diff --git a/2003/0xxx/CVE-2003-0469.json b/2003/0xxx/CVE-2003-0469.json index 615a78d6585..81ded4cf942 100644 --- a/2003/0xxx/CVE-2003-0469.json +++ b/2003/0xxx/CVE-2003-0469.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long \"align\" argument in an HR tag." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030622 Internet Explorer >=5.0 : Buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105639925122961&w=2" - }, - { - "name" : "20030625 Re: Internet Explorer >=5.0 : Buffer overflow", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/006067.html" - }, - { - "name" : "20030701 PoC for Internet Explorer >=5.0 buffer overflow (trivial exploit for hard case).", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006155.html" - }, - { - "name" : "MS03-023", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-023" - }, - { - "name" : "CA-2003-14", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2003-14.html" - }, - { - "name" : "VU#823260", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/823260" - }, - { - "name" : "8016", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8016" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long \"align\" argument in an HR tag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030622 Internet Explorer >=5.0 : Buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105639925122961&w=2" + }, + { + "name": "CA-2003-14", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2003-14.html" + }, + { + "name": "20030625 Re: Internet Explorer >=5.0 : Buffer overflow", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/006067.html" + }, + { + "name": "8016", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8016" + }, + { + "name": "VU#823260", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/823260" + }, + { + "name": "MS03-023", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-023" + }, + { + "name": "20030701 PoC for Internet Explorer >=5.0 buffer overflow (trivial exploit for hard case).", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006155.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1152.json b/2003/1xxx/CVE-2003-1152.json index 40e5634d828..72509ac59b0 100644 --- a/2003/1xxx/CVE-2003-1152.json +++ b/2003/1xxx/CVE-2003-1152.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1152", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebTide 7.04 allows remote attackers to list arbitrary directories via an HTTP request for %3f.jsp (encoded \"?\")." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1152", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031028 STG Security Advisory: [SSA-20031025-05] InfronTech WebTide 7.04 Directory and File Disclosure Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012811.html" - }, - { - "name" : "8909", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8909" - }, - { - "name" : "2719", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2719" - }, - { - "name" : "1008016", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008016" - }, - { - "name" : "10078", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10078" - }, - { - "name" : "webtide-file-disclosure(13533)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13533" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebTide 7.04 allows remote attackers to list arbitrary directories via an HTTP request for %3f.jsp (encoded \"?\")." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8909", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8909" + }, + { + "name": "20031028 STG Security Advisory: [SSA-20031025-05] InfronTech WebTide 7.04 Directory and File Disclosure Vulnerability", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012811.html" + }, + { + "name": "10078", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10078" + }, + { + "name": "1008016", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008016" + }, + { + "name": "2719", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2719" + }, + { + "name": "webtide-file-disclosure(13533)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13533" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1275.json b/2003/1xxx/CVE-2003-1275.json index ddf9f56ca62..4b0df067c05 100644 --- a/2003/1xxx/CVE-2003-1275.json +++ b/2003/1xxx/CVE-2003-1275.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030103 JS Bug makes it possible to deliberately crash Pocket PC IE", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0013.html" - }, - { - "name" : "6507", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6507" - }, - { - "name" : "pie-javascript-objectinnerhtml-dos(11004)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11004.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030103 JS Bug makes it possible to deliberately crash Pocket PC IE", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0013.html" + }, + { + "name": "6507", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6507" + }, + { + "name": "pie-javascript-objectinnerhtml-dos(11004)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11004.php" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1533.json b/2003/1xxx/CVE-2003-1533.json index 78afd7dcb29..b0edea28343 100644 --- a/2003/1xxx/CVE-2003-1533.json +++ b/2003/1xxx/CVE-2003-1533.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030113 phpPass (PHP)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/307224/30/26300/threaded" - }, - { - "name" : "6594", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6594" - }, - { - "name" : "1005948", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1005948" - }, - { - "name" : "3349", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3349" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3349", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3349" + }, + { + "name": "20030113 phpPass (PHP)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/307224/30/26300/threaded" + }, + { + "name": "1005948", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1005948" + }, + { + "name": "6594", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6594" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1602.json b/2003/1xxx/CVE-2003-1602.json index 16808da7288..762d0914bfc 100644 --- a/2003/1xxx/CVE-2003-1602.json +++ b/2003/1xxx/CVE-2003-1602.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1602", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1602", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0074.json b/2004/0xxx/CVE-2004-0074.json index 92701b8dcd1..e75e80e6146 100644 --- a/2004/0xxx/CVE-2004-0074.json +++ b/2004/0xxx/CVE-2004-0074.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via (1) a long LANG environment variable, or (2) a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040102 xsok local games exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107307407027259&w=2" - }, - { - "name" : "20040103 xsok local games exploit (2)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107332542918529&w=2" - }, - { - "name" : "9352", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9352" - }, - { - "name" : "9341", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9341" - }, - { - "name" : "xsok-lang-bo(14910)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14910" - }, - { - "name" : "xsok-long-xsokdir-bo(14906)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14906" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via (1) a long LANG environment variable, or (2) a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040103 xsok local games exploit (2)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107332542918529&w=2" + }, + { + "name": "9352", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9352" + }, + { + "name": "xsok-lang-bo(14910)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14910" + }, + { + "name": "20040102 xsok local games exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107307407027259&w=2" + }, + { + "name": "xsok-long-xsokdir-bo(14906)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14906" + }, + { + "name": "9341", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9341" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0172.json b/2004/0xxx/CVE-2004-0172.json index d4b296437ee..fad7e7e4427 100644 --- a/2004/0xxx/CVE-2004-0172.json +++ b/2004/0xxx/CVE-2004-0172.