From e473a155c34fc9b00848fcfe4adb69a70fc37bdd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:17:06 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/0xxx/CVE-2004-0073.json | 180 ++++++++++++------------- 2004/0xxx/CVE-2004-0091.json | 160 +++++++++++----------- 2004/0xxx/CVE-2004-0431.json | 160 +++++++++++----------- 2004/1xxx/CVE-2004-1310.json | 160 +++++++++++----------- 2004/1xxx/CVE-2004-1334.json | 160 +++++++++++----------- 2004/1xxx/CVE-2004-1354.json | 210 ++++++++++++++--------------- 2004/1xxx/CVE-2004-1906.json | 180 ++++++++++++------------- 2004/1xxx/CVE-2004-1942.json | 160 +++++++++++----------- 2004/2xxx/CVE-2004-2196.json | 220 +++++++++++++++--------------- 2004/2xxx/CVE-2004-2450.json | 150 ++++++++++----------- 2004/2xxx/CVE-2004-2608.json | 150 ++++++++++----------- 2008/2xxx/CVE-2008-2064.json | 180 ++++++++++++------------- 2008/2xxx/CVE-2008-2100.json | 220 +++++++++++++++--------------- 2008/2xxx/CVE-2008-2318.json | 180 ++++++++++++------------- 2008/3xxx/CVE-2008-3240.json | 170 +++++++++++------------ 2008/3xxx/CVE-2008-3400.json | 160 +++++++++++----------- 2008/3xxx/CVE-2008-3564.json | 150 ++++++++++----------- 2008/3xxx/CVE-2008-3852.json | 240 ++++++++++++++++----------------- 2008/6xxx/CVE-2008-6324.json | 140 +++++++++---------- 2008/6xxx/CVE-2008-6473.json | 140 +++++++++---------- 2008/7xxx/CVE-2008-7056.json | 150 ++++++++++----------- 2008/7xxx/CVE-2008-7297.json | 160 +++++++++++----------- 2012/5xxx/CVE-2012-5117.json | 160 +++++++++++----------- 2012/5xxx/CVE-2012-5120.json | 160 +++++++++++----------- 2012/5xxx/CVE-2012-5998.json | 34 ++--- 2017/11xxx/CVE-2017-11117.json | 130 +++++++++--------- 2017/11xxx/CVE-2017-11610.json | 230 +++++++++++++++---------------- 2017/11xxx/CVE-2017-11912.json | 152 ++++++++++----------- 2017/11xxx/CVE-2017-11991.json | 34 ++--- 2017/15xxx/CVE-2017-15071.json | 34 ++--- 2017/15xxx/CVE-2017-15257.json | 120 ++++++++--------- 2017/15xxx/CVE-2017-15630.json | 130 +++++++++--------- 2017/15xxx/CVE-2017-15663.json | 140 +++++++++---------- 2017/8xxx/CVE-2017-8049.json | 34 ++--- 2017/8xxx/CVE-2017-8583.json | 34 ++--- 2018/12xxx/CVE-2018-12036.json | 130 +++++++++--------- 2018/12xxx/CVE-2018-12120.json | 130 +++++++++--------- 2018/12xxx/CVE-2018-12166.json | 122 ++++++++--------- 2018/12xxx/CVE-2018-12902.json | 120 ++++++++--------- 2018/12xxx/CVE-2018-12917.json | 120 ++++++++--------- 2018/13xxx/CVE-2018-13287.json | 34 ++--- 2018/13xxx/CVE-2018-13343.json | 34 ++--- 2018/13xxx/CVE-2018-13793.json | 120 ++++++++--------- 2018/16xxx/CVE-2018-16205.json | 130 +++++++++--------- 2018/16xxx/CVE-2018-16237.json | 120 ++++++++--------- 2018/16xxx/CVE-2018-16385.json | 120 ++++++++--------- 2018/17xxx/CVE-2018-17227.json | 34 ++--- 2018/4xxx/CVE-2018-4125.json | 200 +++++++++++++-------------- 2018/4xxx/CVE-2018-4340.json | 34 ++--- 2018/4xxx/CVE-2018-4381.json | 34 ++--- 2018/4xxx/CVE-2018-4445.json | 34 ++--- 2018/4xxx/CVE-2018-4595.json | 34 ++--- 52 files changed, 3361 insertions(+), 3361 deletions(-) diff --git a/2004/0xxx/CVE-2004-0073.json b/2004/0xxx/CVE-2004-0073.json index b3b234a6e16..302428d400c 100644 --- a/2004/0xxx/CVE-2004-0073.json +++ b/2004/0xxx/CVE-2004-0073.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in (1) config.php and (2) config_page.php for EasyDynamicPages 2.0 allows remote attackers to execute arbitrary PHP code by modifying the edp_relative_path parameter to reference a URL on a remote web server that contains a malicious serverdata.php script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040102 include() vuln in EasyDynamicPages v.2.0", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107307457327707&w=2" - }, - { - "name" : "9338", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9338" - }, - { - "name" : "3318", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3318" - }, - { - "name" : "3408", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3408" - }, - { - "name" : "1008584", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008584" - }, - { - "name" : "10535", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10535" - }, - { - "name" : "easydynamicpages-php-file-include(14136)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14136" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in (1) config.php and (2) config_page.php for EasyDynamicPages 2.0 allows remote attackers to execute arbitrary PHP code by modifying the edp_relative_path parameter to reference a URL on a remote web server that contains a malicious serverdata.php script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040102 include() vuln in EasyDynamicPages v.2.0", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107307457327707&w=2" + }, + { + "name": "3318", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3318" + }, + { + "name": "1008584", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008584" + }, + { + "name": "10535", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10535" + }, + { + "name": "3408", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3408" + }, + { + "name": "easydynamicpages-php-file-include(14136)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14136" + }, + { + "name": "9338", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9338" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0091.json b/2004/0xxx/CVE-2004-0091.json index 3587759ccd2..99d01952b5f 100644 --- a/2004/0xxx/CVE-2004-0091.json +++ b/2004/0xxx/CVE-2004-0091.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0091", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying \"There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040120 vBulletin Security Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107462349324945&w=2" - }, - { - "name" : "20040120 vBulletin Security Vulnerability", - "refsource" : "VULN-DEV", - "url" : "http://marc.info/?l=vuln-dev&m=107462499927040&w=2" - }, - { - "name" : "20040120 Re: vBulletin Security Vulnerability", - "refsource" : "VULN-DEV", - "url" : "http://marc.info/?l=vuln-dev&m=107478592401619&w=2" - }, - { - "name" : "20040123 RE: vBulletin Security Vulnerability", - "refsource" : "VULN-DEV", - "url" : "http://marc.info/?l=vuln-dev&m=107488880317647&w=2" - }, - { - "name" : "1008780", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying \"There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040120 vBulletin Security Vulnerability", + "refsource": "VULN-DEV", + "url": "http://marc.info/?l=vuln-dev&m=107462499927040&w=2" + }, + { + "name": "1008780", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008780" + }, + { + "name": "20040120 vBulletin Security Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107462349324945&w=2" + }, + { + "name": "20040123 RE: vBulletin Security Vulnerability", + "refsource": "VULN-DEV", + "url": "http://marc.info/?l=vuln-dev&m=107488880317647&w=2" + }, + { + "name": "20040120 Re: vBulletin Security Vulnerability", + "refsource": "VULN-DEV", + "url": "http://marc.info/?l=vuln-dev&m=107478592401619&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0431.json b/2004/0xxx/CVE-2004-0431.json index e1f6634323c..6a86d0bd6fe 100644 --- a/2004/0xxx/CVE-2004-0431.json +++ b/2004/0xxx/CVE-2004-0431.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0431", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 allows attackers to execute arbitrary code via a large \"number of entries\" field in the sample-to-chunk table data for a .mov movie file, which leads to a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040502 EEYE: Apple QuickTime (QuickTime.qts) Heap Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108360110618389&w=2" - }, - { - "name" : "20040502 EEYE: Apple QuickTime (QuickTime.qts) Heap Overflow", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=108356485013237&w=2" - }, - { - "name" : "APPLE-SA-2004-04-30", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/mhonarc/security-announce/msg00048.html" - }, - { - "name" : "VU#782958", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/782958" - }, - { - "name" : "quicktime-heap-bo(16026)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 allows attackers to execute arbitrary code via a large \"number of entries\" field in the sample-to-chunk table data for a .mov movie file, which leads to a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2004-04-30", + "refsource": "APPLE", + "url": "http://lists.apple.com/mhonarc/security-announce/msg00048.html" + }, + { + "name": "20040502 EEYE: Apple QuickTime (QuickTime.qts) Heap Overflow", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=108356485013237&w=2" + }, + { + "name": "quicktime-heap-bo(16026)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16026" + }, + { + "name": "VU#782958", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/782958" + }, + { + "name": "20040502 EEYE: Apple QuickTime (QuickTime.qts) Heap Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108360110618389&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1310.json b/2004/1xxx/CVE-2004-1310.json index 90502b9122a..58272cc3005 100644 --- a/2004/1xxx/CVE-2004-1310.json +++ b/2004/1xxx/CVE-2004-1310.