diff --git a/2003/0xxx/CVE-2003-0060.json b/2003/0xxx/CVE-2003-0060.json index 4ff9df179e3..af4ebf8d8a6 100644 --- a/2003/0xxx/CVE-2003-0060.json +++ b/2003/0xxx/CVE-2003-0060.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt" - }, - { - "name" : "CLSA-2003:639", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639" - }, - { - "name" : "VU#787523", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/787523" - }, - { - "name" : "6712", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6712" - }, - { - "name" : "kerberos-kdc-format-string(11189)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11189" - }, - { - "name" : "4879", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4879" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt" + }, + { + "name": "CLSA-2003:639", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639" + }, + { + "name": "6712", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6712" + }, + { + "name": "VU#787523", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/787523" + }, + { + "name": "kerberos-kdc-format-string(11189)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11189" + }, + { + "name": "4879", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4879" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0126.json b/2003/0xxx/CVE-2003-0126.json index c680a6826c3..a226435aa5d 100644 --- a/2003/0xxx/CVE-2003-0126.json +++ b/2003/0xxx/CVE-2003-0126.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, and possibly later versions, has a default \"admin\" account with a blank password, which could allow attackers on the LAN side to conduct unauthorized activities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.krusesecurity.dk/advisories/routefind550bof.txt", - "refsource" : "MISC", - "url" : "http://www.krusesecurity.dk/advisories/routefind550bof.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, and possibly later versions, has a default \"admin\" account with a blank password, which could allow attackers on the LAN side to conduct unauthorized activities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.krusesecurity.dk/advisories/routefind550bof.txt", + "refsource": "MISC", + "url": "http://www.krusesecurity.dk/advisories/routefind550bof.txt" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0446.json b/2003/0xxx/CVE-2003-0446.json index ab226158872..2e81c177840 100644 --- a/2003/0xxx/CVE-2003-0446.json +++ b/2003/0xxx/CVE-2003-0446.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105585986015421&w=2" - }, - { - "name" : "20030617 Re: [Full-Disclosure] Cross-Site Scripting in Unparsable XML Files", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105595990924165&w=2" - }, - { - "name" : "20030617 Re: Cross-Site Scripting in Unparsable XML Files (GM#013-IE)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-06/0120.html" - }, - { - "name" : "20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=105585001905002&w=2" - }, - { - "name" : "20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005762.html" - }, - { - "name" : "http://security.greymagic.com/adv/gm013-ie/", - "refsource" : "MISC", - "url" : "http://security.greymagic.com/adv/gm013-ie/" - }, - { - "name" : "7938", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7938" - }, - { - "name" : "3065", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3065" - }, - { - "name" : "9055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9055" - }, - { - "name" : "ie-msxml-xss(12334)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12334" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ie-msxml-xss(12334)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12334" + }, + { + "name": "20030617 Re: [Full-Disclosure] Cross-Site Scripting in Unparsable XML Files", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105595990924165&w=2" + }, + { + "name": "3065", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3065" + }, + { + "name": "20030617 Re: Cross-Site Scripting in Unparsable XML Files (GM#013-IE)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-06/0120.html" + }, + { + "name": "20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005762.html" + }, + { + "name": "20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=105585001905002&w=2" + }, + { + "name": "7938", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7938" + }, + { + "name": "9055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9055" + }, + { + "name": "http://security.greymagic.com/adv/gm013-ie/", + "refsource": "MISC", + "url": "http://security.greymagic.com/adv/gm013-ie/" + }, + { + "name": "20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105585986015421&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0530.json b/2003/0xxx/CVE-2003-0530.json index 9fbb9333424..8bc1feef76e 100644 --- a/2003/0xxx/CVE-2003-0530.json +++ b/2003/0xxx/CVE-2003-0530.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0530", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0530", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS03-032", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" - }, - { - "name" : "CA-2003-22", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2003-22.html" - }, - { - "name" : "VU#548964", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/548964" - }, - { - "name" : "8454", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8454" - }, - { - "name" : "1007538", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1007538" - }, - { - "name" : "9580", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9580" - }, - { - "name" : "ie-br549-activex-bo(12962)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12962" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9580", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9580" + }, + { + "name": "ie-br549-activex-bo(12962)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12962" + }, + { + "name": "CA-2003-22", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2003-22.html" + }, + { + "name": "VU#548964", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/548964" + }, + { + "name": "MS03-032", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" + }, + { + "name": "8454", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8454" + }, + { + "name": "1007538", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1007538" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0691.json b/2003/0xxx/CVE-2003-0691.json index a8f32a188a9..1c6e2a45dc0 100644 --- a/2003/0xxx/CVE-2003-0691.json +++ b/2003/0xxx/CVE-2003-0691.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0691", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not associated with any specific security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2003-0691", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not associated with any specific security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1373.json b/2003/1xxx/CVE-2003-1373.json index 4ed6cdd58a8..266eb4543ed 100644 --- a/2003/1xxx/CVE-2003-1373.json +++ b/2003/1xxx/CVE-2003-1373.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030220 phpBB Security Bugs", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html" - }, - { - "name" : "phpbb-auth-read-files(11407)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11407" - }, - { - "name" : "6889", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6889", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6889" + }, + { + "name": "20030220 phpBB Security Bugs", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html" + }, + { + "name": "phpbb-auth-read-files(11407)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11407" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0585.json b/2004/0xxx/CVE-2004-0585.json index 5c52b67fc7b..e8c29a4cf4b 100644 --- a/2004/0xxx/CVE-2004-0585.json +++ b/2004/0xxx/CVE-2004-0585.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0585", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0589. Reason: This candidate is a duplicate of CVE-2004-0589. Notes: All CVE users should reference CVE-2004-0589 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2004-0585", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0589. Reason: This candidate is a duplicate of CVE-2004-0589. Notes: All CVE users should reference CVE-2004-0589 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2491.json b/2004/2xxx/CVE-2004-2491.json index 5d72e4e0a8a..99ccfb76226 100644 --- a/2004/2xxx/CVE-2004-2491.json +++ b/2004/2xxx/CVE-2004-2491.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2491", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2491", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040726 Opera 7.53 (Build 3850) Address Bar Spoofing Issue", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1056.html" - }, - { - "name" : "http://www.opera.com/windows/changelogs/754/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/windows/changelogs/754/" - }, - { - "name" : "10810", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10810" - }, - { - "name" : "8317", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8317" - }, - { - "name" : "12162", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12162" - }, - { - "name" : "opera-addressbar-spoofing(16816)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "opera-addressbar-spoofing(16816)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16816" + }, + { + "name": "20040726 Opera 7.53 (Build 3850) Address Bar Spoofing Issue", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1056.html" + }, + { + "name": "12162", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12162" + }, + { + "name": "http://www.opera.com/windows/changelogs/754/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/windows/changelogs/754/" + }, + { + "name": "8317", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8317" + }, + { + "name": "10810", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10810" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2711.json b/2004/2xxx/CVE-2004-2711.json index afd53a5d5ab..7541742daf3 100644 --- a/2004/2xxx/CVE-2004-2711.json +++ b/2004/2xxx/CVE-2004-2711.