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0172", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the search_for_command function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename. NOTE: It is unclear whether there are any packages that install ltrace as a setuid program, so this candidate might be REJECTed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0172", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031008 ltrace bug", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011600.html" - }, - { - "name" : "20031008 ltrace bug", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011610.html" - }, - { - "name" : "8790", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8790" - }, - { - "name" : "1007896", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1007896" - }, - { - "name" : "ltrace-searchforcommand-bo(13389)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13389" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the search_for_command function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename. NOTE: It is unclear whether there are any packages that install ltrace as a setuid program, so this candidate might be REJECTed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031008 ltrace bug", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011610.html" + }, + { + "name": "1007896", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1007896" + }, + { + "name": "8790", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8790" + }, + { + "name": "ltrace-searchforcommand-bo(13389)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13389" + }, + { + "name": "20031008 ltrace bug", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011600.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0245.json b/2004/0xxx/CVE-2004-0245.json index 7d50a954466..d8ed198a6eb 100644 --- a/2004/0xxx/CVE-2004-0245.json +++ b/2004/0xxx/CVE-2004-0245.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Web Crossing 4.x and 5.x allows remote attackers to cause a denial of service (crash) by sending a HTTP POST request with a large or negative Content-Length, which causes an integer divide-by-zero." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040203 Web Crossing 4.x/5.x Denial of Service Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107586518120516&w=2" - }, - { - "name" : "9576", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9576" - }, - { - "name" : "webcrossing-contentlength-post-dos(15022)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15022" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Web Crossing 4.x and 5.x allows remote attackers to cause a denial of service (crash) by sending a HTTP POST request with a large or negative Content-Length, which causes an integer divide-by-zero." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webcrossing-contentlength-post-dos(15022)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15022" + }, + { + "name": "20040203 Web Crossing 4.x/5.x Denial of Service Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107586518120516&w=2" + }, + { + "name": "9576", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9576" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0726.json b/2004/0xxx/CVE-2004-0726.json index 8491c89e3ef..fad2c08c588 100644 --- a/2004/0xxx/CVE-2004-0726.json +++ b/2004/0xxx/CVE-2004-0726.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0726", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0726", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040711 Media Preview Script Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108965512912175&w=2" - }, - { - "name" : "10693", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10693" - }, - { - "name" : "win2k-media-code-execution(16704)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16704" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "win2k-media-code-execution(16704)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16704" + }, + { + "name": "10693", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10693" + }, + { + "name": "20040711 Media Preview Script Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108965512912175&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1529.json b/2004/1xxx/CVE-2004-1529.json index 6699d27c82a..aa066df9dab 100644 --- a/2004/1xxx/CVE-2004-1529.json +++ b/2004/1xxx/CVE-2004-1529.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary web script via the (1) type, (2) day, (3) month, or (4) year parameters in a Preview operation, or (5) event comments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041116 [waraxe-2004-SA#038 - Multiple vulnerabilities in Event Calendar module for PhpNuke]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110064626111756&w=2" - }, - { - "name" : "http://www.waraxe.us/index.php?modname=sa&id=38", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/index.php?modname=sa&id=38" - }, - { - "name" : "11693", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11693" - }, - { - "name" : "13213", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13213" - }, - { - "name" : "event-calendar-comment-xss(18107)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18107" - }, - { - "name" : "event-calendar-xss(18106)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary web script via the (1) type, (2) day, (3) month, or (4) year parameters in a Preview operation, or (5) event comments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11693", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11693" + }, + { + "name": "20041116 [waraxe-2004-SA#038 - Multiple vulnerabilities in Event Calendar module for PhpNuke]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110064626111756&w=2" + }, + { + "name": "http://www.waraxe.us/index.php?modname=sa&id=38", + "refsource": "MISC", + "url": "http://www.waraxe.us/index.php?modname=sa&id=38" + }, + { + "name": "13213", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13213" + }, + { + "name": "event-calendar-xss(18106)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18106" + }, + { + "name": "event-calendar-comment-xss(18107)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18107" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1780.json b/2004/1xxx/CVE-2004-1780.json index 8bb89df992c..56187693acc 100644 --- a/2004/1xxx/CVE-2004-1780.json +++ b/2004/1xxx/CVE-2004-1780.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Info Touch Surfnet kiosk allows local users to deposit extra time into Internet kiosk accounts via repeated authentication attempts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9347", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9347" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Info Touch Surfnet kiosk allows local users to deposit extra time into Internet kiosk accounts via repeated authentication attempts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9347", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9347" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2003.json b/2004/2xxx/CVE-2004-2003.json index ed0510d97f4..695ac3cb661 100644 --- a/2004/2xxx/CVE-2004-2003.json +++ b/2004/2xxx/CVE-2004-2003.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2003", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ssl_prcert function in the SSLway filter (sslway.c) for DeleGate 8.9.2 and earlier allows remote attackers to execute arbitrary code via a certificate with a long (1) subject or (2) issuer name field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040506 [0xbadc0ded #03] DeleGate (SSL-filter) <= 8.9.2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108386181021070&w=2" - }, - { - "name" : "10295", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10295" - }, - { - "name" : "5945", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5945" - }, - { - "name" : "11569", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11569" - }, - { - "name" : "delegate-sslway-bo(16078)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16078" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ssl_prcert function in the SSLway filter (sslway.c) for DeleGate 8.9.2 and earlier allows remote attackers to execute arbitrary code via a certificate with a long (1) subject or (2) issuer name field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11569", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11569" + }, + { + "name": "20040506 [0xbadc0ded #03] DeleGate (SSL-filter) <= 8.9.2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108386181021070&w=2" + }, + { + "name": "5945", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5945" + }, + { + "name": "10295", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10295" + }, + { + "name": "delegate-sslway-bo(16078)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16078" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2041.json b/2004/2xxx/CVE-2004-2041.json index 30f9195be00..694253ec568 100644 --- a/2004/2xxx/CVE-2004-2041.json +++ b/2004/2xxx/CVE-2004-2041.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2041", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2041", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108588043007224&w=2" - }, - { - "name" : "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=108586723116427&w=2" - }, - { - "name" : "http://www.waraxe.us/index.php?modname=sa&id=31", - "refsource" : "MISC", - "url" : "http://www.waraxe.us/index.php?modname=sa&id=31" - }, - { - "name" : "10436", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10436" - }, - { - "name" : "6530", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6530" - }, - { - "name" : "11740", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11740" - }, - { - "name" : "e107-secure-img-render-file-include(16282)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.waraxe.us/index.php?modname=sa&id=31", + "refsource": "MISC", + "url": "http://www.waraxe.us/index.php?modname=sa&id=31" + }, + { + "name": "10436", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10436" + }, + { + "name": "11740", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11740" + }, + { + "name": "6530", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6530" + }, + { + "name": "e107-secure-img-render-file-include(16282)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16282" + }, + { + "name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108588043007224&w=2" + }, + { + "name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=108586723116427&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2704.json b/2004/2xxx/CVE-2004-2704.json index f7a22694e2c..3e275ecbab1 100644 --- a/2004/2xxx/CVE-2004-2704.json +++ b/2004/2xxx/CVE-2004-2704.