From e2afc461cc672669df80b4a29783a9837eaadfe3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 05:06:45 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2003/1xxx/CVE-2003-1273.json | 140 ++++++------- 2003/1xxx/CVE-2003-1310.json | 160 +++++++------- 2003/1xxx/CVE-2003-1396.json | 140 ++++++------- 2004/0xxx/CVE-2004-0053.json | 140 ++++++------- 2004/0xxx/CVE-2004-0067.json | 370 ++++++++++++++++----------------- 2004/0xxx/CVE-2004-0538.json | 120 +++++------ 2004/0xxx/CVE-2004-0626.json | 170 +++++++-------- 2004/1xxx/CVE-2004-1130.json | 150 ++++++------- 2004/1xxx/CVE-2004-1150.json | 170 +++++++-------- 2004/1xxx/CVE-2004-1945.json | 180 ++++++++-------- 2004/2xxx/CVE-2004-2077.json | 170 +++++++-------- 2004/2xxx/CVE-2004-2291.json | 130 ++++++------ 2004/2xxx/CVE-2004-2677.json | 190 ++++++++--------- 2008/2xxx/CVE-2008-2485.json | 160 +++++++------- 2008/2xxx/CVE-2008-2593.json | 190 ++++++++--------- 2008/2xxx/CVE-2008-2824.json | 170 +++++++-------- 2008/6xxx/CVE-2008-6031.json | 130 ++++++------ 2008/6xxx/CVE-2008-6036.json | 160 +++++++------- 2008/6xxx/CVE-2008-6389.json | 140 ++++++------- 2008/6xxx/CVE-2008-6638.json | 150 ++++++------- 2008/7xxx/CVE-2008-7212.json | 190 ++++++++--------- 2012/5xxx/CVE-2012-5377.json | 130 ++++++------ 2012/5xxx/CVE-2012-5778.json | 34 +-- 2017/11xxx/CVE-2017-11397.json | 130 ++++++------ 2017/11xxx/CVE-2017-11426.json | 34 +-- 2017/15xxx/CVE-2017-15211.json | 150 ++++++------- 2017/15xxx/CVE-2017-15844.json | 130 ++++++------ 2017/3xxx/CVE-2017-3388.json | 166 +++++++-------- 2017/3xxx/CVE-2017-3434.json | 148 ++++++------- 2017/3xxx/CVE-2017-3796.json | 140 ++++++------- 2017/8xxx/CVE-2017-8226.json | 34 +-- 2017/8xxx/CVE-2017-8315.json | 132 ++++++------ 2017/8xxx/CVE-2017-8320.json | 34 +-- 2017/8xxx/CVE-2017-8433.json | 34 +-- 2017/8xxx/CVE-2017-8450.json | 120 +++++------ 2017/8xxx/CVE-2017-8638.json | 142 ++++++------- 2018/12xxx/CVE-2018-12243.json | 132 ++++++------ 2018/12xxx/CVE-2018-12285.json | 34 +-- 2018/12xxx/CVE-2018-12796.json | 140 ++++++------- 2018/13xxx/CVE-2018-13008.json | 120 +++++------ 2018/16xxx/CVE-2018-16158.json | 130 ++++++------ 2018/16xxx/CVE-2018-16306.json | 34 +-- 2018/16xxx/CVE-2018-16726.json | 120 +++++------ 2018/16xxx/CVE-2018-16736.json | 140 ++++++------- 2018/16xxx/CVE-2018-16952.json | 130 ++++++------ 2018/17xxx/CVE-2018-17211.json | 34 +-- 2018/17xxx/CVE-2018-17798.json | 120 +++++------ 2018/17xxx/CVE-2018-17804.json | 34 +-- 2019/5xxx/CVE-2019-5414.json | 56 ++++- 49 files changed, 3172 insertions(+), 3130 deletions(-) diff --git a/2003/1xxx/CVE-2003-1273.json b/2003/1xxx/CVE-2003-1273.json index a1bb7f1aac6..a5a1c1e25e0 100644 --- a/2003/1xxx/CVE-2003-1273.json +++ b/2003/1xxx/CVE-2003-1273.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030104 WinAmp v.3.0: buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html" - }, - { - "name" : "6517", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6517" - }, - { - "name" : "winamp-b4s-playlistname-dos(10982)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10982" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030104 WinAmp v.3.0: buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html" + }, + { + "name": "winamp-b4s-playlistname-dos(10982)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10982" + }, + { + "name": "6517", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6517" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1310.json b/2003/1xxx/CVE-2003-1310.json index b0d687b2d00..b0d9e3be1bc 100644 --- a/2003/1xxx/CVE-2003-1310.json +++ b/2003/1xxx/CVE-2003-1310.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka \"Device Driver Attack\")." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sec-labs.hack.pl/papers/win32ddc.php", - "refsource" : "MISC", - "url" : "http://sec-labs.hack.pl/papers/win32ddc.php" - }, - { - "name" : "8329", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8329" - }, - { - "name" : "4362", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4362" - }, - { - "name" : "9460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9460" - }, - { - "name" : "device-driver-gain-privileges(12824)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka \"Device Driver Attack\")." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4362", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4362" + }, + { + "name": "device-driver-gain-privileges(12824)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12824" + }, + { + "name": "http://sec-labs.hack.pl/papers/win32ddc.php", + "refsource": "MISC", + "url": "http://sec-labs.hack.pl/papers/win32ddc.php" + }, + { + "name": "8329", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8329" + }, + { + "name": "9460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9460" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1396.json b/2003/1xxx/CVE-2003-1396.json index 63e591cfa72..e086a3b12cc 100644 --- a/2003/1xxx/CVE-2003-1396.json +++ b/2003/1xxx/CVE-2003-1396.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030427 [Opera 7/6] Long File Extension Heap Buffer Overrun Vulnerability in Download.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-04/0346.html" - }, - { - "name" : "7450", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7450" - }, - { - "name" : "opera-file-extension-bo(11894)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11894" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030427 [Opera 7/6] Long File Extension Heap Buffer Overrun Vulnerability in Download.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-04/0346.html" + }, + { + "name": "7450", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7450" + }, + { + "name": "opera-file-extension-bo(11894)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11894" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0053.json b/2004/0xxx/CVE-2004-0053.json index b9bf023557d..fef9a3aa2a9 100644 --- a/2004/0xxx/CVE-2004-0053.json +++ b/2004/0xxx/CVE-2004-0053.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0053", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use fields that use RFC2047 encoding, which may be interpreted differently by mail clients." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040914 Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109520704408739&w=2" - }, - { - "name" : "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm", - "refsource" : "MISC", - "url" : "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm" - }, - { - "name" : "mime-rfc2047-filtering-bypass(17331)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17331" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use fields that use RFC2047 encoding, which may be interpreted differently by mail clients." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm", + "refsource": "MISC", + "url": "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm" + }, + { + "name": "mime-rfc2047-filtering-bypass(17331)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17331" + }, + { + "name": "20040914 Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109520704408739&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0067.json b/2004/0xxx/CVE-2004-0067.json index dae2a5979e1..e9440dea67b 100644 --- a/2004/0xxx/CVE-2004-0067.json +++ b/2004/0xxx/CVE-2004-0067.