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2711", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to \"avatar retrieval.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2711", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php", - "refsource" : "CONFIRM", - "url" : "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php" - }, - { - "name" : "8972", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to \"avatar retrieval.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php", + "refsource": "CONFIRM", + "url": "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php" + }, + { + "name": "8972", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8972" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2723.json b/2004/2xxx/CVE-2004-2723.json index 77fc7351e01..bb43b9246b7 100644 --- a/2004/2xxx/CVE-2004-2723.json +++ b/2004/2xxx/CVE-2004-2723.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040327 NessusWX stores credentials in plain text", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2004/Mar/1343.html" - }, - { - "name" : "9993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9993" - }, - { - "name" : "4814", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4814" - }, - { - "name" : "1009577", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009577" - }, - { - "name" : "nessuswx-sessionfiles-plaintext-password(15641)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15641" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4814", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4814" + }, + { + "name": "9993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9993" + }, + { + "name": "20040327 NessusWX stores credentials in plain text", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2004/Mar/1343.html" + }, + { + "name": "1009577", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009577" + }, + { + "name": "nessuswx-sessionfiles-plaintext-password(15641)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15641" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2724.json b/2004/2xxx/CVE-2004-2724.json index b28dd923247..13c4aac8cda 100644 --- a/2004/2xxx/CVE-2004-2724.json +++ b/2004/2xxx/CVE-2004-2724.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040827 DoS in Chat Anywhere 2.72a", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1183.html" - }, - { - "name" : "http://www.autistici.org/fdonato/advisory/ChatAnywhere2.72a-adv.txt", - "refsource" : "MISC", - "url" : "http://www.autistici.org/fdonato/advisory/ChatAnywhere2.72a-adv.txt" - }, - { - "name" : "9275", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/9275" - }, - { - "name" : "1011080", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011080" - }, - { - "name" : "12398", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12398" - }, - { - "name" : "chat-anywhere-username-dos(17148)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17148" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "chat-anywhere-username-dos(17148)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17148" + }, + { + "name": "http://www.autistici.org/fdonato/advisory/ChatAnywhere2.72a-adv.txt", + "refsource": "MISC", + "url": "http://www.autistici.org/fdonato/advisory/ChatAnywhere2.72a-adv.txt" + }, + { + "name": "1011080", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011080" + }, + { + "name": "9275", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/9275" + }, + { + "name": "12398", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12398" + }, + { + "name": "20040827 DoS in Chat Anywhere 2.72a", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1183.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2247.json b/2008/2xxx/CVE-2008-2247.json index 3d212b60545..30cfd47098d 100644 --- a/2008/2xxx/CVE-2008-2247.json +++ b/2008/2xxx/CVE-2008-2247.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-2247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS08-039", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-039" - }, - { - "name" : "TA08-190A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-190A.html" - }, - { - "name" : "30130", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30130" - }, - { - "name" : "oval:org.mitre.oval:def:5354", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5354" - }, - { - "name" : "ADV-2008-2021", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2021/references" - }, - { - "name" : "1020439", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020439" - }, - { - "name" : "30964", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30964" - }, - { - "name" : "exchange-owa-email-fields-xss(43328)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43328" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-2021", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2021/references" + }, + { + "name": "exchange-owa-email-fields-xss(43328)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43328" + }, + { + "name": "1020439", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020439" + }, + { + "name": "30130", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30130" + }, + { + "name": "oval:org.mitre.oval:def:5354", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5354" + }, + { + "name": "MS08-039", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-039" + }, + { + "name": "30964", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30964" + }, + { + "name": "TA08-190A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2316.json b/2008/2xxx/CVE-2008-2316.json index 3ffacf6e1c2..80624d46745 100644 --- a/2008/2xxx/CVE-2008-2316.json +++ b/2008/2xxx/CVE-2008-2316.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to \"partial hashlib hashing of data exceeding 4GB.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080813 rPSA-2008-0243-1 idle python", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495445/100/0/threaded" - }, - { - "name" : "http://bugs.gentoo.org/attachment.cgi?id=159422&action=view", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/attachment.cgi?id=159422&action=view" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=230640", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=230640" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0243", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0243" - }, - { - "name" : "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900" - }, - { - "name" : "http://support.apple.com/kb/HT3438", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3438" - }, - { - "name" : "APPLE-SA-2009-02-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" - }, - { - "name" : "GLSA-200807-16", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200807-16.xml" - }, - { - "name" : "MDVSA-2008:163", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:163" - }, - { - "name" : "SSA:2008-217-01", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289" - }, - { - "name" : "SUSE-SR:2008:017", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" - }, - { - "name" : "USN-632-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-632-1" - }, - { - "name" : "30491", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30491" - }, - { - "name" : "ADV-2008-2288", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2288" - }, - { - "name" : "31358", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31358" - }, - { - "name" : "31305", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31305" - }, - { - "name" : "31332", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31332" - }, - { - "name" : "31365", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31365" - }, - { - "name" : "31518", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31518" - }, - { - "name" : "31687", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31687" - }, - { - "name" : "31473", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31473" - }, - { - "name" : "33937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33937" - }, - { - "name" : "python-hashlib-overflow(44174)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44174" - }, - { - "name" : "python-multiple-bo(44173)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44173" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to \"partial hashlib hashing of data exceeding 4GB.