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the asf_mmst_streaming.c functionality for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a large MMST stream packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041216 MPlayer MMST Streaming Stack Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=167" - }, - { - "name" : "http://www1.mplayerhq.hu/MPlayer/releases/ChangeLog", - "refsource" : "CONFIRM", - "url" : "http://www1.mplayerhq.hu/MPlayer/releases/ChangeLog" - }, - { - "name" : "http://www1.mplayerhq.hu/MPlayer/patches/mmst_fix_20041215.diff", - "refsource" : "CONFIRM", - "url" : "http://www1.mplayerhq.hu/MPlayer/patches/mmst_fix_20041215.diff" - }, - { - "name" : "MDKSA-2004:157", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:157" - }, - { - "name" : "mplayer-mmst-bo(18526)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18526" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the asf_mmst_streaming.c functionality for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a large MMST stream packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www1.mplayerhq.hu/MPlayer/patches/mmst_fix_20041215.diff", + "refsource": "CONFIRM", + "url": "http://www1.mplayerhq.hu/MPlayer/patches/mmst_fix_20041215.diff" + }, + { + "name": "http://www1.mplayerhq.hu/MPlayer/releases/ChangeLog", + "refsource": "CONFIRM", + "url": "http://www1.mplayerhq.hu/MPlayer/releases/ChangeLog" + }, + { + "name": "20041216 MPlayer MMST Streaming Stack Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=167" + }, + { + "name": "mplayer-mmst-bo(18526)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18526" + }, + { + "name": "MDKSA-2004:157", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:157" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1334.json b/2004/1xxx/CVE-2004-1334.json index 9374a86c855..33cc4a95ad7 100644 --- a/2004/1xxx/CVE-2004-1334.json +++ b/2004/1xxx/CVE-2004-1334.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (kernel crash) via a cmsg_len that contains a -1, which leads to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041215 fun with linux kernel", - "refsource" : "FULLDISC", - "url" : "http://www.securitytrap.com/mail/full-disclosure/2004/Dec/0323.html" - }, - { - "name" : "20041215 [USN-47-1] Linux kernel vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110383108211524&w=2" - }, - { - "name" : "http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html", - "refsource" : "MISC", - "url" : "http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html" - }, - { - "name" : "11956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11956" - }, - { - "name" : "linux-ipoptionsget-dos(18522)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18522" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (kernel crash) via a cmsg_len that contains a -1, which leads to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20041215 fun with linux kernel", + "refsource": "FULLDISC", + "url": "http://www.securitytrap.com/mail/full-disclosure/2004/Dec/0323.html" + }, + { + "name": "20041215 [USN-47-1] Linux kernel vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110383108211524&w=2" + }, + { + "name": "http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html", + "refsource": "MISC", + "url": "http://www.guninski.com/where_do_you_want_billg_to_go_today_2.html" + }, + { + "name": "11956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11956" + }, + { + "name": "linux-ipoptionsget-dos(18522)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18522" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1354.json b/2004/1xxx/CVE-2004-1354.json index 572e04644f4..33647207c0b 100644 --- a/2004/1xxx/CVE-2004-1354.json +++ b/2004/1xxx/CVE-2004-1354.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1354", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[focus-sun] 20031022 Information disclosure with SMC webserver on Solaris 9", - "refsource" : "MLIST", - "url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-sun/2003-10/0032.html" - }, - { - "name" : "57559", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57559-1&searchclause=%22category:security%22%20%20111313-02" - }, - { - "name" : "ESB-2004.0347", - "refsource" : "AUSCERT", - "url" : "http://www.auscert.org.au/render.html?it=4105" - }, - { - "name" : "http://spoofed.org/files/text/solaris-smc-advisory.txt", - "refsource" : "MISC", - "url" : "http://spoofed.org/files/text/solaris-smc-advisory.txt" - }, - { - "name" : "8873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8873" - }, - { - "name" : "10349", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10349" - }, - { - "name" : "6119", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=6119" - }, - { - "name" : "oval:org.mitre.oval:def:1482", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1482" - }, - { - "name" : "11616", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11616/" - }, - { - "name" : "smc-dotdot-directory-traversal(16146)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16146" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57559", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57559-1&searchclause=%22category:security%22%20%20111313-02" + }, + { + "name": "oval:org.mitre.oval:def:1482", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1482" + }, + { + "name": "http://spoofed.org/files/text/solaris-smc-advisory.txt", + "refsource": "MISC", + "url": "http://spoofed.org/files/text/solaris-smc-advisory.txt" + }, + { + "name": "8873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8873" + }, + { + "name": "11616", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11616/" + }, + { + "name": "[focus-sun] 20031022 Information disclosure with SMC webserver on Solaris 9", + "refsource": "MLIST", + "url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/focus-sun/2003-10/0032.html" + }, + { + "name": "ESB-2004.0347", + "refsource": "AUSCERT", + "url": "http://www.auscert.org.au/render.html?it=4105" + }, + { + "name": "6119", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=6119" + }, + { + "name": "smc-dotdot-directory-traversal(16146)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16146" + }, + { + "name": "10349", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10349" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1906.json b/2004/1xxx/CVE-2004-1906.json index 176490f99b0..720ca674100 100644 --- a/2004/1xxx/CVE-2004-1906.json +++ b/2004/1xxx/CVE-2004-1906.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mcafee FreeScan allows remote attackers to cause a denial of service and possibly arbitrary code via a long string in the ScanParam property of a COM object, which may trigger a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040407 Mcafee FreeScan - Remote Buffer Overflow and Private Information Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108136872711898&w=2" - }, - { - "name" : "20040407 Mcafee FreeScan - Remote Buffer Overflow and Private Information Disclosure", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019877.html" - }, - { - "name" : "http://theinsider.deep-ice.com/texts/advisory54.txt", - "refsource" : "MISC", - "url" : "http://theinsider.deep-ice.com/texts/advisory54.txt" - }, - { - "name" : "20040407 Symantec, McAfee and Panda ActiveX controls", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019891.html" - }, - { - "name" : "10071", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10071" - }, - { - "name" : "11313", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11313" - }, - { - "name" : "freescan-mcfscan-bo(15772)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15772" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mcafee FreeScan allows remote attackers to cause a denial of service and possibly arbitrary code via a long string in the ScanParam property of a COM object, which may trigger a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040407 Symantec, McAfee and Panda ActiveX controls", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019891.html" + }, + { + "name": "10071", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10071" + }, + { + "name": "http://theinsider.deep-ice.com/texts/advisory54.txt", + "refsource": "MISC", + "url": "http://theinsider.deep-ice.com/texts/advisory54.txt" + }, + { + "name": "freescan-mcfscan-bo(15772)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15772" + }, + { + "name": "20040407 Mcafee FreeScan - Remote Buffer Overflow and Private Information Disclosure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108136872711898&w=2" + }, + { + "name": "20040407 Mcafee FreeScan - Remote Buffer Overflow and Private Information Disclosure", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019877.html" + }, + { + "name": "11313", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11313" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1942.json b/2004/1xxx/CVE-2004-1942.json index ee9b1e743c9..6f57b3728ac 100644 --- a/2004/1xxx/CVE-2004-1942.json +++ b/2004/1xxx/CVE-2004-1942.