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2704", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) does not send the \"attachment\" parameter in the Content-Disposition field for attachments, which causes the attachment to be rendered inline by Internet Explorer when the victim clicks the download link, which facilitates cross-site scripting (XSS) and possibly other attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2704", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040824 Hastymail security update", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-08/0322.html" - }, - { - "name" : "http://hastymail.sourceforge.net/security.php", - "refsource" : "CONFIRM", - "url" : "http://hastymail.sourceforge.net/security.php" - }, - { - "name" : "11022", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11022" - }, - { - "name" : "9131", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/9131" - }, - { - "name" : "1011054", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011054" - }, - { - "name" : "12358", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12358" - }, - { - "name" : "hastymail-html-script-execution(17091)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) does not send the \"attachment\" parameter in the Content-Disposition field for attachments, which causes the attachment to be rendered inline by Internet Explorer when the victim clicks the download link, which facilitates cross-site scripting (XSS) and possibly other attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12358", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12358" + }, + { + "name": "11022", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11022" + }, + { + "name": "9131", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/9131" + }, + { + "name": "20040824 Hastymail security update", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-08/0322.html" + }, + { + "name": "http://hastymail.sourceforge.net/security.php", + "refsource": "CONFIRM", + "url": "http://hastymail.sourceforge.net/security.php" + }, + { + "name": "hastymail-html-script-execution(17091)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17091" + }, + { + "name": "1011054", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011054" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2761.json b/2004/2xxx/CVE-2004-2761.json index 764705b67cc..2d489ab00d9 100644 --- a/2004/2xxx/CVE-2004-2761.json +++ b/2004/2xxx/CVE-2004-2761.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081230 MD5 Considered Harmful Today: Creating a rogue CA certificate", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/499685/100/0/threaded" - }, - { - "name" : "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/", - "refsource" : "MISC", - "url" : "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/" - }, - { - "name" : "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx", - "refsource" : "MISC", - "url" : "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx" - }, - { - "name" : "http://www.doxpara.com/research/md5/md5_someday.pdf", - "refsource" : "MISC", - "url" : "http://www.doxpara.com/research/md5/md5_someday.pdf" - }, - { - "name" : "http://www.microsoft.com/technet/security/advisory/961509.mspx", - "refsource" : "MISC", - "url" : "http://www.microsoft.com/technet/security/advisory/961509.mspx" - }, - { - "name" : "http://www.phreedom.org/research/rogue-ca/", - "refsource" : "MISC", - "url" : "http://www.phreedom.org/research/rogue-ca/" - }, - { - "name" : "http://www.win.tue.nl/hashclash/SoftIntCodeSign/", - "refsource" : "MISC", - "url" : "http://www.win.tue.nl/hashclash/SoftIntCodeSign/" - }, - { - "name" : "http://www.win.tue.nl/hashclash/rogue-ca/", - "refsource" : "MISC", - "url" : "http://www.win.tue.nl/hashclash/rogue-ca/" - }, - { - "name" : "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php", - "refsource" : "MISC", - "url" : "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php" - }, - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=648886", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=648886" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03814en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03814en_us" - }, - { - "name" : "20090115 MD5 Hashes May Allow for Certificate Spoofing", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html" - }, - { - "name" : "FEDORA-2009-1276", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html" - }, - { - "name" : "RHSA-2010:0837", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0837.html" - }, - { - "name" : "RHSA-2010:0838", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2010-0838.html" - }, - { - "name" : "USN-740-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-740-1" - }, - { - "name" : "VU#836068", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/836068" - }, - { - "name" : "33065", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33065" - }, - { - "name" : "1024697", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1024697" - }, - { - "name" : "33826", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33826" - }, - { - "name" : "34281", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34281" - }, - { - "name" : "42181", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42181" - }, - { - "name" : "4866", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4866" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33065", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33065" + }, + { + "name": "RHSA-2010:0837", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0837.html" + }, + { + "name": "http://www.phreedom.org/research/rogue-ca/", + "refsource": "MISC", + "url": "http://www.phreedom.org/research/rogue-ca/" + }, + { + "name": "VU#836068", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/836068" + }, + { + "name": "4866", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4866" + }, + { + "name": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/", + "refsource": "MISC", + "url": "http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/" + }, + { + "name": "20090115 MD5 Hashes May Allow for Certificate Spoofing", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html" + }, + { + "name": "http://www.win.tue.nl/hashclash/SoftIntCodeSign/", + "refsource": "MISC", + "url": "http://www.win.tue.nl/hashclash/SoftIntCodeSign/" + }, + { + "name": "33826", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33826" + }, + { + "name": "34281", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34281" + }, + { + "name": "http://www.microsoft.com/technet/security/advisory/961509.mspx", + "refsource": "MISC", + "url": "http://www.microsoft.com/technet/security/advisory/961509.mspx" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03814en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03814en_us" + }, + { + "name": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx", + "refsource": "MISC", + "url": "http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx" + }, + { + "name": "http://www.doxpara.com/research/md5/md5_someday.pdf", + "refsource": "MISC", + "url": "http://www.doxpara.com/research/md5/md5_someday.pdf" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02" + }, + { + "name": "RHSA-2010:0838", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2010-0838.html" + }, + { + "name": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php", + "refsource": "MISC", + "url": "https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php" + }, + { + "name": "USN-740-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-740-1" + }, + { + "name": "1024697", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1024697" + }, + { + "name": "FEDORA-2009-1276", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888" + }, + { + "name": "20081230 MD5 Considered Harmful Today: Creating a rogue CA certificate", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/499685/100/0/threaded" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935" + }, + { + "name": "42181", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42181" + }, + { + "name": "http://www.win.tue.nl/hashclash/rogue-ca/", + "refsource": "MISC", + "url": "http://www.win.tue.nl/hashclash/rogue-ca/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=648886", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648886" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2080.json b/2008/2xxx/CVE-2008-2080.json index 3110962cfdd..724d4082c76 100644 --- a/2008/2xxx/CVE-2008-2080.json +++ b/2008/2xxx/CVE-2008-2080.