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080813 rPSA-2008-0243-1 idle python", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495445/100/0/threaded" + }, + { + "name": "SUSE-SR:2008:017", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" + }, + { + "name": "ADV-2008-2288", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2288" + }, + { + "name": "python-multiple-bo(44173)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44173" + }, + { + "name": "30491", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30491" + }, + { + "name": "33937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33937" + }, + { + "name": "31687", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31687" + }, + { + "name": "GLSA-200807-16", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200807-16.xml" + }, + { + "name": "http://support.apple.com/kb/HT3438", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3438" + }, + { + "name": "APPLE-SA-2009-02-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" + }, + { + "name": "31358", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31358" + }, + { + "name": "31332", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31332" + }, + { + "name": "USN-632-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-632-1" + }, + { + "name": "31518", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31518" + }, + { + "name": "python-hashlib-overflow(44174)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44174" + }, + { + "name": "31305", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31305" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=230640", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=230640" + }, + { + "name": "31365", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31365" + }, + { + "name": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900" + }, + { + "name": "31473", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31473" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0243", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0243" + }, + { + "name": "MDVSA-2008:163", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:163" + }, + { + "name": "SSA:2008-217-01", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289" + }, + { + "name": "http://bugs.gentoo.org/attachment.cgi?id=159422&action=view", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/attachment.cgi?id=159422&action=view" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2360.json b/2008/2xxx/CVE-2008-2360.json index 0288f93ded2..8e694dbab82 100644 --- a/2008/2xxx/CVE-2008-2360.json +++ b/2008/2xxx/CVE-2008-2360.json @@ -1,292 +1,292 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2360", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-2360", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080611 Multiple Vendor X Server Render Extension AllocateGlyph() Integer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=718" - }, - { - "name" : "20080620 rPSA-2008-0200-1 xorg-server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493548/100/0/threaded" - }, - { - "name" : "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493550/100/0/threaded" - }, - { - "name" : "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions", - "refsource" : "MLIST", - "url" : "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html" - }, - { - "name" : "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff" - }, - { - "name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2607", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2607" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2619", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2619" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm" - }, - { - "name" : "http://support.apple.com/kb/HT3438", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT3438" - }, - { - "name" : "APPLE-SA-2009-02-12", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" - }, - { - "name" : "DSA-1595", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1595" - }, - { - "name" : "GLSA-200806-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200806-07.xml" - }, - { - "name" : "GLSA-200807-07", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml" - }, - { - "name" : "MDVSA-2008:116", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116" - }, - { - "name" : "MDVSA-2008:115", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115" - }, - { - "name" : "MDVSA-2008:179", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179" - }, - { - "name" : "RHSA-2008:0502", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-0502.html" - }, - { - "name" : "RHSA-2008:0504", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-0504.html" - }, - { - "name" : "RHSA-2008:0512", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2008-0512.html" - }, - { - "name" : "RHSA-2008:0503", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0503.html" - }, - { - "name" : "238686", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1" - }, - { - "name" : "SUSE-SA:2008:027", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html" - }, - { - "name" : "SUSE-SR:2008:019", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html" - }, - { - "name" : "USN-616-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-616-1" - }, - { - "name" : "oval:org.mitre.oval:def:9329", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9329" - }, - { - "name" : "ADV-2008-1803", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1803" - }, - { - "name" : "ADV-2008-1833", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1833" - }, - { - "name" : "ADV-2008-1983", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1983/references" - }, - { - "name" : "1020243", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020243" - }, - { - "name" : "30627", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30627" - }, - { - "name" : "30628", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30628" - }, - { - "name" : "30629", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30629" - }, - { - "name" : "30630", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30630" - }, - { - "name" : "30637", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30637" - }, - { - "name" : "30659", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30659" - }, - { - "name" : "30664", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30664" - }, - { - "name" : "30666", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30666" - }, - { - "name" : "30671", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30671" - }, - { - "name" : "30715", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30715" - }, - { - "name" : "30772", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30772" - }, - { - "name" : "30809", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30809" - }, - { - "name" : "30843", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30843" - }, - { - "name" : "31109", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31109" - }, - { - "name" : "32099", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32099" - }, - { - "name" : "31025", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31025" - }, - { - "name" : "33937", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33937" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://issues.rpath.com/browse/RPL-2607", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2607" + }, + { + "name": "30629", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30629" + }, + { + "name": "oval:org.mitre.oval:def:9329", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9329" + }, + { + "name": "238686", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1" + }, + { + "name": "33937", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33937" + }, + { + "name": "30664", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30664" + }, + { + "name": "MDVSA-2008:115", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115" + }, + { + "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded" + }, + { + "name": "31025", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31025" + }, + { + "name": "20080611 Multiple Vendor X Server Render Extension AllocateGlyph() Integer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=718" + }, + { + "name": "RHSA-2008:0502", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html" + }, + { + "name": "http://support.apple.com/kb/HT3438", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT3438" + }, + { + "name": "APPLE-SA-2009-02-12", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" + }, + { + "name": "ADV-2008-1833", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1833" + }, + { + "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201" + }, + { + "name": "GLSA-200806-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml" + }, + { + "name": "30715", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30715" + }, + { + "name": "30666", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30666" + }, + { + "name": "30627", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30627" + }, + { + "name": "30637", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30637" + }, + { + "name": "MDVSA-2008:116", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116" + }, + { + "name": "ADV-2008-1803", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1803" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm" + }, + { + "name": "SUSE-SA:2008:027", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html" + }, + { + "name": "1020243", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020243" + }, + { + "name": "30772", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30772" + }, + { + "name": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff", + "refsource": "CONFIRM", + "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff" + }, + { + "name": "RHSA-2008:0503", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html" + }, + { + "name": "30628", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30628" + }, + { + "name": "30659", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30659" + }, + { + "name": "31109", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31109" + }, + { + "name": "ADV-2008-1983", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1983/references" + }, + { + "name": "30671", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30671" + }, + { + "name": "30809", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30809" + }, + { + "name": "MDVSA-2008:179", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179" + }, + { + "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions", + "refsource": "MLIST", + "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html" + }, + { + "name": "RHSA-2008:0504", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html" + }, + { + "name": "30843", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30843" + }, + { + "name": "DSA-1595", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1595" + }, + { + "name": "USN-616-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-616-1" + }, + { + "name": "32099", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32099" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2619", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2619" + }, + { + "name": "SUSE-SR:2008:019", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html" + }, + { + "name": "RHSA-2008:0512", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html" + }, + { + "name": "20080620 rPSA-2008-0200-1 xorg-server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded" + }, + { + "name": "30630", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30630" + }, + { + "name": "GLSA-200807-07", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2540.json b/2008/2xxx/CVE-2008-2540.json index 14d31c53c1f..10af82c2ca7 100644 --- a/2008/2xxx/CVE-2008-2540.json +++ b/2008/2xxx/CVE-2008-2540.