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1942", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as passwd.adjunct.byname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1942", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040419 Solaris 9 patch 113579-03 introduces a NIS security bug", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108241638500417&w=2" - }, - { - "name" : "57554", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57554-1" - }, - { - "name" : "O-144", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-144.shtml" - }, - { - "name" : "10261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10261" - }, - { - "name" : "solaris-nis-unauth-privileges(15908)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15908" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as passwd.adjunct.byname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040419 Solaris 9 patch 113579-03 introduces a NIS security bug", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108241638500417&w=2" + }, + { + "name": "O-144", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-144.shtml" + }, + { + "name": "10261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10261" + }, + { + "name": "57554", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57554-1" + }, + { + "name": "solaris-nis-unauth-privileges(15908)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15908" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2196.json b/2004/2xxx/CVE-2004-2196.json index 6f99d9e6dfc..0d7eb44538b 100644 --- a/2004/2xxx/CVE-2004-2196.json +++ b/2004/2xxx/CVE-2004-2196.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041011 Multiple vulnerabilities in ZanfiCmsLite", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/378053" - }, - { - "name" : "http://www.zanfi.nl/index1.php?flag=cmslite", - "refsource" : "MISC", - "url" : "http://www.zanfi.nl/index1.php?flag=cmslite" - }, - { - "name" : "10677", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10677" - }, - { - "name" : "10678", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10678" - }, - { - "name" : "10679", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10679" - }, - { - "name" : "10680", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10680" - }, - { - "name" : "10681", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10681" - }, - { - "name" : "10682", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10682" - }, - { - "name" : "1011612", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011612" - }, - { - "name" : "12792", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12792" - }, - { - "name" : "zanficmslite-error-path-disclosure(17687)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17687" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10679", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10679" + }, + { + "name": "12792", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12792" + }, + { + "name": "10678", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10678" + }, + { + "name": "zanficmslite-error-path-disclosure(17687)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17687" + }, + { + "name": "1011612", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011612" + }, + { + "name": "10682", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10682" + }, + { + "name": "10680", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10680" + }, + { + "name": "http://www.zanfi.nl/index1.php?flag=cmslite", + "refsource": "MISC", + "url": "http://www.zanfi.nl/index1.php?flag=cmslite" + }, + { + "name": "10677", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10677" + }, + { + "name": "20041011 Multiple vulnerabilities in ZanfiCmsLite", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/378053" + }, + { + "name": "10681", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10681" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2450.json b/2004/2xxx/CVE-2004-2450.json index f57b1fe1d66..d7c04f9cdd8 100644 --- a/2004/2xxx/CVE-2004-2450.json +++ b/2004/2xxx/CVE-2004-2450.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The client and server for Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier report sensitive information such as IDs and source IP addresses, which allows remote attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040331 RogerWilco: new funny bugs", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-03/0352.html" - }, - { - "name" : "10024", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10024" - }, - { - "name" : "11270", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11270" - }, - { - "name" : "roger-wilco-obtain-information(15816)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The client and server for Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier report sensitive information such as IDs and source IP addresses, which allows remote attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040331 RogerWilco: new funny bugs", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0352.html" + }, + { + "name": "roger-wilco-obtain-information(15816)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15816" + }, + { + "name": "11270", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11270" + }, + { + "name": "10024", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10024" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2608.json b/2004/2xxx/CVE-2004-2608.json index 2f6acb7c949..ddea7402ddd 100644 --- a/2004/2xxx/CVE-2004-2608.json +++ b/2004/2xxx/CVE-2004-2608.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the \"news database\") under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the unencrypted username and password of the administrator's account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "9363", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/9363" - }, - { - "name" : "1011084", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011084" - }, - { - "name" : "12401", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12401" - }, - { - "name" : "smart-guestbook-database-file-access(17146)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17146" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the \"news database\") under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the unencrypted username and password of the administrator's account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9363", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/9363" + }, + { + "name": "12401", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12401" + }, + { + "name": "smart-guestbook-database-file-access(17146)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17146" + }, + { + "name": "1011084", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011084" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2064.json b/2008/2xxx/CVE-2008-2064.json index 40510c55cbb..bebf4bd21da 100644 --- a/2008/2xxx/CVE-2008-2064.json +++ b/2008/2xxx/CVE-2008-2064.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2064", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors related to \"a fundamental design flaw in the interface (API) to connect phpGedView with external programs like content management systems.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2064", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?group_id=55456&release_id=595222", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?group_id=55456&release_id=595222" - }, - { - "name" : "http://www.phpgedview.net/", - "refsource" : "CONFIRM", - "url" : "http://www.phpgedview.net/" - }, - { - "name" : "DSA-1580", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1580" - }, - { - "name" : "28978", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28978" - }, - { - "name" : "29989", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29989" - }, - { - "name" : "30256", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30256" - }, - { - "name" : "phpgedview-unspecified-code-execution(42085)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors related to \"a fundamental design flaw in the interface (API) to connect phpGedView with external programs like content management systems.