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0067", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0067", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040112 More phpGedView Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107394912715478&w=2" - }, - { - "name" : "20070827 PhpGedView login page multiple XSS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/477881/100/0/threaded" - }, - { - "name" : "11868", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11868" - }, - { - "name" : "11880", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11880" - }, - { - "name" : "11882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11882" - }, - { - "name" : "11888", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11888" - }, - { - "name" : "11890", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11890" - }, - { - "name" : "11891", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11891" - }, - { - "name" : "11894", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11894" - }, - { - "name" : "11903", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11903" - }, - { - "name" : "11904", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11904" - }, - { - "name" : "11905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11905" - }, - { - "name" : "11906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11906" - }, - { - "name" : "11907", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11907" - }, - { - "name" : "ADV-2007-2995", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/2995" - }, - { - "name" : "3473", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3473" - }, - { - "name" : "3474", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3474" - }, - { - "name" : "3475", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3475" - }, - { - "name" : "3476", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3476" - }, - { - "name" : "3477", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3477" - }, - { - "name" : "3478", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3478" - }, - { - "name" : "3479", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3479" - }, - { - "name" : "1018613", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1018613" - }, - { - "name" : "26628", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/26628" - }, - { - "name" : "phpgedview-login-xss(36285)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36285" - }, - { - "name" : "phpgedview-multiple-xss(14212)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11891", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11891" + }, + { + "name": "3473", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3473" + }, + { + "name": "26628", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/26628" + }, + { + "name": "3478", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3478" + }, + { + "name": "phpgedview-multiple-xss(14212)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14212" + }, + { + "name": "11904", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11904" + }, + { + "name": "ADV-2007-2995", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/2995" + }, + { + "name": "phpgedview-login-xss(36285)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36285" + }, + { + "name": "11903", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11903" + }, + { + "name": "1018613", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1018613" + }, + { + "name": "11888", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11888" + }, + { + "name": "3476", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3476" + }, + { + "name": "11905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11905" + }, + { + "name": "3475", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3475" + }, + { + "name": "3477", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3477" + }, + { + "name": "11907", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11907" + }, + { + "name": "3479", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3479" + }, + { + "name": "11882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11882" + }, + { + "name": "11906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11906" + }, + { + "name": "11880", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11880" + }, + { + "name": "3474", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3474" + }, + { + "name": "11890", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11890" + }, + { + "name": "11894", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11894" + }, + { + "name": "20040112 More phpGedView Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107394912715478&w=2" + }, + { + "name": "11868", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11868" + }, + { + "name": "20070827 PhpGedView login page multiple XSS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/477881/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0538.json b/2004/0xxx/CVE-2004-0538.json index b05d69c85ec..a1ea48c0323 100644 --- a/2004/0xxx/CVE-2004-0538.json +++ b/2004/0xxx/CVE-2004-0538.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers and executes new applications, which could allow attackers to execute arbitrary code without warning the user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2004-06-07", - "refsource" : "APPLE", - "url" : "http://docs.info.apple.com/article.html?artnum=25785" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers and executes new applications, which could allow attackers to execute arbitrary code without warning the user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2004-06-07", + "refsource": "APPLE", + "url": "http://docs.info.apple.com/article.html?artnum=25785" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0626.json b/2004/0xxx/CVE-2004-0626.json index 4784bf7ca10..78432688344 100644 --- a/2004/0xxx/CVE-2004-0626.json +++ b/2004/0xxx/CVE-2004-0626.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040630 Remote DoS vulnerability in Linux kernel 2.6.x", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108861141304495&w=2" - }, - { - "name" : "CLA-2004:852", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852" - }, - { - "name" : "FEDORA-2004-202", - "refsource" : "FEDORA", - "url" : "http://lwn.net/Articles/91964/" - }, - { - "name" : "GLSA-200407-12", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200407-12.xml" - }, - { - "name" : "SUSE-SA:2004:020", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_20_kernel.html" - }, - { - "name" : "linux-tcpfindoption-dos(16554)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16554" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2004-202", + "refsource": "FEDORA", + "url": "http://lwn.net/Articles/91964/" + }, + { + "name": "GLSA-200407-12", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200407-12.xml" + }, + { + "name": "20040630 Remote DoS vulnerability in Linux kernel 2.6.x", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108861141304495&w=2" + }, + { + "name": "linux-tcpfindoption-dos(16554)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16554" + }, + { + "name": "CLA-2004:852", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852" + }, + { + "name": "SUSE-SA:2004:020", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_20_kernel.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1130.json b/2004/1xxx/CVE-2004-1130.json index 21cf0c0d409..71090b3a1f6 100644 --- a/2004/1xxx/CVE-2004-1130.json +++ b/2004/1xxx/CVE-2004-1130.