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a \"Carpet Bomb\" and a \"Blended Threat Elevation of Privilege Vulnerability,\" a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx", - "refsource" : "MISC", - "url" : "http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx" - }, - { - "name" : "http://blogs.zdnet.com/security/?p=1230", - "refsource" : "MISC", - "url" : "http://blogs.zdnet.com/security/?p=1230" - }, - { - "name" : "http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.html", - "refsource" : "MISC", - "url" : "http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.html" - }, - { - "name" : "http://www.microsoft.com/technet/security/advisory/953818.mspx", - "refsource" : "MISC", - "url" : "http://www.microsoft.com/technet/security/advisory/953818.mspx" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm" - }, - { - "name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138", - "refsource" : "CONFIRM", - "url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138" - }, - { - "name" : "APPLE-SA-2008-06-19", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html" - }, - { - "name" : "MS09-014", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014" - }, - { - "name" : "MS09-015", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-015" - }, - { - "name" : "TA09-104A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-104A.html" - }, - { - "name" : "29445", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29445" - }, - { - "name" : "oval:org.mitre.oval:def:5782", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5782" - }, - { - "name" : "oval:org.mitre.oval:def:6108", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6108" - }, - { - "name" : "oval:org.mitre.oval:def:8509", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8509" - }, - { - "name" : "1022047", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022047" - }, - { - "name" : "1020150", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020150" - }, - { - "name" : "30467", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30467" - }, - { - "name" : "ADV-2008-1706", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1706" - }, - { - "name" : "ADV-2009-1028", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1028" - }, - { - "name" : "ADV-2009-1029", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1029" - }, - { - "name" : "apple-safari-windows-code-execution(42765)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42765" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a \"Carpet Bomb\" and a \"Blended Threat Elevation of Privilege Vulnerability,\" a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30467", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30467" + }, + { + "name": "ADV-2009-1028", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1028" + }, + { + "name": "1022047", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022047" + }, + { + "name": "1020150", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020150" + }, + { + "name": "29445", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29445" + }, + { + "name": "http://www.microsoft.com/technet/security/advisory/953818.mspx", + "refsource": "MISC", + "url": "http://www.microsoft.com/technet/security/advisory/953818.mspx" + }, + { + "name": "ADV-2009-1029", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1029" + }, + { + "name": "TA09-104A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html" + }, + { + "name": "oval:org.mitre.oval:def:8509", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8509" + }, + { + "name": "http://blogs.zdnet.com/security/?p=1230", + "refsource": "MISC", + "url": "http://blogs.zdnet.com/security/?p=1230" + }, + { + "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138", + "refsource": "CONFIRM", + "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138" + }, + { + "name": "MS09-014", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014" + }, + { + "name": "http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.html", + "refsource": "MISC", + "url": "http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.html" + }, + { + "name": "APPLE-SA-2008-06-19", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html" + }, + { + "name": "http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx", + "refsource": "MISC", + "url": "http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx" + }, + { + "name": "oval:org.mitre.oval:def:5782", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5782" + }, + { + "name": "apple-safari-windows-code-execution(42765)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42765" + }, + { + "name": "MS09-015", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-015" + }, + { + "name": "oval:org.mitre.oval:def:6108", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6108" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm" + }, + { + "name": "ADV-2008-1706", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1706" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2888.json b/2008/2xxx/CVE-2008-2888.json index d697434930c..128204d0d98 100644 --- a/2008/2xxx/CVE-2008-2888.json +++ b/2008/2xxx/CVE-2008-2888.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2888", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple PHP remote file inclusion vulnerabilities in MiGCMS 2.0.5, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[application][app_root] parameter to (1) collection.class.php and (2) content_image.class.php in lib/obj/." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2888", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5901", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5901" - }, - { - "name" : "29874", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29874" - }, - { - "name" : "30770", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30770" - }, - { - "name" : "migcms-globals-file-include(43250)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple PHP remote file inclusion vulnerabilities in MiGCMS 2.0.5, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[application][app_root] parameter to (1) collection.class.php and (2) content_image.class.php in lib/obj/." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30770", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30770" + }, + { + "name": "5901", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5901" + }, + { + "name": "migcms-globals-file-include(43250)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43250" + }, + { + "name": "29874", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29874" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1085.json b/2012/1xxx/CVE-2012-1085.json index 4bd2427ce77..a688ddb6016 100644 --- a/2012/1xxx/CVE-2012-1085.json +++ b/2012/1xxx/CVE-2012-1085.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/", - "refsource" : "MISC", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/" - }, - { - "name" : "51852", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51852" - }, - { - "name" : "78799", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78799" - }, - { - "name" : "typo3-beuserswitch-unspec-info-disclosure(72973)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72973" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/", + "refsource": "MISC", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/" + }, + { + "name": "51852", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51852" + }, + { + "name": "78799", + "refsource": "OSVDB", + "url": "http://osvdb.org/78799" + }, + { + "name": "typo3-beuserswitch-unspec-info-disclosure(72973)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72973" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1183.json b/2012/1xxx/CVE-2012-1183.json index cc1ff2b0380..5687b0cd89c 100644 --- a/2012/1xxx/CVE-2012-1183.json +++ b/2012/1xxx/CVE-2012-1183.