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-1580", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1580" + }, + { + "name": "28978", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28978" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?group_id=55456&release_id=595222", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?group_id=55456&release_id=595222" + }, + { + "name": "30256", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30256" + }, + { + "name": "29989", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29989" + }, + { + "name": "http://www.phpgedview.net/", + "refsource": "CONFIRM", + "url": "http://www.phpgedview.net/" + }, + { + "name": "phpgedview-unspecified-code-execution(42085)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42085" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2100.json b/2008/2xxx/CVE-2008-2100.json index 55b34b8e900..36c54828a92 100644 --- a/2008/2xxx/CVE-2008-2100.json +++ b/2008/2xxx/CVE-2008-2100.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493080/100/0/threaded" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2008-0009.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2008-0009.html" - }, - { - "name" : "GLSA-201209-25", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-25.xml" - }, - { - "name" : "29552", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29552" - }, - { - "name" : "oval:org.mitre.oval:def:5081", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081" - }, - { - "name" : "oval:org.mitre.oval:def:5647", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647" - }, - { - "name" : "ADV-2008-1744", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1744" - }, - { - "name" : "1020200", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020200" - }, - { - "name" : "30556", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30556" - }, - { - "name" : "3922", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3922" - }, - { - "name" : "vmware-vixapi-multiple-unspecified-bo(42872)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on VMware Workstation 5.x and 6.x, VMware Player 1.x and 2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, and VMware ESX 3.0.1 through 3.5 allow guest OS users to execute arbitrary code on the host OS via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201209-25", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml" + }, + { + "name": "ADV-2008-1744", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1744" + }, + { + "name": "1020200", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020200" + }, + { + "name": "vmware-vixapi-multiple-unspecified-bo(42872)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42872" + }, + { + "name": "oval:org.mitre.oval:def:5647", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5647" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2008-0009.html" + }, + { + "name": "30556", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30556" + }, + { + "name": "oval:org.mitre.oval:def:5081", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5081" + }, + { + "name": "29552", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29552" + }, + { + "name": "20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493080/100/0/threaded" + }, + { + "name": "3922", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3922" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2318.json b/2008/2xxx/CVE-2008-2318.json index 8d3b73ad5fc..188f75d56af 100644 --- a/2008/2xxx/CVE-2008-2318.json +++ b/2008/2xxx/CVE-2008-2318.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2318", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2318", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT2352", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT2352" - }, - { - "name" : "APPLE-SA-2008-07-11", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Jul/msg00002.html" - }, - { - "name" : "30191", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30191" - }, - { - "name" : "ADV-2008-2093", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2093/references" - }, - { - "name" : "1020473", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020473" - }, - { - "name" : "31060", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31060" - }, - { - "name" : "apple-xcode-webobjects-info-disclosure(43735)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43735" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "apple-xcode-webobjects-info-disclosure(43735)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43735" + }, + { + "name": "1020473", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020473" + }, + { + "name": "30191", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30191" + }, + { + "name": "APPLE-SA-2008-07-11", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00002.html" + }, + { + "name": "http://support.apple.com/kb/HT2352", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT2352" + }, + { + "name": "ADV-2008-2093", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2093/references" + }, + { + "name": "31060", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31060" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3240.json b/2008/3xxx/CVE-2008-3240.json index c3307ea74a2..867154ba662 100644 --- a/2008/3xxx/CVE-2008-3240.json +++ b/2008/3xxx/CVE-2008-3240.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3240", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in AlstraSoft Affiliate Network Pro allows remote attackers to execute arbitrary SQL commands via the pgm parameter in a directory action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6087", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6087" - }, - { - "name" : "30259", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30259" - }, - { - "name" : "ADV-2008-2122", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2122/references" - }, - { - "name" : "31112", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31112" - }, - { - "name" : "4016", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4016" - }, - { - "name" : "alstrasoft-pgm-sql-injection(43848)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43848" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in AlstraSoft Affiliate Network Pro allows remote attackers to execute arbitrary SQL commands via the pgm parameter in a directory action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4016", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4016" + }, + { + "name": "30259", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30259" + }, + { + "name": "alstrasoft-pgm-sql-injection(43848)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43848" + }, + { + "name": "6087", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6087" + }, + { + "name": "31112", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31112" + }, + { + "name": "ADV-2008-2122", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2122/references" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3400.json b/2008/3xxx/CVE-2008-3400.json index d8d1ee2db36..2339b4df489 100644 --- a/2008/3xxx/CVE-2008-3400.json +++ b/2008/3xxx/CVE-2008-3400.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080725 XRMS 1.99.2 (RFI/XSS/IG) Multiple Remote Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494754/100/0/threaded" - }, - { - "name" : "6131", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6131" - }, - { - "name" : "31233", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31233" - }, - { - "name" : "4081", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4081" - }, - { - "name" : "xrmscrm-info-info-disclosure(43995)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6131", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6131" + }, + { + "name": "31233", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31233" + }, + { + "name": "xrmscrm-info-info-disclosure(43995)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43995" + }, + { + "name": "20080725 XRMS 1.99.2 (RFI/XSS/IG) Multiple Remote Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494754/100/0/threaded" + }, + { + "name": "4081", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4081" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3564.json b/2008/3xxx/CVE-2008-3564.json index 4ab65c3c57b..fe0e27b0481 100644 --- a/2008/3xxx/CVE-2008-3564.json +++ b/2008/3xxx/CVE-2008-3564.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p, (2) cat, and (3) archive parameters. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6203", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6203" - }, - { - "name" : "30538", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30538" - }, - { - "name" : "4122", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4122" - }, - { - "name" : "dayfoxblog-cat-archive-file-include(44203)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44203" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in index.php in Dayfox Blog 4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) p, (2) cat, and (3) archive parameters. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dayfoxblog-cat-archive-file-include(44203)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44203" + }, + { + "name": "6203", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6203" + }, + { + "name": "30538", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30538" + }, + { + "name": "4122", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4122" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3852.json b/2008/3xxx/CVE-2008-3852.json index e0cee8f28ed..b38db2c2abb 100644 --- a/2008/3xxx/CVE-2008-3852.json +++ b/2008/3xxx/CVE-2008-3852.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080916 Team SHATTER Security Advisory: Security Vulnerability in CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496405/100/0/threaded" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21255607", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21255607" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21293566", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21293566" - }, - { - "name" : "JR28432", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1JR28432" - }, - { - "name" : "JR28431", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1JR28431" - }, - { - "name" : "29601", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29601" - }, - { - "name" : "ADV-2008-1769", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1769" - }, - { - "name" : "ADV-2008-2445", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2445" - }, - { - "name" : "1020761", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020761" - }, - { - "name" : "30558", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30558" - }, - { - "name" : "31635", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31635" - }, - { - "name" : "ibm-db2-clr-unspecified(42927)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42927" - }, - { - "name" : "ibm-db2-clr-visualstudio-unspecified(44697)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21255607" + }, + { + "name": "JR28432", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1JR28432" + }, + { + "name": "1020761", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020761" + }, + { + "name": "20080916 Team SHATTER Security Advisory: Security Vulnerability in CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496405/100/0/threaded" + }, + { + "name": "JR28431", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1JR28431" + }, + { + "name": "ibm-db2-clr-visualstudio-unspecified(44697)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44697" + }, + { + "name": "ADV-2008-1769", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1769" + }, + { + "name": "29601", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29601" + }, + { + "name": "ADV-2008-2445", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2445" + }, + { + "name": "31635", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31635" + }, + { + "name": "ibm-db2-clr-unspecified(42927)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42927" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21293566", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21293566" + }, + { + "name": "30558", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30558" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6324.json b/2008/6xxx/CVE-2008-6324.json index c52d7a73e14..f315de73093 100644 --- a/2008/6xxx/CVE-2008-6324.json +++ b/2008/6xxx/CVE-2008-6324.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in forummessages.cfm in CF_Forum allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7416", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7416" - }, - { - "name" : "32767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32767" - }, - { - "name" : "33064", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33064" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in forummessages.cfm in CF_Forum allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33064", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33064" + }, + { + "name": "7416", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7416" + }, + { + "name": "32767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32767" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6473.json b/2008/6xxx/CVE-2008-6473.json index ed3d232497a..e9f71eef562 100644 --- a/2008/6xxx/CVE-2008-6473.json +++ b/2008/6xxx/CVE-2008-6473.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "_blogadata/include/init_pass2.php in Blogator-script 0.95 allows remote attackers to change the password for arbitrary users via a modified \"a\" parameter with a \"%\" wildcard symbol in the b parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080405 Blogator-script 0.95 Change User Password Vulnerbility", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/490501/100/0/threaded" - }, - { - "name" : "5370", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5370" - }, - { - "name" : "51227", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51227" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "_blogadata/include/init_pass2.php in Blogator-script 0.95 allows remote attackers to change the password for arbitrary users via a modified \"a\" parameter with a \"%\" wildcard symbol in the b parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5370", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5370" + }, + { + "name": "20080405 Blogator-script 0.95 Change User Password Vulnerbility", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/490501/100/0/threaded" + }, + { + "name": "51227", + "refsource": "OSVDB", + "url": "http://osvdb.org/51227" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7056.json b/2008/7xxx/CVE-2008-7056.json index 5b5f0c136b6..d8b66e95fa9 100644 --- a/2008/7xxx/CVE-2008-7056.json +++ b/2008/7xxx/CVE-2008-7056.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7056", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote attackers to obtain copies of the database via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7056", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6286", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6286" - }, - { - "name" : "30788", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30788" - }, - { - "name" : "21992", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21992" - }, - { - "name" : "bandsitecms-phpmydump-info-disclosure(44588)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44588" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote attackers to obtain copies of the database via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "21992", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21992" + }, + { + "name": "30788", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30788" + }, + { + "name": "6286", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6286" + }, + { + "name": "bandsitecms-phpmydump-info-disclosure(44588)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44588" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7297.json b/2008/7xxx/CVE-2008-7297.json index 32e88310c9b..5b5379c26c0 100644 --- a/2008/7xxx/CVE-2008-7297.json +++ b/2008/7xxx/CVE-2008-7297.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7297", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a \"cookie forcing\" issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7297", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies", - "refsource" : "MISC", - "url" : "http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies" - }, - { - "name" : "http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html", - "refsource" : "MISC", - "url" : "http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html" - }, - { - "name" : "http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html", - "refsource" : "MISC", - "url" : "http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html" - }, - { - "name" : "http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html", - "refsource" : "MISC", - "url" : "http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=660053", - "refsource" : "MISC", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=660053" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a \"cookie forcing\" issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html", + "refsource": "MISC", + "url": "http://michael-coates.blogspot.com/2010/01/cookie-forcing-trust-your-cookies-no.html" + }, + { + "name": "http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies", + "refsource": "MISC", + "url": "http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_cookies" + }, + { + "name": "http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html", + "refsource": "MISC", + "url": "http://scarybeastsecurity.blogspot.com/2011/02/some-less-obvious-benefits-of-hsts.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=660053", + "refsource": "MISC", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=660053" + }, + { + "name": "http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html", + "refsource": "MISC", + "url": "http://scarybeastsecurity.blogspot.com/2008/11/cookie-forcing.