.json +++ b/2018/4xxx/CVE-2018-4133.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the \"WebKit\" component. A Safari cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208695", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208695" - }, - { - "name" : "GLSA-201808-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201808-04" - }, - { - "name" : "USN-3635-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3635-1/" - }, - { - "name" : "103580", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/103580" - }, - { - "name" : "1040606", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040606" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the \"WebKit\" component. A Safari cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "103580", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/103580" + }, + { + "name": "GLSA-201808-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201808-04" + }, + { + "name": "1040606", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040606" + }, + { + "name": "USN-3635-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3635-1/" + }, + { + "name": "https://support.apple.com/HT208695", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208695" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4429.json b/2018/4xxx/CVE-2018-4429.json index 2518ea3e1eb..424e456a402 100644 --- a/2018/4xxx/CVE-2018-4429.json +++ b/2018/4xxx/CVE-2018-4429.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4429", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4429", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4439.json b/2018/4xxx/CVE-2018-4439.json index 00141d89538..9f528964750 100644 --- a/2018/4xxx/CVE-2018-4439.json +++ b/2018/4xxx/CVE-2018-4439.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4439", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4439", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4440.json b/2018/4xxx/CVE-2018-4440.json index 05c0a1b6cf2..f200843e70e 100644 --- a/2018/4xxx/CVE-2018-4440.json +++ b/2018/4xxx/CVE-2018-4440.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4440", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4440", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4453.json b/2018/4xxx/CVE-2018-4453.json index 4ef76612849..d4daff4e5dc 100644 --- a/2018/4xxx/CVE-2018-4453.json +++ b/2018/4xxx/CVE-2018-4453.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4453", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4453", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file