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120315 AST-2012-002: Remote Crash Vulnerability in Milliwatt Application", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html" - }, - { - "name" : "[oss-security] 20120316 CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/16/10" - }, - { - "name" : "[oss-security] 20120316 Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/16/17" - }, - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff" - }, - { - "name" : "http://downloads.asterisk.org/pub/security/AST-2012-002.pdf", - "refsource" : "CONFIRM", - "url" : "http://downloads.asterisk.org/pub/security/AST-2012-002.pdf" - }, - { - "name" : "http://www.asterisk.org/node/51797", - "refsource" : "CONFIRM", - "url" : "http://www.asterisk.org/node/51797" - }, - { - "name" : "DSA-2460", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2460" - }, - { - "name" : "52523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52523" - }, - { - "name" : "80125", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80125" - }, - { - "name" : "1026812", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1026812" - }, - { - "name" : "48417", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48417" - }, - { - "name" : "48941", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48941" - }, - { - "name" : "asterisk-milliwattgenerate-dos(74082)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-2460", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2460" + }, + { + "name": "[oss-security] 20120316 Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/16/17" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2012-002.pdf", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2012-002.pdf" + }, + { + "name": "20120315 AST-2012-002: Remote Crash Vulnerability in Milliwatt Application", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html" + }, + { + "name": "80125", + "refsource": "OSVDB", + "url": "http://osvdb.org/80125" + }, + { + "name": "52523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52523" + }, + { + "name": "48941", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48941" + }, + { + "name": "http://www.asterisk.org/node/51797", + "refsource": "CONFIRM", + "url": "http://www.asterisk.org/node/51797" + }, + { + "name": "48417", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48417" + }, + { + "name": "asterisk-milliwattgenerate-dos(74082)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74082" + }, + { + "name": "[oss-security] 20120316 CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/16/10" + }, + { + "name": "http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff", + "refsource": "CONFIRM", + "url": "http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff" + }, + { + "name": "1026812", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1026812" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1278.json b/2012/1xxx/CVE-2012-1278.json index caa15e07e04..79457fbd844 100644 --- a/2012/1xxx/CVE-2012-1278.json +++ b/2012/1xxx/CVE-2012-1278.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1278", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1278", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1309.json b/2012/1xxx/CVE-2012-1309.json index 761d9ccdf5e..5d4d055dcf5 100644 --- a/2012/1xxx/CVE-2012-1309.json +++ b/2012/1xxx/CVE-2012-1309.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1309", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1309", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1500.json b/2012/1xxx/CVE-2012-1500.json index 972929f8705..b1ccd6fccb0 100644 --- a/2012/1xxx/CVE-2012-1500.json +++ b/2012/1xxx/CVE-2012-1500.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1500", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1500", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1943.json b/2012/1xxx/CVE-2012-1943.json index 08e97a60507..a6f0b843a60 100644 --- a/2012/1xxx/CVE-2012-1943.json +++ b/2012/1xxx/CVE-2012-1943.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-35.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-35.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=750850", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=750850" - }, - { - "name" : "SUSE-SU-2012:0746", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html" - }, - { - "name" : "oval:org.mitre.oval:def:16924", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16924" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=750850", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=750850" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-35.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-35.html" + }, + { + "name": "SUSE-SU-2012:0746", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html" + }, + { + "name": "oval:org.mitre.oval:def:16924", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16924" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5011.json b/2012/5xxx/CVE-2012-5011.json index 9ff31abcd44..b3052cdfa61 100644 --- a/2012/5xxx/CVE-2012-5011.json +++ b/2012/5xxx/CVE-2012-5011.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5011", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5011", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5057.json b/2012/5xxx/CVE-2012-5057.json index 60710d52c47..bdb0f2b6e3b 100644 --- a/2012/5xxx/CVE-2012-5057.json +++ b/2012/5xxx/CVE-2012-5057.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5057", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://owncloud.org/about/security/advisories/CVE-2012-5057/", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/about/security/advisories/CVE-2012-5057/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://owncloud.org/about/security/advisories/CVE-2012-5057/", + "refsource": "CONFIRM", + "url": "http://owncloud.org/about/security/advisories/CVE-2012-5057/" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5350.json b/2012/5xxx/CVE-2012-5350.json index 79d2915629a..3f077d3114d 100644 --- a/2012/5xxx/CVE-2012-5350.json +++ b/2012/5xxx/CVE-2012-5350.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5350", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18330", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18330" - }, - { - "name" : "http://wordpress.org/extend/plugins/pay-with-tweet/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/pay-with-tweet/changelog/" - }, - { - "name" : "51308", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51308" - }, - { - "name" : "78204", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/78204" - }, - { - "name" : "47475", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47475" - }, - { - "name" : "paywithtweet-postpage-sql-injection(72165)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72165" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "78204", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/78204" + }, + { + "name": "51308", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51308" + }, + { + "name": "18330", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18330" + }, + { + "name": "paywithtweet-postpage-sql-injection(72165)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72165" + }, + { + "name": "47475", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47475" + }, + { + "name": "http://wordpress.org/extend/plugins/pay-with-tweet/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/pay-with-tweet/changelog/" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5499.json b/2012/5xxx/CVE-2012-5499.json index 943c08667f3..13ded1d1b6c 100644 --- a/2012/5xxx/CVE-2012-5499.json +++ b/2012/5xxx/CVE-2012-5499.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5499", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5499", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/10/1" - }, - { - "name" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", - "refsource" : "CONFIRM", - "url" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" - }, - { - "name" : "https://plone.org/products/plone-hotfix/releases/20121106", - "refsource" : "CONFIRM", - "url" : "https://plone.org/products/plone-hotfix/releases/20121106" - }, - { - "name" : "https://plone.org/products/plone/security/advisories/20121106/15", - "refsource" : "CONFIRM", - "url" : "https://plone.org/products/plone/security/advisories/20121106/15" - }, - { - "name" : "RHSA-2014:1194", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-1194.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", + "refsource": "CONFIRM", + "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" + }, + { + "name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" + }, + { + "name": "https://plone.org/products/plone/security/advisories/20121106/15", + "refsource": "CONFIRM", + "url": "https://plone.org/products/plone/security/advisories/20121106/15" + }, + { + "name": "https://plone.org/products/plone-hotfix/releases/20121106", + "refsource": "CONFIRM", + "url": "https://plone.org/products/plone-hotfix/releases/20121106" + }, + { + "name": "RHSA-2014:1194", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5555.json b/2012/5xxx/CVE-2012-5555.json index 7064604deda..223f6abf180 100644 --- a/2012/5xxx/CVE-2012-5555.json +++ b/2012/5xxx/CVE-2012-5555.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5555", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5555", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5881.json b/2012/5xxx/CVE-2012-5881.json index 9c084cd6b65..3f1f1351666 100644 --- a/2012/5xxx/CVE-2012-5881.json +++ b/2012/5xxx/CVE-2012-5881.