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5117.json b/2012/5xxx/CVE-2012-5117.json index 4b84cfdb1dc..5930ed126e3 100644 --- a/2012/5xxx/CVE-2012-5117.json +++ b/2012/5xxx/CVE-2012-5117.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in the context of an IMG element, which has unspecified impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-5117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=145915", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=145915" - }, - { - "name" : "56413", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56413" - }, - { - "name" : "87076", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87076" - }, - { - "name" : "oval:org.mitre.oval:def:15912", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15912" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in the context of an IMG element, which has unspecified impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15912", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15912" + }, + { + "name": "56413", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56413" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=145915", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=145915" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html" + }, + { + "name": "87076", + "refsource": "OSVDB", + "url": "http://osvdb.org/87076" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5120.json b/2012/5xxx/CVE-2012-5120.json index 783cf842c42..e3926c40d44 100644 --- a/2012/5xxx/CVE-2012-5120.json +++ b/2012/5xxx/CVE-2012-5120.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, on 64-bit Linux platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to an array." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-5120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=150729", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=150729" - }, - { - "name" : "56413", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56413" - }, - { - "name" : "87085", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87085" - }, - { - "name" : "chrome-cve20125120-code-exec(79867)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.64, on 64-bit Linux platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to an array." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56413", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56413" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=150729", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=150729" + }, + { + "name": "87085", + "refsource": "OSVDB", + "url": "http://osvdb.org/87085" + }, + { + "name": "chrome-cve20125120-code-exec(79867)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79867" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5998.json b/2012/5xxx/CVE-2012-5998.json index 698dd25217b..a3478ed208b 100644 --- a/2012/5xxx/CVE-2012-5998.json +++ b/2012/5xxx/CVE-2012-5998.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5998", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5998", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11117.json b/2017/11xxx/CVE-2017-11117.json index 0acc6d61497..49b5e86fb43 100644 --- a/2017/11xxx/CVE-2017-11117.json +++ b/2017/11xxx/CVE-2017-11117.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ExifImageFile::readDHT function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted jpg file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jul/77", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jul/77" - }, - { - "name" : "https://sourceforge.net/p/openexif/bugs/18/", - "refsource" : "MISC", - "url" : "https://sourceforge.net/p/openexif/bugs/18/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ExifImageFile::readDHT function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted jpg file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/openexif/bugs/18/", + "refsource": "MISC", + "url": "https://sourceforge.net/p/openexif/bugs/18/" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Jul/77", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Jul/77" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11610.json b/2017/11xxx/CVE-2017-11610.json index 62967de9e03..11c721c3fa2 100644 --- a/2017/11xxx/CVE-2017-11610.json +++ b/2017/11xxx/CVE-2017-11610.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42779", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42779/" - }, - { - "name" : "https://github.com/Supervisor/supervisor/blob/3.0.1/CHANGES.txt", - "refsource" : "CONFIRM", - "url" : "https://github.com/Supervisor/supervisor/blob/3.0.1/CHANGES.txt" - }, - { - "name" : "https://github.com/Supervisor/supervisor/blob/3.1.4/CHANGES.txt", - "refsource" : "CONFIRM", - "url" : "https://github.com/Supervisor/supervisor/blob/3.1.4/CHANGES.txt" - }, - { - "name" : "https://github.com/Supervisor/supervisor/blob/3.2.4/CHANGES.txt", - "refsource" : "CONFIRM", - "url" : "https://github.com/Supervisor/supervisor/blob/3.2.4/CHANGES.txt" - }, - { - "name" : "https://github.com/Supervisor/supervisor/blob/3.3.3/CHANGES.txt", - "refsource" : "CONFIRM", - "url" : "https://github.com/Supervisor/supervisor/blob/3.3.3/CHANGES.txt" - }, - { - "name" : "https://github.com/Supervisor/supervisor/issues/964", - "refsource" : "CONFIRM", - "url" : "https://github.com/Supervisor/supervisor/issues/964" - }, - { - "name" : "DSA-3942", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3942" - }, - { - "name" : "FEDORA-2017-307eab89e1", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMSCGMM477N64Z3BM34RWYBGSLK466B/" - }, - { - "name" : "FEDORA-2017-713430fb15", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQ/" - }, - { - "name" : "FEDORA-2017-85eb9f7a36", - "refsource" : "FEDORA", - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTPDZV4ZRICDYAYZVUHSYZAYDLRMG2IM/" - }, - { - "name" : "GLSA-201709-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-06" - }, - { - "name" : "RHSA-2017:3005", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3005" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:3005", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3005" + }, + { + "name": "https://github.com/Supervisor/supervisor/blob/3.3.3/CHANGES.txt", + "refsource": "CONFIRM", + "url": "https://github.com/Supervisor/supervisor/blob/3.3.3/CHANGES.txt" + }, + { + "name": "https://github.com/Supervisor/supervisor/blob/3.0.1/CHANGES.txt", + "refsource": "CONFIRM", + "url": "https://github.com/Supervisor/supervisor/blob/3.0.1/CHANGES.txt" + }, + { + "name": "https://github.com/Supervisor/supervisor/blob/3.2.4/CHANGES.txt", + "refsource": "CONFIRM", + "url": "https://github.com/Supervisor/supervisor/blob/3.2.4/CHANGES.txt" + }, + { + "name": "FEDORA-2017-307eab89e1", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMSCGMM477N64Z3BM34RWYBGSLK466B/" + }, + { + "name": "FEDORA-2017-85eb9f7a36", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTPDZV4ZRICDYAYZVUHSYZAYDLRMG2IM/" + }, + { + "name": "https://github.com/Supervisor/supervisor/blob/3.1.4/CHANGES.txt", + "refsource": "CONFIRM", + "url": "https://github.com/Supervisor/supervisor/blob/3.1.4/CHANGES.txt" + }, + { + "name": "FEDORA-2017-713430fb15", + "refsource": "FEDORA", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQ/" + }, + { + "name": "DSA-3942", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3942" + }, + { + "name": "https://github.com/Supervisor/supervisor/issues/964", + "refsource": "CONFIRM", + "url": "https://github.com/Supervisor/supervisor/issues/964" + }, + { + "name": "42779", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42779/" + }, + { + "name": "GLSA-201709-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-06" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11912.json b/2017/11xxx/CVE-2017-11912.json index 2d8a51e5d5e..722a02a5ac4 100644 --- a/2017/11xxx/CVE-2017-11912.json +++ b/2017/11xxx/CVE-2017-11912.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-12-12T00:00:00", - "ID" : "CVE-2017-11912", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ChakraCore, Microsoft Edge, Internet Explorer", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-12-12T00:00:00", + "ID": "CVE-2017-11912", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ChakraCore, Microsoft Edge, Internet Explorer", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11912", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11912" - }, - { - "name" : "102092", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102092" - }, - { - "name" : "1039990", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039990" - }, - { - "name" : "1039991", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039991" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11912", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11912" + }, + { + "name": "102092", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102092" + }, + { + "name": "1039990", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039990" + }, + { + "name": "1039991", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039991" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11991.json b/2017/11xxx/CVE-2017-11991.json index 606561424fb..2e0b0459aa8 100644 --- a/2017/11xxx/CVE-2017-11991.json +++ b/2017/11xxx/CVE-2017-11991.