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2080", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format (CDF) library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2080", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.coresecurity.com/?action=item&id=2260", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/?action=item&id=2260" - }, - { - "name" : "http://cdf.gsfc.nasa.gov/CDF32_buffer_overflow.html", - "refsource" : "CONFIRM", - "url" : "http://cdf.gsfc.nasa.gov/CDF32_buffer_overflow.html" - }, - { - "name" : "GLSA-200805-14", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200805-14.xml" - }, - { - "name" : "29045", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29045" - }, - { - "name" : "ADV-2008-1440", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1440/references" - }, - { - "name" : "1019965", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1019965" - }, - { - "name" : "30053", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30053" - }, - { - "name" : "30169", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30169" - }, - { - "name" : "cdf-read32s64-bo(42219)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format (CDF) library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cdf.gsfc.nasa.gov/CDF32_buffer_overflow.html", + "refsource": "CONFIRM", + "url": "http://cdf.gsfc.nasa.gov/CDF32_buffer_overflow.html" + }, + { + "name": "http://www.coresecurity.com/?action=item&id=2260", + "refsource": "MISC", + "url": "http://www.coresecurity.com/?action=item&id=2260" + }, + { + "name": "cdf-read32s64-bo(42219)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42219" + }, + { + "name": "ADV-2008-1440", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1440/references" + }, + { + "name": "1019965", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1019965" + }, + { + "name": "GLSA-200805-14", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200805-14.xml" + }, + { + "name": "29045", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29045" + }, + { + "name": "30053", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30053" + }, + { + "name": "30169", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30169" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2144.json b/2008/2xxx/CVE-2008-2144.json index ed4654dbae9..b864bac1cbf 100644 --- a/2008/2xxx/CVE-2008-2144.json +++ b/2008/2xxx/CVE-2008-2144.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Solaris print service for Sun Solaris 8, 9, and 10 allow remote attackers to cause a denial of service or execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-216.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-216.htm" - }, - { - "name" : "236884", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236884-1" - }, - { - "name" : "29135", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29135" - }, - { - "name" : "oval:org.mitre.oval:def:5269", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5269" - }, - { - "name" : "30473", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30473" - }, - { - "name" : "ADV-2008-1473", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1473/references" - }, - { - "name" : "1020003", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020003" - }, - { - "name" : "30184", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30184" - }, - { - "name" : "ADV-2008-1709", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1709/references" - }, - { - "name" : "solaris-print-code-execution(42322)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Solaris print service for Sun Solaris 8, 9, and 10 allow remote attackers to cause a denial of service or execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1473", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1473/references" + }, + { + "name": "solaris-print-code-execution(42322)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42322" + }, + { + "name": "236884", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-236884-1" + }, + { + "name": "30473", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30473" + }, + { + "name": "1020003", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020003" + }, + { + "name": "oval:org.mitre.oval:def:5269", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5269" + }, + { + "name": "30184", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30184" + }, + { + "name": "29135", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29135" + }, + { + "name": "ADV-2008-1709", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1709/references" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-216.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-216.htm" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2285.json b/2008/2xxx/CVE-2008-2285.json index 4c602e20635..1f758f0df53 100644 --- a/2008/2xxx/CVE-2008-2285.json +++ b/2008/2xxx/CVE-2008-2285.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "USN-612-5", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-612-5" - }, - { - "name" : "sshvulnkey-authorizedkeys-weak-security(42568)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42568" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-612-5", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-612-5" + }, + { + "name": "sshvulnkey-authorizedkeys-weak-security(42568)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42568" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2523.json b/2008/2xxx/CVE-2008-2523.json index bf6f86b3fe1..6f3ced6e92d 100644 --- a/2008/2xxx/CVE-2008-2523.json +++ b/2008/2xxx/CVE-2008-2523.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Autopatcher server plugin in RakNet before 3.23 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.jenkinssoftware.com/raknet/forum/index.php?topic=1787.0", - "refsource" : "CONFIRM", - "url" : "http://www.jenkinssoftware.com/raknet/forum/index.php?topic=1787.0" - }, - { - "name" : "29178", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29178" - }, - { - "name" : "30200", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30200" - }, - { - "name" : "raknet-autopatcher-sql-injection(42352)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42352" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Autopatcher server plugin in RakNet before 3.23 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30200", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30200" + }, + { + "name": "http://www.jenkinssoftware.com/raknet/forum/index.php?topic=1787.0", + "refsource": "CONFIRM", + "url": "http://www.jenkinssoftware.com/raknet/forum/index.php?topic=1787.0" + }, + { + "name": "29178", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29178" + }, + { + "name": "raknet-autopatcher-sql-injection(42352)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42352" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2565.json b/2008/2xxx/CVE-2008-2565.json index 7645150e768..fe9ed325da3 100644 --- a/2008/2xxx/CVE-2008-2565.json +++ b/2008/2xxx/CVE-2008-2565.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x-->", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504595/100/0/threaded" - }, - { - "name" : "5739", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5739" - }, - { - "name" : "9023", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/9023" - }, - { - "name" : "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html" - }, - { - "name" : "35511", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35511" - }, - { - "name" : "30540", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30540" - }, - { - "name" : "35590", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35590" - }, - { - "name" : "phpaddressbook-view-edit-sql-injection(42855)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42855" - }, - { - "name" : "phpaddressbook-viewphp-sql-injection(99622)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99622" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35511", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35511" + }, + { + "name": "35590", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35590" + }, + { + "name": "30540", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30540" + }, + { + "name": "5739", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5739" + }, + { + "name": "phpaddressbook-view-edit-sql-injection(42855)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42855" + }, + { + "name": "phpaddressbook-viewphp-sql-injection(99622)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99622" + }, + { + "name": "9023", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/9023" + }, + { + "name": "20090626 MULTIPLE SQL INJECTION VULNERABILITIES --PHP-AddressBook v-4.0.x-->", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504595/100/0/threaded" + }, + { + "name": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6365.json b/2008/6xxx/CVE-2008-6365.json index 6015c090f8e..b1194a93762 100644 --- a/2008/6xxx/CVE-2008-6365.json +++ b/2008/6xxx/CVE-2008-6365.