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", - "refsource" : "CONFIRM", - "url" : "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" - }, - { - "name" : "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", - "refsource" : "CONFIRM", - "url" : "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" - }, - { - "name" : "http://yuilibrary.com/support/20121030-vulnerability/", - "refsource" : "CONFIRM", - "url" : "http://yuilibrary.com/support/20121030-vulnerability/" - }, - { - "name" : "56385", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56385" - }, - { - "name" : "yui-flash-component-xss(80118)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", + "refsource": "CONFIRM", + "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" + }, + { + "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", + "refsource": "CONFIRM", + "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" + }, + { + "name": "56385", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56385" + }, + { + "name": "yui-flash-component-xss(80118)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118" + }, + { + "name": "http://yuilibrary.com/support/20121030-vulnerability/", + "refsource": "CONFIRM", + "url": "http://yuilibrary.com/support/20121030-vulnerability/" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11311.json b/2017/11xxx/CVE-2017-11311.json index 51357421cfc..d75b8a4dc5c 100644 --- a/2017/11xxx/CVE-2017-11311.json +++ b/2017/11xxx/CVE-2017-11311.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/867579", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/867579" - }, - { - "name" : "https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html", - "refsource" : "CONFIRM", - "url" : "https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html" - }, - { - "name" : "https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision&rev=8438", - "refsource" : "CONFIRM", - "url" : "https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision&rev=8438" - }, - { - "name" : "https://source.openmpt.org/browse/openmpt/trunk/?rev=6800", - "refsource" : "CONFIRM", - "url" : "https://source.openmpt.org/browse/openmpt/trunk/?rev=6800" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.openmpt.org/browse/openmpt/trunk/?rev=6800", + "refsource": "CONFIRM", + "url": "https://source.openmpt.org/browse/openmpt/trunk/?rev=6800" + }, + { + "name": "https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision&rev=8438", + "refsource": "CONFIRM", + "url": "https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision&rev=8438" + }, + { + "name": "https://bugs.debian.org/867579", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/867579" + }, + { + "name": "https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html", + "refsource": "CONFIRM", + "url": "https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11432.json b/2017/11xxx/CVE-2017-11432.json index c5c2ed55c2e..217acf0d33a 100644 --- a/2017/11xxx/CVE-2017-11432.json +++ b/2017/11xxx/CVE-2017-11432.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11432", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11432", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11962.json b/2017/11xxx/CVE-2017-11962.json index 33c1612ba1c..59c39de9dce 100644 --- a/2017/11xxx/CVE-2017-11962.json +++ b/2017/11xxx/CVE-2017-11962.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11962", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11962", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3012.json b/2017/3xxx/CVE-2017-3012.json index 00bb100bcf1..bf8a20860ba 100644 --- a/2017/3xxx/CVE-2017-3012.json +++ b/2017/3xxx/CVE-2017-3012.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3012", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in the OCR plugin." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insecure Library Loading (DLL hijacking)" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" - }, - { - "name" : "97547", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97547" - }, - { - "name" : "1038228", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in the OCR plugin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Library Loading (DLL hijacking)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038228", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038228" + }, + { + "name": "97547", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97547" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3218.json b/2017/3xxx/CVE-2017-3218.json index f45de69dc47..4d93c921ef0 100644 --- a/2017/3xxx/CVE-2017-3218.json +++ b/2017/3xxx/CVE-2017-3218.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2017-3218", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Magician", - "version" : { - "version_data" : [ - { - "version_value" : "<5.1" - } - ] - } - } - ] - }, - "vendor_name" : "Samsung" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-295" - }, - { - "lang" : "eng", - "value" : "CWE-311" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-3218", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Magician", + "version": { + "version_data": [ + { + "version_value": "<5.1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#846320", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/846320" - }, - { - "name" : "99081", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295" + }, + { + "lang": "eng", + "value": "CWE-311" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99081", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99081" + }, + { + "name": "VU#846320", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/846320" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3322.json b/2017/3xxx/CVE-2017-3322.json index 0a1d0a47412..084833a2eac 100644 --- a/2017/3xxx/CVE-2017-3322.json +++ b/2017/3xxx/CVE-2017-3322.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Cluster", - "version" : { - "version_data" : [ - { - "version_value" : "7.2.25 and earlier" - }, - { - "version_value" : "7.3.14 and earlier" - }, - { - "version_value" : "7.4.12 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.25 and earlier, 7.3.14 and earlier, 7.4.12 and earlier and . Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 3.7 (Availability impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Cluster", + "version": { + "version_data": [ + { + "version_value": "7.2.25 and earlier" + }, + { + "version_value": "7.3.14 and earlier" + }, + { + "version_value": "7.4.12 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95574", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95574" - }, - { - "name" : "1037640", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.25 and earlier, 7.3.14 and earlier, 7.4.12 and earlier and . Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 3.7 (Availability impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95574", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95574" + }, + { + "name": "1037640", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037640" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3892.json b/2017/3xxx/CVE-2017-3892.json index 4fc782bafc5..37169a665be 100644 --- a/2017/3xxx/CVE-2017-3892.json +++ b/2017/3xxx/CVE-2017-3892.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@blackberry.com", - "DATE_PUBLIC" : "2017-11-14T00:00:00", - "ID" : "CVE-2017-3892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "QNX Software Development Platform (QNX SDP)", - "version" : { - "version_data" : [ - { - "version_value" : "6.6.0" - } - ] - } - } - ] - }, - "vendor_name" : "BlackBerry" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@blackberry.com", + "DATE_PUBLIC": "2017-11-14T00:00:00", + "ID": "CVE-2017-3892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "QNX Software Development Platform (QNX SDP)", + "version": { + "version_data": [ + { + "version_value": "6.6.0" + } + ] + } + } + ] + }, + "vendor_name": "BlackBerry" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674", - "refsource" : "CONFIRM", - "url" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674", + "refsource": "CONFIRM", + "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7277.json b/2017/7xxx/CVE-2017-7277.json index 6213b65daae..0a0ab75f223 100644 --- a/2017/7xxx/CVE-2017-7277.json +++ b/2017/7xxx/CVE-2017-7277.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://lkml.org/lkml/2017/3/15/485", - "refsource" : "MISC", - "url" : "https://lkml.org/lkml/2017/3/15/485" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ef1b2869447411ad3ef91ad7d4891a83c1a509a", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ef1b2869447411ad3ef91ad7d4891a83c1a509a" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8605330aac5a5785630aec8f64378a54891937cc", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8605330aac5a5785630aec8f64378a54891937cc" - }, - { - "name" : "https://github.com/torvalds/linux/commit/4ef1b2869447411ad3ef91ad7d4891a83c1a509a", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/4ef1b2869447411ad3ef91ad7d4891a83c1a509a" - }, - { - "name" : "https://github.com/torvalds/linux/commit/8605330aac5a5785630aec8f64378a54891937cc", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/8605330aac5a5785630aec8f64378a54891937cc" - }, - { - "name" : "https://patchwork.ozlabs.org/patch/740636/", - "refsource" : "CONFIRM", - "url" : "https://patchwork.ozlabs.org/patch/740636/" - }, - { - "name" : "https://patchwork.ozlabs.org/patch/740639/", - "refsource" : "CONFIRM", - "url" : "https://patchwork.ozlabs.org/patch/740639/" - }, - { - "name" : "97141", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97141" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchwork.ozlabs.org/patch/740636/", + "refsource": "CONFIRM", + "url": "https://patchwork.ozlabs.org/patch/740636/" + }, + { + "name": "https://lkml.org/lkml/2017/3/15/485", + "refsource": "MISC", + "url": "https://lkml.org/lkml/2017/3/15/485" + }, + { + "name": "https://github.com/torvalds/linux/commit/8605330aac5a5785630aec8f64378a54891937cc", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/8605330aac5a5785630aec8f64378a54891937cc" + }, + { + "name": "https://patchwork.ozlabs.org/patch/740639/", + "refsource": "CONFIRM", + "url": "https://patchwork.ozlabs.org/patch/740639/" + }, + { + "name": "97141", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97141" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ef1b2869447411ad3ef91ad7d4891a83c1a509a", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ef1b2869447411ad3ef91ad7d4891a83c1a509a" + }, + { + "name": "https://github.com/torvalds/linux/commit/4ef1b2869447411ad3ef91ad7d4891a83c1a509a", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/4ef1b2869447411ad3ef91ad7d4891a83c1a509a" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8605330aac5a5785630aec8f64378a54891937cc", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8605330aac5a5785630aec8f64378a54891937cc" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8197.json b/2017/8xxx/CVE-2017-8197.json index 1c7936e3a88..99e64799cba 100644 --- a/2017/8xxx/CVE-2017-8197.json +++ b/2017/8xxx/CVE-2017-8197.