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) name, or (3) comments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041124 [SIG^2 G-TEC] CMailServer WebMail v5.2 Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110137313329955&w=2" - }, - { - "name" : "http://www.security.org.sg/vuln/cmailserver52.html", - "refsource" : "MISC", - "url" : "http://www.security.org.sg/vuln/cmailserver52.html" - }, - { - "name" : "11742", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11742" - }, - { - "name" : "cmailserver-adminasp-xss(18280)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) name, or (3) comments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041124 [SIG^2 G-TEC] CMailServer WebMail v5.2 Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110137313329955&w=2" + }, + { + "name": "11742", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11742" + }, + { + "name": "http://www.security.org.sg/vuln/cmailserver52.html", + "refsource": "MISC", + "url": "http://www.security.org.sg/vuln/cmailserver52.html" + }, + { + "name": "cmailserver-adminasp-xss(18280)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18280" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1150.json b/2004/1xxx/CVE-2004-1150.json index 0936032101d..ccb60f782c6 100644 --- a/2004/1xxx/CVE-2004-1150.json +++ b/2004/1xxx/CVE-2004-1150.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050127 NSFOCUS SA2005-01 : Buffer Overflow in WinAMP in_cdda.dll CDA Device Name", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110684140108614&w=2" - }, - { - "name" : "http://www.nsfocus.com/english/homepage/research/0501.htm", - "refsource" : "MISC", - "url" : "http://www.nsfocus.com/english/homepage/research/0501.htm" - }, - { - "name" : "http://www.winamp.com/player/version_history.php", - "refsource" : "CONFIRM", - "url" : "http://www.winamp.com/player/version_history.php" - }, - { - "name" : "12381", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12381" - }, - { - "name" : "13781", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13781" - }, - { - "name" : "winamp-incdda-bo(18840)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18840" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "winamp-incdda-bo(18840)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18840" + }, + { + "name": "12381", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12381" + }, + { + "name": "13781", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13781" + }, + { + "name": "20050127 NSFOCUS SA2005-01 : Buffer Overflow in WinAMP in_cdda.dll CDA Device Name", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110684140108614&w=2" + }, + { + "name": "http://www.nsfocus.com/english/homepage/research/0501.htm", + "refsource": "MISC", + "url": "http://www.nsfocus.com/english/homepage/research/0501.htm" + }, + { + "name": "http://www.winamp.com/player/version_history.php", + "refsource": "CONFIRM", + "url": "http://www.winamp.com/player/version_history.php" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1945.json b/2004/1xxx/CVE-2004-1945.json index 59ee4a340fa..567140883af 100644 --- a/2004/1xxx/CVE-2004-1945.json +++ b/2004/1xxx/CVE-2004-1945.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to execute arbitrary code via a long MAIL FROM field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040419 Exchange pop3 remote exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108247921402458&w=2" - }, - { - "name" : "20040527 Re: Exchange pop3 remote exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108568462428096&w=2" - }, - { - "name" : "10180", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10180" - }, - { - "name" : "5593", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5593" - }, - { - "name" : "1009882", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009882" - }, - { - "name" : "11449", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11449" - }, - { - "name" : "exchange-pop3-smtp-bo(15922)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15922" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to execute arbitrary code via a long MAIL FROM field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5593", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5593" + }, + { + "name": "20040527 Re: Exchange pop3 remote exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108568462428096&w=2" + }, + { + "name": "10180", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10180" + }, + { + "name": "20040419 Exchange pop3 remote exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108247921402458&w=2" + }, + { + "name": "1009882", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009882" + }, + { + "name": "11449", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11449" + }, + { + "name": "exchange-pop3-smtp-bo(15922)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15922" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2077.json b/2004/2xxx/CVE-2004-2077.json index 4affdc6f4b9..45b61ad00db 100644 --- a/2004/2xxx/CVE-2004-2077.json +++ b/2004/2xxx/CVE-2004-2077.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 allows remote attackers to cause a denial of service (server crash) via malformed data to TCP port 2350, possibly due to long values or incorrect size fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040208 TrackMania Demo Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/353182" - }, - { - "name" : "20040209 Re: TrackMania Demo Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/353226" - }, - { - "name" : "20040208 TrackMania Demo Denial of Service", - "refsource" : "FULLDISC", - "url" : "http://lists.netsys.com/pipermail/full-disclosure/2004-February/016906.html" - }, - { - "name" : "http://www.securiteinfo.com/attaques/hacking/trackmaniados.shtml", - "refsource" : "MISC", - "url" : "http://www.securiteinfo.com/attaques/hacking/trackmaniados.shtml" - }, - { - "name" : "9604", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9604" - }, - { - "name" : "trackmania-dos(15081)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 allows remote attackers to cause a denial of service (server crash) via malformed data to TCP port 2350, possibly due to long values or incorrect size fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securiteinfo.com/attaques/hacking/trackmaniados.shtml", + "refsource": "MISC", + "url": "http://www.securiteinfo.com/attaques/hacking/trackmaniados.shtml" + }, + { + "name": "9604", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9604" + }, + { + "name": "20040208 TrackMania Demo Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/353182" + }, + { + "name": "trackmania-dos(15081)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15081" + }, + { + "name": "20040209 Re: TrackMania Demo Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/353226" + }, + { + "name": "20040208 TrackMania Demo Denial of Service", + "refsource": "FULLDISC", + "url": "http://lists.netsys.com/pipermail/full-disclosure/2004-February/016906.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2291.json b/2004/2xxx/CVE-2004-2291.json index e88c7543cab..58b49d2c5bf 100644 --- a/2004/2xxx/CVE-2004-2291.json +++ b/2004/2xxx/CVE-2004-2291.