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11991", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11991", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15071.json b/2017/15xxx/CVE-2017-15071.json index b28963fb1d2..dd37ae15e95 100644 --- a/2017/15xxx/CVE-2017-15071.json +++ b/2017/15xxx/CVE-2017-15071.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15071", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15071", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15257.json b/2017/15xxx/CVE-2017-15257.json index 560c493f74b..f51d1e9c6c7 100644 --- a/2017/15xxx/CVE-2017-15257.json +++ b/2017/15xxx/CVE-2017-15257.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to \"Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x000000000009174a.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15257", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15257" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to \"Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x000000000009174a.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15257", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15257" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15630.json b/2017/15xxx/CVE-2017-15630.json index 67c1a51cdc1..adfe318ea1c 100644 --- a/2017/15xxx/CVE-2017-15630.json +++ b/2017/15xxx/CVE-2017-15630.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15630", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptp_client.lua file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/541655/100/0/threaded" - }, - { - "name" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt", - "refsource" : "MISC", - "url" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-remotesubnet variable in the pptp_client.lua file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt", + "refsource": "MISC", + "url": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt" + }, + { + "name": "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/541655/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15663.json b/2017/15xxx/CVE-2017-15663.json index eefd0ba9f66..e19246b0058 100644 --- a/2017/15xxx/CVE-2017-15663.json +++ b/2017/15xxx/CVE-2017-15663.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15663", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43452", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43452/" - }, - { - "name" : "43589", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43589/" - }, - { - "name" : "http://packetstormsecurity.com/files/145763/Disk-Pulse-Enterprise-10.1.18-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/145763/Disk-Pulse-Enterprise-10.1.18-Denial-Of-Service.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/145763/Disk-Pulse-Enterprise-10.1.18-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/145763/Disk-Pulse-Enterprise-10.1.18-Denial-Of-Service.html" + }, + { + "name": "43589", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43589/" + }, + { + "name": "43452", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43452/" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8049.json b/2017/8xxx/CVE-2017-8049.json index 066c887f085..c560e9f0919 100644 --- a/2017/8xxx/CVE-2017-8049.json +++ b/2017/8xxx/CVE-2017-8049.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8049", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-8049", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8583.json b/2017/8xxx/CVE-2017-8583.json index 1d12d2d02a5..6d16cf65f6e 100644 --- a/2017/8xxx/CVE-2017-8583.json +++ b/2017/8xxx/CVE-2017-8583.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8583", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8583", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12036.json b/2018/12xxx/CVE-2018-12036.json index 1db018cb847..bc5d9ff2cba 100644 --- a/2018/12xxx/CVE-2018-12036.json +++ b/2018/12xxx/CVE-2018-12036.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12036", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jeremylong/DependencyCheck/blob/master/RELEASE_NOTES.md#version-320-2018-05-21", - "refsource" : "MISC", - "url" : "https://github.com/jeremylong/DependencyCheck/blob/master/RELEASE_NOTES.md#version-320-2018-05-21" - }, - { - "name" : "https://github.com/snyk/zip-slip-vulnerability", - "refsource" : "MISC", - "url" : "https://github.com/snyk/zip-slip-vulnerability" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/jeremylong/DependencyCheck/blob/master/RELEASE_NOTES.md#version-320-2018-05-21", + "refsource": "MISC", + "url": "https://github.com/jeremylong/DependencyCheck/blob/master/RELEASE_NOTES.md#version-320-2018-05-21" + }, + { + "name": "https://github.com/snyk/zip-slip-vulnerability", + "refsource": "MISC", + "url": "https://github.com/snyk/zip-slip-vulnerability" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12120.json b/2018/12xxx/CVE-2018-12120.json index edd5a598ccc..faa500f45b7 100644 --- a/2018/12xxx/CVE-2018-12120.json +++ b/2018/12xxx/CVE-2018-12120.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-request@iojs.org", - "ID" : "CVE-2018-12120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Node.js", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to Node.js 6.15.0" - } - ] - } - } - ] - }, - "vendor_name" : "The Node.js Project" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-419: Unprotected Primary Channel" - } + "CVE_data_meta": { + "ASSIGNER": "cve-request@iojs.org", + "ID": "CVE-2018-12120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Node.js", + "version": { + "version_data": [ + { + "version_value": "All versions prior to Node.js 6.15.0" + } + ] + } + } + ] + }, + "vendor_name": "The Node.js Project" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", - "refsource" : "CONFIRM", - "url" : "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" - }, - { - "name" : "106040", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-419: Unprotected Primary Channel" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/", + "refsource": "CONFIRM", + "url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/" + }, + { + "name": "106040", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106040" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12166.json b/2018/12xxx/CVE-2018-12166.json index f3e2ddf32ac..2aa8277e68c 100644 --- a/2018/12xxx/CVE-2018-12166.json +++ b/2018/12xxx/CVE-2018-12166.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@intel.com", - "DATE_PUBLIC" : "2019-01-08T00:00:00", - "ID" : "CVE-2018-12166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intel(R) Optane(TM) SSD DC P4800X", - "version" : { - "version_data" : [ - { - "version_value" : "before version E2010435." - } - ] - } - } - ] - }, - "vendor_name" : "Intel Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient write protection in firmware for Intel(R) Optane(TM) SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "secure@intel.com", + "DATE_PUBLIC": "2019-01-08T00:00:00", + "ID": "CVE-2018-12166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intel(R) Optane(TM) SSD DC P4800X", + "version": { + "version_data": [ + { + "version_value": "before version E2010435." + } + ] + } + } + ] + }, + "vendor_name": "Intel Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00175.html", - "refsource" : "CONFIRM", - "url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00175.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient write protection in firmware for Intel(R) Optane(TM) SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00175.html", + "refsource": "CONFIRM", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00175.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12902.json b/2018/12xxx/CVE-2018-12902.json index 3ba433e5f41..6bd7320f0f9 100644 --- a/2018/12xxx/CVE-2018-12902.json +++ b/2018/12xxx/CVE-2018-12902.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12902", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Easy Magazine through 2012-10-26, there is XSS in the search bar of the web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12902", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/lzlzh2016/easymagazine/blob/master/xx1.md", - "refsource" : "MISC", - "url" : "https://github.com/lzlzh2016/easymagazine/blob/master/xx1.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Easy Magazine through 2012-10-26, there is XSS in the search bar of the web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/lzlzh2016/easymagazine/blob/master/xx1.md", + "refsource": "MISC", + "url": "https://github.com/lzlzh2016/easymagazine/blob/master/xx1.