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FusionSphere", - "version" : { - "version_data" : [ - { - "version_value" : "V100R006C00SPC102(NFV)" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FusionSphere V100R006C00SPC102(NFV) has a command injection vulnerability. An authenticated, remote attacker could craft packets with malicious strings and send them to a target device. Successful exploit could allow the attacker to launch a command injection attack and execute system commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "command injection" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FusionSphere", + "version": { + "version_data": [ + { + "version_value": "V100R006C00SPC102(NFV)" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170913-01-fusionsphere-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170913-01-fusionsphere-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FusionSphere V100R006C00SPC102(NFV) has a command injection vulnerability. An authenticated, remote attacker could craft packets with malicious strings and send them to a target device. Successful exploit could allow the attacker to launch a command injection attack and execute system commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170913-01-fusionsphere-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170913-01-fusionsphere-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8383.json b/2017/8xxx/CVE-2017-8383.json index d8673a2538a..db9715ad00b 100644 --- a/2017/8xxx/CVE-2017-8383.json +++ b/2017/8xxx/CVE-2017-8383.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://craftcms.com/changelog#2-6-2976", - "refsource" : "CONFIRM", - "url" : "https://craftcms.com/changelog#2-6-2976" - }, - { - "name" : "https://twitter.com/CraftCMS/status/857743080224473088", - "refsource" : "CONFIRM", - "url" : "https://twitter.com/CraftCMS/status/857743080224473088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://craftcms.com/changelog#2-6-2976", + "refsource": "CONFIRM", + "url": "https://craftcms.com/changelog#2-6-2976" + }, + { + "name": "https://twitter.com/CraftCMS/status/857743080224473088", + "refsource": "CONFIRM", + "url": "https://twitter.com/CraftCMS/status/857743080224473088" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8526.json b/2017/8xxx/CVE-2017-8526.json index d05d697f5ce..5a1d3cb3466 100644 --- a/2017/8xxx/CVE-2017-8526.json +++ b/2017/8xxx/CVE-2017-8526.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8526", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8526", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8724.json b/2017/8xxx/CVE-2017-8724.json index 6ee268460fb..229d7efec2f 100644 --- a/2017/8xxx/CVE-2017-8724.json +++ b/2017/8xxx/CVE-2017-8724.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-09-12T00:00:00", - "ID" : "CVE-2017-8724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 Version 1703" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka \"Microsoft Edge Spoofing Vulnerability\". This CVE ID is unique from CVE-2017-8735." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Spoofing" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-09-12T00:00:00", + "ID": "CVE-2017-8724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 Version 1703" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8724", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8724" - }, - { - "name" : "100777", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100777" - }, - { - "name" : "1039326", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka \"Microsoft Edge Spoofing Vulnerability\". This CVE ID is unique from CVE-2017-8735." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039326", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039326" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8724", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8724" + }, + { + "name": "100777", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100777" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8999.json b/2017/8xxx/CVE-2017-8999.json index befe19e4cef..1ea103d5faa 100644 --- a/2017/8xxx/CVE-2017-8999.json +++ b/2017/8xxx/CVE-2017-8999.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8999", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8999", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10536.json b/2018/10xxx/CVE-2018-10536.json index 91e41f460be..7d5890188df 100644 --- a/2018/10xxx/CVE-2018-10536.json +++ b/2018/10xxx/CVE-2018-10536.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10536", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10536", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15", - "refsource" : "MISC", - "url" : "https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15" - }, - { - "name" : "https://github.com/dbry/WavPack/issues/30", - "refsource" : "MISC", - "url" : "https://github.com/dbry/WavPack/issues/30" - }, - { - "name" : "https://github.com/dbry/WavPack/issues/31", - "refsource" : "MISC", - "url" : "https://github.com/dbry/WavPack/issues/31" - }, - { - "name" : "https://github.com/dbry/WavPack/issues/32", - "refsource" : "MISC", - "url" : "https://github.com/dbry/WavPack/issues/32" - }, - { - "name" : "DSA-4197", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4197" - }, - { - "name" : "USN-3637-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3637-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/dbry/WavPack/issues/32", + "refsource": "MISC", + "url": "https://github.com/dbry/WavPack/issues/32" + }, + { + "name": "DSA-4197", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4197" + }, + { + "name": "https://github.com/dbry/WavPack/issues/31", + "refsource": "MISC", + "url": "https://github.com/dbry/WavPack/issues/31" + }, + { + "name": "USN-3637-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3637-1/" + }, + { + "name": "https://github.com/dbry/WavPack/issues/30", + "refsource": "MISC", + "url": "https://github.com/dbry/WavPack/issues/30" + }, + { + "name": "https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15", + "refsource": "MISC", + "url": "https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10590.json b/2018/10xxx/CVE-2018-10590.json index fa661586dcf..56f89f4a952 100644 --- a/2018/10xxx/CVE-2018-10590.json +++ b/2018/10xxx/CVE-2018-10590.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-05-15T00:00:00", - "ID" : "CVE-2018-10590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebAccess", - "version" : { - "version_data" : [ - { - "version_value" : "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." - } - ] - } - } - ] - }, - "vendor_name" : "Advantech" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "INFORMATION EXPOSURE THROUGH DIRECTORY LISTING CWE-548" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-05-15T00:00:00", + "ID": "CVE-2018-10590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebAccess", + "version": { + "version_data": [ + { + "version_value": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." + } + ] + } + } + ] + }, + "vendor_name": "Advantech" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" - }, - { - "name" : "104190", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "INFORMATION EXPOSURE THROUGH DIRECTORY LISTING CWE-548" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104190", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104190" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10619.json b/2018/10xxx/CVE-2018-10619.json index c8b074c5f0f..e33e51a9b2f 100644 --- a/2018/10xxx/CVE-2018-10619.json +++ b/2018/10xxx/CVE-2018-10619.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-06-07T00:00:00", - "ID" : "CVE-2018-10619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway", - "version" : { - "version_data" : [ - { - "version_value" : "RSLinx Classic Versions 3.90.01 and prior, FactoryTalk Linx Gateway Versions 3.90.00 and prior." - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "UNQUOTED SEARCH PATH OR ELEMENT CWE-428" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-06-07T00:00:00", + "ID": "CVE-2018-10619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway", + "version": { + "version_data": [ + { + "version_value": "RSLinx Classic Versions 3.90.01 and prior, FactoryTalk Linx Gateway Versions 3.90.00 and prior." + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44892", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44892/" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01" - }, - { - "name" : "104415", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104415" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNQUOTED SEARCH PATH OR ELEMENT CWE-428" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44892", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44892/" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01" + }, + { + "name": "104415", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104415" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10715.json b/2018/10xxx/CVE-2018-10715.json index 0eace834705..72f99e9747a 100644 --- a/2018/10xxx/CVE-2018-10715.json +++ b/2018/10xxx/CVE-2018-10715.