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6365", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad Management Software Java allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, related to the uname or pass parameters to logon.jsp or logon_processing.jsp. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6365", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7424", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7424" - }, - { - "name" : "32790", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32790" - }, - { - "name" : "33072", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33072" - }, - { - "name" : "admanagement-logon-sql-injection(47282)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad Management Software Java allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, related to the uname or pass parameters to logon.jsp or logon_processing.jsp. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "admanagement-logon-sql-injection(47282)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47282" + }, + { + "name": "33072", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33072" + }, + { + "name": "7424", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7424" + }, + { + "name": "32790", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32790" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6413.json b/2008/6xxx/CVE-2008-6413.json index 21271f84875..09e1f50c80f 100644 --- a/2008/6xxx/CVE-2008-6413.json +++ b/2008/6xxx/CVE-2008-6413.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6413", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x-dev and possibly other 5.x versions, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a Simple Answer to a question." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080912 Drupal Answers Module Contains XSS Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2008/Sep/0202.html" - }, - { - "name" : "http://drupal.org/node/310223", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/310223" - }, - { - "name" : "31146", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31146" - }, - { - "name" : "ADV-2008-2620", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2620" - }, - { - "name" : "answers-answer-xss(45112)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45112" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x-dev and possibly other 5.x versions, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a Simple Answer to a question." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31146", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31146" + }, + { + "name": "http://drupal.org/node/310223", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/310223" + }, + { + "name": "answers-answer-xss(45112)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45112" + }, + { + "name": "ADV-2008-2620", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2620" + }, + { + "name": "20080912 Drupal Answers Module Contains XSS Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2008/Sep/0202.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6832.json b/2008/6xxx/CVE-2008-6832.json index 619c176138c..0aa09fced41 100644 --- a/2008/6xxx/CVE-2008-6832.json +++ b/2008/6xxx/CVE-2008-6832.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6832", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Enterprise Edition 3.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "31967", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31967" - }, - { - "name" : "49417", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49417" - }, - { - "name" : "32113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32113" - }, - { - "name" : "jira-unspecified-csrf(46169)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA Enterprise Edition 3.13 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "jira-unspecified-csrf(46169)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46169" + }, + { + "name": "31967", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31967" + }, + { + "name": "49417", + "refsource": "OSVDB", + "url": "http://osvdb.org/49417" + }, + { + "name": "32113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32113" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1585.json b/2012/1xxx/CVE-2012-1585.json index 38715ec48de..75ef7dd0a91 100644 --- a/2012/1xxx/CVE-2012-1585.json +++ b/2012/1xxx/CVE-2012-1585.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Openstack] 20120329 [OSSA 2012-003] Long server names grow nova-api log files significantly (CVE-2012-1585)", - "refsource" : "MLIST", - "url" : "http://osdir.com/ml/openstack-cloud-computing/2012-03/msg01133.html" - }, - { - "name" : "https://bugs.launchpad.net/nova/+bug/962515", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/nova/+bug/962515" - }, - { - "name" : "FEDORA-2012-5026", - "refsource" : "FEDORA", - "url" : "http://lwn.net/Alerts/491298/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[Openstack] 20120329 [OSSA 2012-003] Long server names grow nova-api log files significantly (CVE-2012-1585)", + "refsource": "MLIST", + "url": "http://osdir.com/ml/openstack-cloud-computing/2012-03/msg01133.html" + }, + { + "name": "https://bugs.launchpad.net/nova/+bug/962515", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/nova/+bug/962515" + }, + { + "name": "FEDORA-2012-5026", + "refsource": "FEDORA", + "url": "http://lwn.net/Alerts/491298/" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1942.json b/2012/1xxx/CVE-2012-1942.json index 0cf4a2c6291..ddc07c93a17 100644 --- a/2012/1xxx/CVE-2012-1942.json +++ b/2012/1xxx/CVE-2012-1942.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-35.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-35.html" - }, - { - "name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-45.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-45.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=748764", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=748764" - }, - { - "name" : "SUSE-SU-2012:0746", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html" - }, - { - "name" : "oval:org.mitre.oval:def:16951", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-35.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-35.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-45.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-45.html" + }, + { + "name": "SUSE-SU-2012:0746", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html" + }, + { + "name": "oval:org.mitre.oval:def:16951", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16951" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=748764", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=748764" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5949.json b/2012/5xxx/CVE-2012-5949.json index 2cb8106d1a4..2181e4a17f4 100644 --- a/2012/5xxx/CVE-2012-5949.json +++ b/2012/5xxx/CVE-2012-5949.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject content, and conduct phishing attacks, via vectors involving (1) the html/en/default/ directory, (2) birt/frameset, (3) WebProcess.srv, (4) sqa/html/en/default/reportTemplate/reportTemplateOrderCols.jsp, or (5) a/html/en/default/om2/omObjectFinder.jsp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-5949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21628851", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21628851" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21628852", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21628852" - }, - { - "name" : "tririga-content-spoofing(80629)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80629" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject content, and conduct phishing attacks, via vectors involving (1) the html/en/default/ directory, (2) birt/frameset, (3) WebProcess.srv, (4) sqa/html/en/default/reportTemplate/reportTemplateOrderCols.jsp, or (5) a/html/en/default/om2/omObjectFinder.jsp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21628851", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21628851" + }, + { + "name": "tririga-content-spoofing(80629)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80629" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21628852", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21628852" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11126.json b/2017/11xxx/CVE-2017-11126.json index ae02176a74b..73de9995207 100644 --- a/2017/11xxx/CVE-2017-11126.json +++ b/2017/11xxx/CVE-2017-11126.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the \"block_type != 2\" case, a similar issue to CVE-2017-9870." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/07/10/4", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2017/07/10/4" - }, - { - "name" : "https://blogs.gentoo.org/ago/2017/07/03/mpg123-global-buffer-overflow-in-iii_i_stereo-layer3-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/07/03/mpg123-global-buffer-overflow-in-iii_i_stereo-layer3-c/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the \"block_type != 2\" case, a similar issue to CVE-2017-9870." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/07/03/mpg123-global-buffer-overflow-in-iii_i_stereo-layer3-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/07/03/mpg123-global-buffer-overflow-in-iii_i_stereo-layer3-c/" + }, + { + "name": "http://openwall.com/lists/oss-security/2017/07/10/4", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2017/07/10/4" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11380.json b/2017/11xxx/CVE-2017-11380.json index 56c1b18f5e6..e6091271785 100644 --- a/2017/11xxx/CVE-2017-11380.json +++ b/2017/11xxx/CVE-2017-11380.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "DATE_PUBLIC" : "2017-07-12T00:00:00", - "ID" : "CVE-2017-11380", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Deep Discovery Director", - "version" : { - "version_data" : [ - { - "version_value" : "1.1" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insecure Permissions" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "DATE_PUBLIC": "2017-07-12T00:00:00", + "ID": "CVE-2017-11380", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Deep Discovery Director", + "version": { + "version_data": [ + { + "version_value": "1.1" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.coresecurity.com/advisories/trend-micro-deep-discovery-director-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/trend-micro-deep-discovery-director-multiple-vulnerabilities" - }, - { - "name" : "https://success.trendmicro.com/solution/1117663", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1117663" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Backup archives were found to be encrypted with a static password across different installations, which suggest the same password may be used in all virtual appliance instances of Trend Micro Deep Discovery Director 1.1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Permissions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.coresecurity.com/advisories/trend-micro-deep-discovery-director-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/trend-micro-deep-discovery-director-multiple-vulnerabilities" + }, + { + "name": "https://success.trendmicro.com/solution/1117663", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1117663" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11454.json b/2017/11xxx/CVE-2017-11454.json index e54681fa4a5..f938f24297f 100644 --- a/2017/11xxx/CVE-2017-11454.json +++ b/2017/11xxx/CVE-2017-11454.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11454", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11454", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11948.json b/2017/11xxx/CVE-2017-11948.json index 4d9d4cbc643..62f47819e1a 100644 --- a/2017/11xxx/CVE-2017-11948.json +++ b/2017/11xxx/CVE-2017-11948.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11948", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11948", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11996.json b/2017/11xxx/CVE-2017-11996.json index 1cf1729e7d1..13ce2fd80b2 100644 --- a/2017/11xxx/CVE-2017-11996.json +++ b/2017/11xxx/CVE-2017-11996.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11996", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11996", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15185.json b/2017/15xxx/CVE-2017-15185.json index d45a79fe6de..1eca02e5730 100644 --- a/2017/15xxx/CVE-2017-15185.json +++ b/2017/15xxx/CVE-2017-15185.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service (application crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42399", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42399/" - }, - { - "name" : "http://seclists.org/fulldisclosure/2017/Jul/82", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jul/82" - }, - { - "name" : "https://anonscm.debian.org/cgit/users/ron/mp3splt.git/commit/?id=18f018cd774cb931116ce06a520dc0c5f9443932", - "refsource" : "MISC", - "url" : "https://anonscm.debian.org/cgit/users/ron/mp3splt.git/commit/?id=18f018cd774cb931116ce06a520dc0c5f9443932" - }, - { - "name" : "https://lists.debian.org/debian-lts/2017/09/msg00115.html", - "refsource" : "MISC", - "url" : "https://lists.debian.org/debian-lts/2017/09/msg00115.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service (application crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Jul/82", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Jul/82" + }, + { + "name": "42399", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42399/" + }, + { + "name": "https://lists.debian.org/debian-lts/2017/09/msg00115.html", + "refsource": "MISC", + "url": "https://lists.debian.org/debian-lts/2017/09/msg00115.html" + }, + { + "name": "https://anonscm.debian.org/cgit/users/ron/mp3splt.git/commit/?id=18f018cd774cb931116ce06a520dc0c5f9443932", + "refsource": "MISC", + "url": "https://anonscm.debian.org/cgit/users/ron/mp3splt.git/commit/?id=18f018cd774cb931116ce06a520dc0c5f9443932" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3136.json b/2017/3xxx/CVE-2017-3136.json index 645750bde12..ccfd7a9a15a 100644 --- a/2017/3xxx/CVE-2017-3136.json +++ b/2017/3xxx/CVE-2017-3136.json @@ -1,141 +1,141 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-officer@isc.org", - "DATE_PUBLIC" : "2017-03-12T00:00:00.000Z", - "ID" : "CVE-2017-3136", - "STATE" : "PUBLIC", - "TITLE" : "An error handling synthesized records could cause an assertion failure when using DNS64 with \"break-dnssec yes;\"" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIND 9", - "version" : { - "version_data" : [ - { - "version_value" : "9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8" - } - ] - } - } - ] - }, - "vendor_name" : "ISC" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "ISC would like to thank Oleg Gorokhov of Yandex for making us aware of this vulnerability." - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 5.9, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Servers are at risk if they are configured to use DNS64 and if the option \"break-dnssec yes;\" is in use." - } + "CVE_data_meta": { + "ASSIGNER": "security-officer@isc.org", + "DATE_PUBLIC": "2017-03-12T00:00:00.000Z", + "ID": "CVE-2017-3136", + "STATE": "PUBLIC", + "TITLE": "An error handling synthesized records could cause an assertion failure when using DNS64 with \"break-dnssec yes;\"" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIND 9", + "version": { + "version_data": [ + { + "version_value": "9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8" + } + ] + } + } + ] + }, + "vendor_name": "ISC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.isc.org/docs/aa-01465", - "refsource" : "CONFIRM", - "url" : "https://kb.isc.org/docs/aa-01465" - }, - { - "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180802-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180802-0002/" - }, - { - "name" : "DSA-3854", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3854" - }, - { - "name" : "GLSA-201708-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201708-01" - }, - { - "name" : "RHSA-2017:1095", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1095" - }, - { - "name" : "RHSA-2017:1105", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1105" - }, - { - "name" : "97653", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97653" - }, - { - "name" : "1038259", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038259" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.9-P8\n BIND 9 version 9.10.4-P8\n BIND 9 version 9.11.0-P5\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.9-S10\n\nNew maintenance releases of BIND are also scheduled which contain the fix for this vulnerability. In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:\n\n BIND 9 version 9.9.10rc3\n BIND 9 version 9.10.5rc3\n BIND 9 version 9.11.1rc3" - } - ], - "source" : { - "discovery" : "UNKNOWN" - }, - "work_around" : [ - { - "lang" : "eng", - "value" : "Servers which have configurations which require DNS64 and \"break-dnssec yes;\" should upgrade. Servers which are not using these features in conjunction are not at risk from this defect." - } - ] -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "ISC would like to thank Oleg Gorokhov of Yandex for making us aware of this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Servers are at risk if they are configured to use DNS64 and if the option \"break-dnssec yes;\" is in use." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1095", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1095" + }, + { + "name": "GLSA-201708-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201708-01" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180802-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180802-0002/" + }, + { + "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us" + }, + { + "name": "DSA-3854", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3854" + }, + { + "name": "1038259", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038259" + }, + { + "name": "97653", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97653" + }, + { + "name": "RHSA-2017:1105", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1105" + }, + { + "name": "https://kb.isc.org/docs/aa-01465", + "refsource": "CONFIRM", + "url": "https://kb.isc.org/docs/aa-01465" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.9-P8\n BIND 9 version 9.10.4-P8\n BIND 9 version 9.11.0-P5\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.9-S10\n\nNew maintenance releases of BIND are also scheduled which contain the fix for this vulnerability. In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:\n\n BIND 9 version 9.9.10rc3\n BIND 9 version 9.10.5rc3\n BIND 9 version 9.11.1rc3" + } + ], + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "Servers which have configurations which require DNS64 and \"break-dnssec yes;\" should upgrade. Servers which are not using these features in conjunction are not at risk from this defect." + } + ] +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3183.json b/2017/3xxx/CVE-2017-3183.json index 0bd31088263..9ac866fb09d 100644 --- a/2017/3xxx/CVE-2017-3183.json +++ b/2017/3xxx/CVE-2017-3183.