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040101 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/348688" - }, - { - "name" : "9335", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9335" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9335", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9335" + }, + { + "name": "20040101 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/348688" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2677.json b/2004/2xxx/CVE-2004-2677.json index 0996bb0a520..88ac7228ed2 100644 --- a/2004/2xxx/CVE-2004-2677.json +++ b/2004/2xxx/CVE-2004-2677.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20070218 qwik-smtpd format string", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/460600/100/0/threaded" - }, - { - "name" : "http://unl0ck.info/advisories/qwik-smtpd.txt", - "refsource" : "MISC", - "url" : "http://unl0ck.info/advisories/qwik-smtpd.txt" - }, - { - "name" : "http://qwikmail.sourceforge.net/smtpd/qwik-smtpd-0.3.patch", - "refsource" : "CONFIRM", - "url" : "http://qwikmail.sourceforge.net/smtpd/qwik-smtpd-0.3.patch" - }, - { - "name" : "11572", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11572" - }, - { - "name" : "ADV-2007-0687", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2007/0687" - }, - { - "name" : "1012016", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012016" - }, - { - "name" : "13037", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13037" - }, - { - "name" : "qwik-smtpd-format-string(17917)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11572", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11572" + }, + { + "name": "1012016", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012016" + }, + { + "name": "http://unl0ck.info/advisories/qwik-smtpd.txt", + "refsource": "MISC", + "url": "http://unl0ck.info/advisories/qwik-smtpd.txt" + }, + { + "name": "13037", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13037" + }, + { + "name": "qwik-smtpd-format-string(17917)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17917" + }, + { + "name": "ADV-2007-0687", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2007/0687" + }, + { + "name": "http://qwikmail.sourceforge.net/smtpd/qwik-smtpd-0.3.patch", + "refsource": "CONFIRM", + "url": "http://qwikmail.sourceforge.net/smtpd/qwik-smtpd-0.3.patch" + }, + { + "name": "20070218 qwik-smtpd format string", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/460600/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2485.json b/2008/2xxx/CVE-2008-2485.json index 8b95b67715c..d90a424236e 100644 --- a/2008/2xxx/CVE-2008-2485.json +++ b/2008/2xxx/CVE-2008-2485.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the URL redirection script (inc/url_redirection.inc.php) in PCPIN Chat before 6.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080524 PCPIN Chat 6: potential XSS vulnerability in URL redirection script", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492563/100/0/threaded" - }, - { - "name" : "http://community.pcpin.com/?include=700&thread_id=6918", - "refsource" : "CONFIRM", - "url" : "http://community.pcpin.com/?include=700&thread_id=6918" - }, - { - "name" : "29363", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29363" - }, - { - "name" : "30371", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30371" - }, - { - "name" : "pcpinchat-urlredirection-xss(42627)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the URL redirection script (inc/url_redirection.inc.php) in PCPIN Chat before 6.11 allows remote attackers to inject arbitrary web script or HTML via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30371", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30371" + }, + { + "name": "pcpinchat-urlredirection-xss(42627)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42627" + }, + { + "name": "29363", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29363" + }, + { + "name": "20080524 PCPIN Chat 6: potential XSS vulnerability in URL redirection script", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492563/100/0/threaded" + }, + { + "name": "http://community.pcpin.com/?include=700&thread_id=6918", + "refsource": "CONFIRM", + "url": "http://community.pcpin.com/?include=700&thread_id=6918" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2593.json b/2008/2xxx/CVE-2008-2593.json index d42da9b0f4f..215e31d9c32 100644 --- a/2008/2xxx/CVE-2008-2593.json +++ b/2008/2xxx/CVE-2008-2593.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2593", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2594." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2593", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "ADV-2008-2115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2115" - }, - { - "name" : "ADV-2008-2109", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2109/references" - }, - { - "name" : "1020494", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020494" - }, - { - "name" : "31113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31113" - }, - { - "name" : "31087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2594." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" + }, + { + "name": "ADV-2008-2115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2115" + }, + { + "name": "1020494", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020494" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "ADV-2008-2109", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2109/references" + }, + { + "name": "31087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31087" + }, + { + "name": "31113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31113" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2824.json b/2008/2xxx/CVE-2008-2824.json index 6610020e1b2..ad02f19383f 100644 --- a/2008/2xxx/CVE-2008-2824.json +++ b/2008/2xxx/CVE-2008-2824.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2824", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2824", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX08_006.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX08_006.pdf" - }, - { - "name" : "29691", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29691" - }, - { - "name" : "ADV-2008-1831", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1831/references" - }, - { - "name" : "1020281", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020281" - }, - { - "name" : "30670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30670" - }, - { - "name" : "workcentre-webservices-security-bypass(43059)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Extensible Interface Platform in Web Services in Xerox WorkCentre 7655, 7665, and 7675 allows remote attackers to make configuration changes via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30670" + }, + { + "name": "workcentre-webservices-security-bypass(43059)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43059" + }, + { + "name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX08_006.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX08_006.pdf" + }, + { + "name": "29691", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29691" + }, + { + "name": "ADV-2008-1831", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1831/references" + }, + { + "name": "1020281", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020281" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6031.json b/2008/6xxx/CVE-2008-6031.json index 63576cd80b3..2bd58282215 100644 --- a/2008/6xxx/CVE-2008-6031.json +++ b/2008/6xxx/CVE-2008-6031.