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10715", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10715", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12563.json b/2018/12xxx/CVE-2018-12563.json index a66bfcd3055..c5b87efe7fa 100644 --- a/2018/12xxx/CVE-2018-12563.json +++ b/2018/12xxx/CVE-2018-12563.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://git.linaro.org/lava/lava.git/commit/?id=e24ec39599bc07562ad8bc2a581144b8448cb214", - "refsource" : "CONFIRM", - "url" : "https://git.linaro.org/lava/lava.git/commit/?id=e24ec39599bc07562ad8bc2a581144b8448cb214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://git.linaro.org/lava/lava.git/commit/?id=e24ec39599bc07562ad8bc2a581144b8448cb214", + "refsource": "CONFIRM", + "url": "https://git.linaro.org/lava/lava.git/commit/?id=e24ec39599bc07562ad8bc2a581144b8448cb214" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13000.json b/2018/13xxx/CVE-2018-13000.json index 38313653929..821bf2adc3d 100644 --- a/2018/13xxx/CVE-2018-13000.json +++ b/2018/13xxx/CVE-2018-13000.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of the `Private Message` module. The editor of the private message module allows inserting links without sanitizing the content. This allows remote attackers to inject malicious script code payloads as a private message (aka pmbody). The injection point is the editor ftp link element and the execution point occurs in the message body context on arrival. The request method to inject is POST with restricted user privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vulnerability-lab.com/get_content.php?id=2123", - "refsource" : "MISC", - "url" : "https://www.vulnerability-lab.com/get_content.php?id=2123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of the `Private Message` module. The editor of the private message module allows inserting links without sanitizing the content. This allows remote attackers to inject malicious script code payloads as a private message (aka pmbody). The injection point is the editor ftp link element and the execution point occurs in the message body context on arrival. The request method to inject is POST with restricted user privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vulnerability-lab.com/get_content.php?id=2123", + "refsource": "MISC", + "url": "https://www.vulnerability-lab.com/get_content.php?id=2123" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13022.json b/2018/13xxx/CVE-2018-13022.json index 848bc3ff4ff..b85fa40bcb5 100644 --- a/2018/13xxx/CVE-2018-13022.json +++ b/2018/13xxx/CVE-2018-13022.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13022", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13022", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.securityevaluators.com/hack-routers-get-toys-exploiting-the-mi-router-3-1d7fd42f0838", - "refsource" : "MISC", - "url" : "https://blog.securityevaluators.com/hack-routers-get-toys-exploiting-the-mi-router-3-1d7fd42f0838" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.securityevaluators.com/hack-routers-get-toys-exploiting-the-mi-router-3-1d7fd42f0838", + "refsource": "MISC", + "url": "https://blog.securityevaluators.com/hack-routers-get-toys-exploiting-the-mi-router-3-1d7fd42f0838" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13461.json b/2018/13xxx/CVE-2018-13461.json index 67ec90ed21f..23d7b25b243 100644 --- a/2018/13xxx/CVE-2018-13461.json +++ b/2018/13xxx/CVE-2018-13461.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13461", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13461", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13652.json b/2018/13xxx/CVE-2018-13652.json index 46821b8bcd9..de5044a2ff9 100644 --- a/2018/13xxx/CVE-2018-13652.json +++ b/2018/13xxx/CVE-2018-13652.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for TheGoDigital, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TheGoDigital", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TheGoDigital" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for TheGoDigital, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TheGoDigital", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TheGoDigital" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13723.json b/2018/13xxx/CVE-2018-13723.json index eeec7d5fb2d..eb1e968a1e0 100644 --- a/2018/13xxx/CVE-2018-13723.json +++ b/2018/13xxx/CVE-2018-13723.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13723", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for SERVVIZIOToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13723", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SERVVIZIOToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SERVVIZIOToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for SERVVIZIOToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SERVVIZIOToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SERVVIZIOToken" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13859.json b/2018/13xxx/CVE-2018-13859.json index b3112ee5815..10fded28666 100644 --- a/2018/13xxx/CVE-2018-13859.json +++ b/2018/13xxx/CVE-2018-13859.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the \"/xml/system/setAttribute.xml\" URL, using the GET request \"?id=0&attr=protectAccess&newValue=0\" (a successful attack will allow attackers to login without authorization)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45088", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45088/" - }, - { - "name" : "https://vulncode.com/advisory/CVE-2018-13859", - "refsource" : "MISC", - "url" : "https://vulncode.com/advisory/CVE-2018-13859" - }, - { - "name" : "http://update.trivum.com/update/v9-changes.html", - "refsource" : "CONFIRM", - "url" : "http://update.trivum.com/update/v9-changes.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the \"/xml/system/setAttribute.xml\" URL, using the GET request \"?id=0&attr=protectAccess&newValue=0\" (a successful attack will allow attackers to login without authorization)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://update.trivum.com/update/v9-changes.html", + "refsource": "CONFIRM", + "url": "http://update.trivum.com/update/v9-changes.html" + }, + { + "name": "https://vulncode.com/advisory/CVE-2018-13859", + "refsource": "MISC", + "url": "https://vulncode.com/advisory/CVE-2018-13859" + }, + { + "name": "45088", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45088/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17280.json b/2018/17xxx/CVE-2018-17280.json index 21507e3e218..c36de851a1d 100644 --- a/2018/17xxx/CVE-2018-17280.json +++ b/2018/17xxx/CVE-2018-17280.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17280", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-17280", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17416.json b/2018/17xxx/CVE-2018-17416.json index 515ad2126f5..776abe04946 100644 --- a/2018/17xxx/CVE-2018-17416.json +++ b/2018/17xxx/CVE-2018-17416.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/seedis/zzcms/blob/master/SQL%20injection%20in%20%20addclass.md", - "refsource" : "MISC", - "url" : "https://github.com/seedis/zzcms/blob/master/SQL%20injection%20in%20%20addclass.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/seedis/zzcms/blob/master/SQL%20injection%20in%20%20addclass.md", + "refsource": "MISC", + "url": "https://github.com/seedis/zzcms/blob/master/SQL%20injection%20in%20%20addclass.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17527.json b/2018/17xxx/CVE-2018-17527.json index d4eed816857..d76991bd2c9 100644 --- a/2018/17xxx/CVE-2018-17527.json +++ b/2018/17xxx/CVE-2018-17527.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17527", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17527", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17913.json b/2018/17xxx/CVE-2018-17913.json index d3a7797cded..8cc739d10ff 100644 --- a/2018/17xxx/CVE-2018-17913.json +++ b/2018/17xxx/CVE-2018-17913.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-10-17T00:00:00", - "ID" : "CVE-2018-17913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CX-Supervisor", - "version" : { - "version_data" : [ - { - "version_value" : "Versions 3.4.1.0 and prior." - } - ] - } - } - ] - }, - "vendor_name" : "Omron" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "INCORRECT TYPE VERSION OR CAST CWE-704" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-10-17T00:00:00", + "ID": "CVE-2018-17913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CX-Supervisor", + "version": { + "version_data": [ + { + "version_value": "Versions 3.4.1.0 and prior." + } + ] + } + } + ] + }, + "vendor_name": "Omron" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01" - }, - { - "name" : "105691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105691" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "INCORRECT TYPE VERSION OR CAST CWE-704" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01" + }, + { + "name": "105691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105691" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9661.json b/2018/9xxx/CVE-2018-9661.json index 6a7d52a0ba5..fd6796ebed7 100644 --- a/2018/9xxx/CVE-2018-9661.json +++ b/2018/9xxx/CVE-2018-9661.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9661", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9661", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file