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2017-3183", - "STATE" : "PUBLIC", - "TITLE" : "Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "XRT Treasury", - "version" : { - "version_data" : [ - { - "affected" : "=", - "version_name" : "3", - "version_value" : "3" - } - ] - } - } - ] - }, - "vendor_name" : "Sage" - } - ] - } - }, - "credit" : [ - { - "lang" : "eng", - "value" : "Thanks to Victor Portal Gonzalez of Deloitte Spain for reporting this vulnerability." - } - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Sage XRT Treasury is a business finance management application. Database user access privileges are determined by the USER_CODE field associated with the querying user. By modifying the USER_CODE value to match that of a privileged user, a low-privileged, authenticated user may gain privileged access to the SQL database. A remote, authenticated user can submit specially crafted SQL queries to gain privileged access to the application database." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-639" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-3183", + "STATE": "PUBLIC", + "TITLE": "Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "XRT Treasury", + "version": { + "version_data": [ + { + "affected": "=", + "version_name": "3", + "version_value": "3" + } + ] + } + } + ] + }, + "vendor_name": "Sage" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#742632", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/742632" - }, - { - "name" : "96477", - "refsource" : "BID", - "url" : "https://www.securityfocus.com/bid/96477" - } - ] - }, - "solution" : [ - { - "lang" : "eng", - "value" : "The vendor has indicated that XRT Treasury version 4 addresses this issue. Users are encouraged to update to the latest release and to encrypt connections to the database server." - } - ], - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Victor Portal Gonzalez of Deloitte Spain for reporting this vulnerability." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. Sage XRT Treasury is a business finance management application. Database user access privileges are determined by the USER_CODE field associated with the querying user. By modifying the USER_CODE value to match that of a privileged user, a low-privileged, authenticated user may gain privileged access to the SQL database. A remote, authenticated user can submit specially crafted SQL queries to gain privileged access to the application database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#742632", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/742632" + }, + { + "name": "96477", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/96477" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The vendor has indicated that XRT Treasury version 4 addresses this issue. Users are encouraged to update to the latest release and to encrypt connections to the database server." + } + ], + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3369.json b/2017/3xxx/CVE-2017-3369.json index 9f0031c50ea..7b29d54c8b6 100644 --- a/2017/3xxx/CVE-2017-3369.json +++ b/2017/3xxx/CVE-2017-3369.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "iSupport", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iSupport", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95468", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95468" - }, - { - "name" : "1037639", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037639" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95468", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95468" + }, + { + "name": "1037639", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037639" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3427.json b/2017/3xxx/CVE-2017-3427.json index 5447ddb891b..c653230e974 100644 --- a/2017/3xxx/CVE-2017-3427.json +++ b/2017/3xxx/CVE-2017-3427.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "One-to-One Fulfillment", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "One-to-One Fulfillment", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95569", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95569" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95569", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95569" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8307.json b/2017/8xxx/CVE-2017-8307.json index 37003d21d1f..1cbd9c0b370 100644 --- a/2017/8xxx/CVE-2017-8307.json +++ b/2017/8xxx/CVE-2017-8307.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8307", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulnerability is exploitable by any unprivileged user when Avast Self-Defense is disabled. It is also exploitable in conjunction with CVE-2017-8308 when Avast Self-Defense is enabled. The vulnerability allows for Denial of Service attacks and hiding traces of a possible attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8307", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-Vulnerabilities-in-Avast-Antivirus/?fid=9201", - "refsource" : "MISC", - "url" : "https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-Vulnerabilities-in-Avast-Antivirus/?fid=9201" - }, - { - "name" : "98086", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98086" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Avast Antivirus before v17, using the LPC interface API exposed by the AvastSVC.exe Windows service, it is possible to launch predefined binaries, or replace or delete arbitrary files. This vulnerability is exploitable by any unprivileged user when Avast Self-Defense is disabled. It is also exploitable in conjunction with CVE-2017-8308 when Avast Self-Defense is enabled. The vulnerability allows for Denial of Service attacks and hiding traces of a possible attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98086", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98086" + }, + { + "name": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-Vulnerabilities-in-Avast-Antivirus/?fid=9201", + "refsource": "MISC", + "url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/Multiple-Vulnerabilities-in-Avast-Antivirus/?fid=9201" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8775.json b/2017/8xxx/CVE-2017-8775.json index 37532f25f83..d31c7107d20 100644 --- a/2017/8xxx/CVE-2017-8775.json +++ b/2017/8xxx/CVE-2017-8775.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://payatu.com/quick-heal-internet-security-memory-corruption-vulnerability-2/", - "refsource" : "MISC", - "url" : "http://payatu.com/quick-heal-internet-security-memory-corruption-vulnerability-2/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://payatu.com/quick-heal-internet-security-memory-corruption-vulnerability-2/", + "refsource": "MISC", + "url": "http://payatu.com/quick-heal-internet-security-memory-corruption-vulnerability-2/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10022.json b/2018/10xxx/CVE-2018-10022.json index 7607b7527b7..c1386bd50af 100644 --- a/2018/10xxx/CVE-2018-10022.json +++ b/2018/10xxx/CVE-2018-10022.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10022", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10022", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10202.json b/2018/10xxx/CVE-2018-10202.json index d639de99d1b..4e18bb2bb04 100644 --- a/2018/10xxx/CVE-2018-10202.json +++ b/2018/10xxx/CVE-2018-10202.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10202", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10202", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10269.json b/2018/10xxx/CVE-2018-10269.json index 23d4212f21f..066149393bc 100644 --- a/2018/10xxx/CVE-2018-10269.json +++ b/2018/10xxx/CVE-2018-10269.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10269", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10269", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12424.json b/2018/12xxx/CVE-2018-12424.json index 0deadadaa40..418009d8b86 100644 --- a/2018/12xxx/CVE-2018-12424.json +++ b/2018/12xxx/CVE-2018-12424.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12424", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12424", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12535.json b/2018/12xxx/CVE-2018-12535.json index 6c148826493..ad4d4c0a07a 100644 --- a/2018/12xxx/CVE-2018-12535.json +++ b/2018/12xxx/CVE-2018-12535.