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in vote.php in WSN Links 2.22 and 2.23 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it was later reported that 2.34 is also vulnerable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6524", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6524" - }, - { - "name" : "31305", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in vote.php in WSN Links 2.22 and 2.23 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it was later reported that 2.34 is also vulnerable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6524", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6524" + }, + { + "name": "31305", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31305" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6036.json b/2008/6xxx/CVE-2008-6036.json index 83febf1b969..90ad8868edf 100644 --- a/2008/6xxx/CVE-2008-6036.json +++ b/2008/6xxx/CVE-2008-6036.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mj_config[src_path] parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6533", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6533" - }, - { - "name" : "31330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31330" - }, - { - "name" : "31947", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31947" - }, - { - "name" : "ADV-2008-2653", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2653" - }, - { - "name" : "basebuilder-maininc-file-include(45337)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45337" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mj_config[src_path] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31330" + }, + { + "name": "ADV-2008-2653", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2653" + }, + { + "name": "31947", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31947" + }, + { + "name": "basebuilder-maininc-file-include(45337)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45337" + }, + { + "name": "6533", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6533" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6389.json b/2008/6xxx/CVE-2008-6389.json index 9a680f09be4..4b9636196fc 100644 --- a/2008/6xxx/CVE-2008-6389.json +++ b/2008/6xxx/CVE-2008-6389.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7333", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7333" - }, - { - "name" : "32616", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32616" - }, - { - "name" : "32988", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32988" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32616", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32616" + }, + { + "name": "7333", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7333" + }, + { + "name": "32988", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32988" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6638.json b/2008/6xxx/CVE-2008-6638.json index f9f304dd0ad..b63bdd33f41 100644 --- a/2008/6xxx/CVE-2008-6638.json +++ b/2008/6xxx/CVE-2008-6638.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insecure method vulnerability in the Versalsoft HTTP Image Uploader ActiveX control (UUploaderSvrD.dll 6.0.0.35) allows remote attackers to delete arbitrary files via the RemoveFileOrDir method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5569", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5569" - }, - { - "name" : "5272", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5272" - }, - { - "name" : "28301", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28301" - }, - { - "name" : "httpfileupload-activex-file-delete(41258)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41258" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insecure method vulnerability in the Versalsoft HTTP Image Uploader ActiveX control (UUploaderSvrD.dll 6.0.0.35) allows remote attackers to delete arbitrary files via the RemoveFileOrDir method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5569", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5569" + }, + { + "name": "5272", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5272" + }, + { + "name": "28301", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28301" + }, + { + "name": "httpfileupload-activex-file-delete(41258)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41258" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7212.json b/2008/7xxx/CVE-2008-7212.json index 4cbbe5edd65..f108abd8216 100644 --- a/2008/7xxx/CVE-2008-7212.json +++ b/2008/7xxx/CVE-2008-7212.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/487128/100/200/threaded" - }, - { - "name" : "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html" - }, - { - "name" : "http://www.bugreport.ir/index_33.htm", - "refsource" : "MISC", - "url" : "http://www.bugreport.ir/index_33.htm" - }, - { - "name" : "http://forum.mambo-foundation.org/showthread.php?t=10158", - "refsource" : "CONFIRM", - "url" : "http://forum.mambo-foundation.org/showthread.php?t=10158" - }, - { - "name" : "42529", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/42529" - }, - { - "name" : "28670", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/28670" - }, - { - "name" : "ADV-2008-0325", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/0325" - }, - { - "name" : "mambo-mostlyce-connector-path-disclosure(39983)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39983" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-0325", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/0325" + }, + { + "name": "mambo-mostlyce-connector-path-disclosure(39983)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39983" + }, + { + "name": "20080227 Re: Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html" + }, + { + "name": "28670", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/28670" + }, + { + "name": "http://forum.mambo-foundation.org/showthread.php?t=10158", + "refsource": "CONFIRM", + "url": "http://forum.mambo-foundation.org/showthread.php?t=10158" + }, + { + "name": "20080128 Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/487128/100/200/threaded" + }, + { + "name": "http://www.bugreport.ir/index_33.htm", + "refsource": "MISC", + "url": "http://www.bugreport.ir/index_33.htm" + }, + { + "name": "42529", + "refsource": "OSVDB", + "url": "http://osvdb.org/42529" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5377.json b/2012/5xxx/CVE-2012-5377.json index ed4c70d193c..16a9435add8 100644 --- a/2012/5xxx/CVE-2012-5377.json +++ b/2012/5xxx/CVE-2012-5377.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\\Perl\\Site\\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the \"IKE and AuthIP IPsec Keying Modules\" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB23108", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23108" - }, - { - "name" : "86177", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\\Perl\\Site\\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the \"IKE and AuthIP IPsec Keying Modules\" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "86177", + "refsource": "OSVDB", + "url": "http://osvdb.org/86177" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23108", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23108" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5778.json b/2012/5xxx/CVE-2012-5778.json index 84d93d9c121..6484084e538 100644 --- a/2012/5xxx/CVE-2012-5778.json +++ b/2012/5xxx/CVE-2012-5778.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5778", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5778", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11397.json b/2017/11xxx/CVE-2017-11397.json index 3a5b62f8178..2488452ea2b 100644 --- a/2017/11xxx/CVE-2017-11397.json +++ b/2017/11xxx/CVE-2017-11397.