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12917.json b/2018/12xxx/CVE-2018-12917.json index 1056c6e5198..4f38aa92376 100644 --- a/2018/12xxx/CVE-2018-12917.json +++ b/2018/12xxx/CVE-2018-12917.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In libpbc.a in PBC through 2017-03-02, there is a heap-based buffer over-read in _pbcM_ip_new in map.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/cloudwu/pbc/issues/119", - "refsource" : "MISC", - "url" : "https://github.com/cloudwu/pbc/issues/119" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In libpbc.a in PBC through 2017-03-02, there is a heap-based buffer over-read in _pbcM_ip_new in map.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/cloudwu/pbc/issues/119", + "refsource": "MISC", + "url": "https://github.com/cloudwu/pbc/issues/119" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13287.json b/2018/13xxx/CVE-2018-13287.json index 22cbf345f0b..d507c2b4620 100644 --- a/2018/13xxx/CVE-2018-13287.json +++ b/2018/13xxx/CVE-2018-13287.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13287", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13287", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13343.json b/2018/13xxx/CVE-2018-13343.json index 64636634e77..1eb6b663dcb 100644 --- a/2018/13xxx/CVE-2018-13343.json +++ b/2018/13xxx/CVE-2018-13343.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13343", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13343", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13793.json b/2018/13xxx/CVE-2018-13793.json index 5b636ab256c..180b9fbddba 100644 --- a/2018/13xxx/CVE-2018-13793.json +++ b/2018/13xxx/CVE-2018-13793.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://abbyydownloads.com/fc12/PreviousReleaseNotes/ReleaseNotes_FC12_R1_U3_1299.18_build_12.0.1.516.pdf", - "refsource" : "MISC", - "url" : "http://abbyydownloads.com/fc12/PreviousReleaseNotes/ReleaseNotes_FC12_R1_U3_1299.18_build_12.0.1.516.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://abbyydownloads.com/fc12/PreviousReleaseNotes/ReleaseNotes_FC12_R1_U3_1299.18_build_12.0.1.516.pdf", + "refsource": "MISC", + "url": "http://abbyydownloads.com/fc12/PreviousReleaseNotes/ReleaseNotes_FC12_R1_U3_1299.18_build_12.0.1.516.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16205.json b/2018/16xxx/CVE-2018-16205.json index a058da5a478..4f164760702 100644 --- a/2018/16xxx/CVE-2018-16205.json +++ b/2018/16xxx/CVE-2018-16205.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2018-16205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "GROWI", - "version" : { - "version_data" : [ - { - "version_value" : "v3.2.3 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "WESEEK, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via New Page modal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2018-16205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GROWI", + "version": { + "version_data": [ + { + "version_value": "v3.2.3 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "WESEEK, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://weseek.co.jp/security/2018/12/25/growi-prevent-xss2/", - "refsource" : "MISC", - "url" : "https://weseek.co.jp/security/2018/12/25/growi-prevent-xss2/" - }, - { - "name" : "JVN#96493183", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN96493183/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via New Page modal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#96493183", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN96493183/index.html" + }, + { + "name": "https://weseek.co.jp/security/2018/12/25/growi-prevent-xss2/", + "refsource": "MISC", + "url": "https://weseek.co.jp/security/2018/12/25/growi-prevent-xss2/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16237.json b/2018/16xxx/CVE-2018-16237.json index d7080adb474..616acf092a0 100644 --- a/2018/16xxx/CVE-2018-16237.json +++ b/2018/16xxx/CVE-2018-16237.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16237", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/howchen/howchen/issues/2", - "refsource" : "MISC", - "url" : "https://github.com/howchen/howchen/issues/2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in damiCMS V6.0.1. There is Directory Traversal via '|' characters in the s parameter to admin.php, as demonstrated by an admin.php?s=Tpl/Add/id/c:|windows|win.ini URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/howchen/howchen/issues/2", + "refsource": "MISC", + "url": "https://github.com/howchen/howchen/issues/2" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16385.json b/2018/16xxx/CVE-2018-16385.json index 98a4c20e871..01138774ccc 100644 --- a/2018/16xxx/CVE-2018-16385.json +++ b/2018/16xxx/CVE-2018-16385.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/top-think/framework/issues/1375", - "refsource" : "MISC", - "url" : "https://github.com/top-think/framework/issues/1375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/top-think/framework/issues/1375", + "refsource": "MISC", + "url": "https://github.com/top-think/framework/issues/1375" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17227.json b/2018/17xxx/CVE-2018-17227.json index 930cdeda7b9..0e118e95b7d 100644 --- a/2018/17xxx/CVE-2018-17227.json +++ b/2018/17xxx/CVE-2018-17227.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17227", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17227", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4125.json b/2018/4xxx/CVE-2018-4125.json index dadb7063b4c..81ba51c952f 100644 --- a/2018/4xxx/CVE-2018-4125.json +++ b/2018/4xxx/CVE-2018-4125.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2018-4125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2018-4125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208693", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208693" - }, - { - "name" : "https://support.apple.com/HT208694", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208694" - }, - { - "name" : "https://support.apple.com/HT208695", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208695" - }, - { - "name" : "https://support.apple.com/HT208696", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208696" - }, - { - "name" : "https://support.apple.com/HT208697", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208697" - }, - { - "name" : "https://support.apple.com/HT208698", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208698" - }, - { - "name" : "GLSA-201808-04", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201808-04" - }, - { - "name" : "USN-3635-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3635-1/" - }, - { - "name" : "1040604", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040604" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1040604", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040604" + }, + { + "name": "https://support.apple.com/HT208698", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208698" + }, + { + "name": "GLSA-201808-04", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201808-04" + }, + { + "name": "https://support.apple.com/HT208696", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208696" + }, + { + "name": "https://support.apple.com/HT208693", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208693" + }, + { + "name": "https://support.apple.com/HT208694", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208694" + }, + { + "name": "https://support.apple.com/HT208697", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208697" + }, + { + "name": "USN-3635-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3635-1/" + }, + { + "name": "https://support.apple.com/HT208695", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208695" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4340.json b/2018/4xxx/CVE-2018-4340.json index f22adb7669f..67954bd423b 100644 --- a/2018/4xxx/CVE-2018-4340.json +++ b/2018/4xxx/CVE-2018-4340.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4340", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4340", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4381.json b/2018/4xxx/CVE-2018-4381.json index d8ed731351f..5a746bd9c0d 100644 --- a/2018/4xxx/CVE-2018-4381.json +++ b/2018/4xxx/CVE-2018-4381.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4381", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4381", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4445.json b/2018/4xxx/CVE-2018-4445.json index 56f10983114..bec77ee116e 100644 --- a/2018/4xxx/CVE-2018-4445.json +++ b/2018/4xxx/CVE-2018-4445.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4445", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4445", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4595.json b/2018/4xxx/CVE-2018-4595.json index 0f50fa02276..c2bc5be38df 100644 --- a/2018/4xxx/CVE-2018-4595.json +++ b/2018/4xxx/CVE-2018-4595.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4595", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4595", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file