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12535", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12535", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12669.json b/2018/12xxx/CVE-2018-12669.json index 62621dd967d..16d40a3fc0c 100644 --- a/2018/12xxx/CVE-2018-12669.json +++ b/2018/12xxx/CVE-2018-12669.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12669", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow remote authenticated users to reset arbitrary accounts via a request to web/cgi-bin/hi3510/param.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/", - "refsource" : "MISC", - "url" : "https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B devices allow remote authenticated users to reset arbitrary accounts via a request to web/cgi-bin/hi3510/param.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/", + "refsource": "MISC", + "url": "https://www.bishopfox.com/news/2018/10/sv3c-l-series-hd-camera-multiple-vulnerabilities/" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13051.json b/2018/13xxx/CVE-2018-13051.json index edc45a9de8f..058e207c599 100644 --- a/2018/13xxx/CVE-2018-13051.json +++ b/2018/13xxx/CVE-2018-13051.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13051", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13051", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13403.json b/2018/13xxx/CVE-2018-13403.json index d6340229454..29c4310e096 100644 --- a/2018/13xxx/CVE-2018-13403.json +++ b/2018/13xxx/CVE-2018-13403.json @@ -1,80 +1,80 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2019-01-18T00:00:00", - "ID" : "CVE-2018-13403", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jira", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "7.6.10" - }, - { - "version_affected" : ">=", - "version_value" : "7.7.0" - }, - { - "version_affected" : "<", - "version_value" : "7.12.4" - }, - { - "version_affected" : ">=", - "version_value" : "7.13.0" - }, - { - "version_affected" : "<", - "version_value" : "7.13.1" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2019-01-18T00:00:00", + "ID": "CVE-2018-13403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.6.10" + }, + { + "version_affected": ">=", + "version_value": "7.7.0" + }, + { + "version_affected": "<", + "version_value": "7.12.4" + }, + { + "version_affected": ">=", + "version_value": "7.13.0" + }, + { + "version_affected": "<", + "version_value": "7.13.1" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/JRASERVER-68526", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/JRASERVER-68526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a saved filter when displayed on a Jira dashboard." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/JRASERVER-68526", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/JRASERVER-68526" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13424.json b/2018/13xxx/CVE-2018-13424.json index 4a648f81ab2..14513fe2b19 100644 --- a/2018/13xxx/CVE-2018-13424.json +++ b/2018/13xxx/CVE-2018-13424.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13424", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13424", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13868.json b/2018/13xxx/CVE-2018-13868.json index e4a86a51d4d..a50916fdf87 100644 --- a/2018/13xxx/CVE-2018-13868.json +++ b/2018/13xxx/CVE-2018-13868.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13868", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_fill_old_decode in H5Ofill.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/TeamSeri0us/pocs/tree/master/hdf5", - "refsource" : "MISC", - "url" : "https://github.com/TeamSeri0us/pocs/tree/master/hdf5" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_fill_old_decode in H5Ofill.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/TeamSeri0us/pocs/tree/master/hdf5", + "refsource": "MISC", + "url": "https://github.com/TeamSeri0us/pocs/tree/master/hdf5" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16517.json b/2018/16xxx/CVE-2018-16517.json index 6e4a6e8d1df..c22ab202108 100644 --- a/2018/16xxx/CVE-2018-16517.json +++ b/2018/16xxx/CVE-2018-16517.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392513", - "refsource" : "MISC", - "url" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392513" - }, - { - "name" : "https://fakhrizulkifli.github.io/CVE-2018-16517.html", - "refsource" : "MISC", - "url" : "https://fakhrizulkifli.github.io/CVE-2018-16517.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.nasm.us/show_bug.cgi?id=3392513", + "refsource": "MISC", + "url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392513" + }, + { + "name": "https://fakhrizulkifli.github.io/CVE-2018-16517.html", + "refsource": "MISC", + "url": "https://fakhrizulkifli.github.io/CVE-2018-16517.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16855.json b/2018/16xxx/CVE-2018-16855.json index 9f2c3d7b0cc..d1c680c236d 100644 --- a/2018/16xxx/CVE-2018-16855.json +++ b/2018/16xxx/CVE-2018-16855.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-16855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "pdns-recursor", - "version" : { - "version_data" : [ - { - "version_value" : "4.1.8" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-16855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "pdns-recursor", + "version": { + "version_data": [ + { + "version_value": "4.1.8" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-09.html", - "refsource" : "MISC", - "url" : "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-09.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16855", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16855" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16855", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16855" + }, + { + "name": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-09.html", + "refsource": "MISC", + "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-09.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16946.json b/2018/16xxx/CVE-2018-16946.json index 5d8253c405e..7edba308eab 100644 --- a/2018/16xxx/CVE-2018-16946.json +++ b/2018/16xxx/CVE-2018-16946.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45394", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45394/" - }, - { - "name" : "https://github.com/EgeBalci/LG-Smart-IP-Device-Backup-Download", - "refsource" : "MISC", - "url" : "https://github.com/EgeBalci/LG-Smart-IP-Device-Backup-Download" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers are able to download /updownload/t.report (aka Log & Report) files and download backup files (via download.php) without authenticating. These backup files contain user credentials and configuration information for the camera device. An attacker is able to discover the backup filename via reading the system logs or report data, or just by brute-forcing the backup filename pattern. It may be possible to authenticate to the admin account with the admin password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45394", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45394/" + }, + { + "name": "https://github.com/EgeBalci/LG-Smart-IP-Device-Backup-Download", + "refsource": "MISC", + "url": "https://github.com/EgeBalci/LG-Smart-IP-Device-Backup-Download" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17077.json b/2018/17xxx/CVE-2018-17077.json index 08b90ae1a66..d617dc2995e 100644 --- a/2018/17xxx/CVE-2018-17077.json +++ b/2018/17xxx/CVE-2018-17077.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in yiqicms through 2016-11-20. There is stored XSS in comment.php because a length limit can be bypassed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wacj1425/yiqicms/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/wacj1425/yiqicms/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in yiqicms through 2016-11-20. There is stored XSS in comment.php because a length limit can be bypassed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wacj1425/yiqicms/issues/1", + "refsource": "MISC", + "url": "https://github.com/wacj1425/yiqicms/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17361.json b/2018/17xxx/CVE-2018-17361.json index c19c892d444..fb7c8f085f7 100644 --- a/2018/17xxx/CVE-2018-17361.json +++ b/2018/17xxx/CVE-2018-17361.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php because $_SERVER['PHP_SELF'] is mishandled." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/alterebro/WeaselCMS/issues/7", - "refsource" : "MISC", - "url" : "https://github.com/alterebro/WeaselCMS/issues/7" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php because $_SERVER['PHP_SELF'] is mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/alterebro/WeaselCMS/issues/7", + "refsource": "MISC", + "url": "https://github.com/alterebro/WeaselCMS/issues/7" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17501.json b/2018/17xxx/CVE-2018-17501.json index 05a6b2178f7..527759066e7 100644 --- a/2018/17xxx/CVE-2018-17501.json +++ b/2018/17xxx/CVE-2018-17501.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17501", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17501", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file