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2017-11397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Encryption for Email", - "version" : { - "version_data" : [ - { - "version_value" : "5.6" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OTHER - DLL Preloacding vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2017-11397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Encryption for Email", + "version": { + "version_data": [ + { + "version_value": "5.6" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fortiguard.com/zeroday/FG-VD-17-079", - "refsource" : "MISC", - "url" : "https://fortiguard.com/zeroday/FG-VD-17-079" - }, - { - "name" : "https://success.trendmicro.com/solution/1118796", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1118796" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A service DLL preloading vulnerability in Trend Micro Encryption for Email versions 5.6 and below could allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OTHER - DLL Preloacding vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://success.trendmicro.com/solution/1118796", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1118796" + }, + { + "name": "https://fortiguard.com/zeroday/FG-VD-17-079", + "refsource": "MISC", + "url": "https://fortiguard.com/zeroday/FG-VD-17-079" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11426.json b/2017/11xxx/CVE-2017-11426.json index f47c83f0aa6..e7c0ce1bc42 100644 --- a/2017/11xxx/CVE-2017-11426.json +++ b/2017/11xxx/CVE-2017-11426.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11426", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11426", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15211.json b/2017/15xxx/CVE-2017-15211.json index 4b63a16d90b..0a0bc774505 100644 --- a/2017/15xxx/CVE-2017-15211.json +++ b/2017/15xxx/CVE-2017-15211.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/10/04/9", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/10/04/9" - }, - { - "name" : "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0", - "refsource" : "MISC", - "url" : "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0" - }, - { - "name" : "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524", - "refsource" : "MISC", - "url" : "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524" - }, - { - "name" : "https://kanboard.net/news/version-1.0.47", - "refsource" : "MISC", - "url" : "https://kanboard.net/news/version-1.0.47" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0", + "refsource": "MISC", + "url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/10/04/9", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/10/04/9" + }, + { + "name": "https://kanboard.net/news/version-1.0.47", + "refsource": "MISC", + "url": "https://kanboard.net/news/version-1.0.47" + }, + { + "name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524", + "refsource": "MISC", + "url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15844.json b/2017/15xxx/CVE-2017-15844.json index 608974856bc..f5bdf30c1a8 100644 --- a/2017/15xxx/CVE-2017-15844.json +++ b/2017/15xxx/CVE-2017-15844.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-15844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the function for writing device values into flash, uninitialized memory can be written to flash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Over-read in Boot" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-15844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=19622514c69e798d91e7908090b3d79dfdb14715", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=19622514c69e798d91e7908090b3d79dfdb14715" - }, - { - "name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", - "refsource" : "CONFIRM", - "url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the function for writing device values into flash, uninitialized memory can be written to flash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Over-read in Boot" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=19622514c69e798d91e7908090b3d79dfdb14715", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=19622514c69e798d91e7908090b3d79dfdb14715" + }, + { + "name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", + "refsource": "CONFIRM", + "url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3388.json b/2017/3xxx/CVE-2017-3388.json index 42d5913068f..8df3221962c 100644 --- a/2017/3xxx/CVE-2017-3388.json +++ b/2017/3xxx/CVE-2017-3388.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3388", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advanced Outbound Telephony", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advanced Outbound Telephony", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95531" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3434.json b/2017/3xxx/CVE-2017-3434.json index fcdf7c42311..3d8ceba5b2b 100644 --- a/2017/3xxx/CVE-2017-3434.json +++ b/2017/3xxx/CVE-2017-3434.json @@ -1,76 +1,76 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "One-to-One Fulfillment", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.1.2" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Audience workbench). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle One-to-One Fulfillment accessible data as well as unauthorized read access to a subset of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle One-to-One Fulfillment accessible data as well as unauthorized read access to a subset of Oracle One-to-One Fulfillment accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "One-to-One Fulfillment", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.1" + }, + { + "version_affected": "=", + "version_value": "12.1.2" + }, + { + "version_affected": "=", + "version_value": "12.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "98054", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Audience workbench). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle One-to-One Fulfillment accessible data as well as unauthorized read access to a subset of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle One-to-One Fulfillment accessible data as well as unauthorized read access to a subset of Oracle One-to-One Fulfillment accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "98054", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98054" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3796.json b/2017/3xxx/CVE-2017-3796.json index cfd8585cc8a..c2911e14e28 100644 --- a/2017/3xxx/CVE-2017-3796.json +++ b/2017/3xxx/CVE-2017-3796.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco WebEx Meetings Server 2.6", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco WebEx Meetings Server 2.6" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco WebEx Meetings Server 2.6", + "version": { + "version_data": [ + { + "version_value": "Cisco WebEx Meetings Server 2.6" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms2", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms2" - }, - { - "name" : "95641", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95641" - }, - { - "name" : "1037651", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037651" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037651", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037651" + }, + { + "name": "95641", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95641" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms2", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms2" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8226.json b/2017/8xxx/CVE-2017-8226.json index c6b1ef764f5..a20be3bdc21 100644 --- a/2017/8xxx/CVE-2017-8226.json +++ b/2017/8xxx/CVE-2017-8226.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8226", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8226", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8315.json b/2017/8xxx/CVE-2017-8315.json index bac54cfc369..f5f8a048b6a 100644 --- a/2017/8xxx/CVE-2017-8315.json +++ b/2017/8xxx/CVE-2017-8315.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@checkpoint.com", - "DATE_PUBLIC" : "2017-12-04T00:00:00", - "ID" : "CVE-2017-8315", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Eclipse", - "version" : { - "version_data" : [ - { - "version_value" : "All version lower or equal to 2017.2.5" - } - ] - } - } - ] - }, - "vendor_name" : "Check Point Software Technologies Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Local Privilege Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "cve@checkpoint.com", + "DATE_PUBLIC": "2017-12-04T00:00:00", + "ID": "CVE-2017-8315", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Eclipse", + "version": { + "version_data": [ + { + "version_value": "All version lower or equal to 2017.2.5" + } + ] + } + } + ] + }, + "vendor_name": "Check Point Software Technologies Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/", - "refsource" : "MISC", - "url" : "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/" - }, - { - "name" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169", - "refsource" : "CONFIRM", - "url" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169", + "refsource": "CONFIRM", + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169" + }, + { + "name": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/", + "refsource": "MISC", + "url": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8320.json b/2017/8xxx/CVE-2017-8320.json index 12fd9f19003..cad2534c963 100644 --- a/2017/8xxx/CVE-2017-8320.json +++ b/2017/8xxx/CVE-2017-8320.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8320", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8320", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8433.json b/2017/8xxx/CVE-2017-8433.json index 3932239313f..9cd5d7b2413 100644 --- a/2017/8xxx/CVE-2017-8433.json +++ b/2017/8xxx/CVE-2017-8433.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8433", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8433", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8450.json b/2017/8xxx/CVE-2017-8450.json index 6c3b4e9e53b..21a8b85d7a8 100644 --- a/2017/8xxx/CVE-2017-8450.json +++ b/2017/8xxx/CVE-2017-8450.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@elastic.co", - "ID" : "CVE-2017-8450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Elastic X-Pack Security", - "version" : { - "version_data" : [ - { - "version_value" : "5.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Elastic" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "X-Pack 5.1.1 did not properly apply document and field level security to multi-search and multi-get requests so users without access to a document and/or field may have been able to access this information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-732: Incorrect Permission Assignment for Critical Resource" - } + "CVE_data_meta": { + "ASSIGNER": "security@elastic.co", + "ID": "CVE-2017-8450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Elastic X-Pack Security", + "version": { + "version_data": [ + { + "version_value": "5.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Elastic" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.elastic.co/community/security", - "refsource" : "CONFIRM", - "url" : "https://www.elastic.co/community/security" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "X-Pack 5.1.1 did not properly apply document and field level security to multi-search and multi-get requests so users without access to a document and/or field may have been able to access this information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732: Incorrect Permission Assignment for Critical Resource" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.elastic.co/community/security", + "refsource": "CONFIRM", + "url": "https://www.elastic.co/community/security" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8638.json b/2017/8xxx/CVE-2017-8638.json index 4dc20b1dc09..41c1bf18a9a 100644 --- a/2017/8xxx/CVE-2017-8638.json +++ b/2017/8xxx/CVE-2017-8638.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-8638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Scripting Engine", - "version" : { - "version_data" : [ - { - "version_value" : "Windows 10 1703." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-8638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Scripting Engine", + "version": { + "version_data": [ + { + "version_value": "Windows 10 1703." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8638", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8638" - }, - { - "name" : "100049", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100049" - }, - { - "name" : "1039095", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039095" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8638", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8638" + }, + { + "name": "100049", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100049" + }, + { + "name": "1039095", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039095" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12243.json b/2018/12xxx/CVE-2018-12243.json index 78efcbedde1..81423f22dfb 100644 --- a/2018/12xxx/CVE-2018-12243.json +++ b/2018/12xxx/CVE-2018-12243.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@symantec.com", - "DATE_PUBLIC" : "2018-09-12T00:00:00", - "ID" : "CVE-2018-12243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Symantec Messaging Gateway", - "version" : { - "version_data" : [ - { - "version_value" : "Prior to 10.6.6" - } - ] - } - } - ] - }, - "vendor_name" : "Symantec Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XXE" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "DATE_PUBLIC": "2018-09-12T00:00:00", + "ID": "CVE-2018-12243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Symantec Messaging Gateway", + "version": { + "version_data": [ + { + "version_value": "Prior to 10.6.6" + } + ] + } + } + ] + }, + "vendor_name": "Symantec Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.symantec.com/en_US/article.SYMSA1461.html", - "refsource" : "CONFIRM", - "url" : "https://support.symantec.com/en_US/article.SYMSA1461.html" - }, - { - "name" : "105330", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105330" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XXE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.symantec.com/en_US/article.SYMSA1461.html", + "refsource": "CONFIRM", + "url": "https://support.symantec.com/en_US/article.SYMSA1461.html" + }, + { + "name": "105330", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105330" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12285.json b/2018/12xxx/CVE-2018-12285.json index 68bc75dc8c5..2cfdaea9b5f 100644 --- a/2018/12xxx/CVE-2018-12285.json +++ b/2018/12xxx/CVE-2018-12285.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12285", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12285", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12796.json b/2018/12xxx/CVE-2018-12796.json index 4bb772406c5..bf61cd357bc 100644 --- a/2018/12xxx/CVE-2018-12796.json +++ b/2018/12xxx/CVE-2018-12796.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" - }, - { - "name" : "104701", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104701" - }, - { - "name" : "1041250", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041250" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" + }, + { + "name": "1041250", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041250" + }, + { + "name": "104701", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104701" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13008.json b/2018/13xxx/CVE-2018-13008.json index 434384c0695..a4339b2cb39 100644 --- a/2018/13xxx/CVE-2018-13008.json +++ b/2018/13xxx/CVE-2018-13008.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13008", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for a positive nest_level." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/gopro/gpmf-parser/issues/29", - "refsource" : "MISC", - "url" : "https://github.com/gopro/gpmf-parser/issues/29" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for a positive nest_level." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/gopro/gpmf-parser/issues/29", + "refsource": "MISC", + "url": "https://github.com/gopro/gpmf-parser/issues/29" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16158.json b/2018/16xxx/CVE-2018-16158.json index 8532462dd58..52d63749e76 100644 --- a/2018/16xxx/CVE-2018-16158.json +++ b/2018/16xxx/CVE-2018-16158.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/PXM-Advisory.pdf", - "refsource" : "MISC", - "url" : "http://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/PXM-Advisory.pdf" - }, - { - "name" : "https://www.ctrlu.net/vuln/0006.html", - "refsource" : "MISC", - "url" : "https://www.ctrlu.net/vuln/0006.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins (to uid 0) via the PubkeyAuthentication option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ctrlu.net/vuln/0006.html", + "refsource": "MISC", + "url": "https://www.ctrlu.net/vuln/0006.html" + }, + { + "name": "http://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/PXM-Advisory.pdf", + "refsource": "MISC", + "url": "http://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/PXM-Advisory.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16306.json b/2018/16xxx/CVE-2018-16306.json index e2cfacbb3ae..7e2d626401b 100644 --- a/2018/16xxx/CVE-2018-16306.json +++ b/2018/16xxx/CVE-2018-16306.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16306", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16306", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16726.json b/2018/16xxx/CVE-2018-16726.json index 8fbcd521e24..fad0536e835 100644 --- a/2018/16xxx/CVE-2018-16726.json +++ b/2018/16xxx/CVE-2018-16726.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/smiffy6969/razorCMS/issues/52", - "refsource" : "MISC", - "url" : "https://github.com/smiffy6969/razorCMS/issues/52" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/smiffy6969/razorCMS/issues/52", + "refsource": "MISC", + "url": "https://github.com/smiffy6969/razorCMS/issues/52" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16736.json b/2018/16xxx/CVE-2018-16736.json index cce3e881bf6..f25e7c477ee 100644 --- a/2018/16xxx/CVE-2018-16736.json +++ b/2018/16xxx/CVE-2018-16736.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45437", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45437/" - }, - { - "name" : "https://github.com/eagle00789/RC_Filters/issues/19", - "refsource" : "MISC", - "url" : "https://github.com/eagle00789/RC_Filters/issues/19" - }, - { - "name" : "https://github.com/roundcube/roundcubemail/issues/6437", - "refsource" : "MISC", - "url" : "https://github.com/roundcube/roundcubemail/issues/6437" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/roundcube/roundcubemail/issues/6437", + "refsource": "MISC", + "url": "https://github.com/roundcube/roundcubemail/issues/6437" + }, + { + "name": "https://github.com/eagle00789/RC_Filters/issues/19", + "refsource": "MISC", + "url": "https://github.com/eagle00789/RC_Filters/issues/19" + }, + { + "name": "45437", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45437/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16952.json b/2018/16xxx/CVE-2018-16952.json index 44587e0487a..1a15f4d5e04 100644 --- a/2018/16xxx/CVE-2018-16952.json +++ b/2018/16xxx/CVE-2018-16952.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16952", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal (such as changing a portal user's password). NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://seclists.org/fulldisclosure/2018/Sep/22", - "refsource" : "MISC", - "url" : "https://seclists.org/fulldisclosure/2018/Sep/22" - }, - { - "name" : "105350", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. The impact is sensitive actions in the portal (such as changing a portal user's password). NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://seclists.org/fulldisclosure/2018/Sep/22", + "refsource": "MISC", + "url": "https://seclists.org/fulldisclosure/2018/Sep/22" + }, + { + "name": "105350", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105350" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17211.json b/2018/17xxx/CVE-2018-17211.json index c901c3bbb7e..f7dbe52b4d1 100644 --- a/2018/17xxx/CVE-2018-17211.json +++ b/2018/17xxx/CVE-2018-17211.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17211", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17211", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17798.json b/2018/17xxx/CVE-2018-17798.json index 3502c643824..fa43656f0ed 100644 --- a/2018/17xxx/CVE-2018-17798.json +++ b/2018/17xxx/CVE-2018-17798.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/seedis/zzcms/blob/master/arbitrary_file_deletion2.md", - "refsource" : "MISC", - "url" : "https://github.com/seedis/zzcms/blob/master/arbitrary_file_deletion2.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/seedis/zzcms/blob/master/arbitrary_file_deletion2.md", + "refsource": "MISC", + "url": "https://github.com/seedis/zzcms/blob/master/arbitrary_file_deletion2.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17804.json b/2018/17xxx/CVE-2018-17804.json index 1fb2f16d3fa..994126563a6 100644 --- a/2018/17xxx/CVE-2018-17804.json +++ b/2018/17xxx/CVE-2018-17804.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17804", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17804", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5414.json b/2019/5xxx/CVE-2019-5414.json index e26fff68762..1557bc0dd9b 100644 --- a/2019/5xxx/CVE-2019-5414.json +++ b/2019/5xxx/CVE-2019-5414.json @@ -1,17 +1,59 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5414", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5414", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "kill-port", + "version": { + "version_data": [ + { + "version_value": "< 1.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": { + "lang": "eng", + "value": "Command Injection - Generic (CWE-77)" + } + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/389561", + "url": "https://hackerone.com/reports/389561" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2." } ] }