From f01fd78ee5bc9b4378f2899c23f5e8e02b6d06be Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 04:09:46 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/0xxx/CVE-2004-0400.json | 160 +++++++++++++------------- 2004/0xxx/CVE-2004-0475.json | 140 +++++++++++------------ 2004/0xxx/CVE-2004-0749.json | 160 +++++++++++++------------- 2004/1xxx/CVE-2004-1439.json | 170 ++++++++++++++-------------- 2004/1xxx/CVE-2004-1559.json | 160 +++++++++++++------------- 2004/1xxx/CVE-2004-1749.json | 150 ++++++++++++------------- 2004/1xxx/CVE-2004-1766.json | 190 +++++++++++++++---------------- 2004/1xxx/CVE-2004-1937.json | 170 ++++++++++++++-------------- 2004/1xxx/CVE-2004-1941.json | 180 ++++++++++++++--------------- 2004/2xxx/CVE-2004-2079.json | 190 +++++++++++++++---------------- 2004/2xxx/CVE-2004-2168.json | 160 +++++++++++++------------- 2004/2xxx/CVE-2004-2707.json | 160 +++++++++++++------------- 2008/2xxx/CVE-2008-2068.json | 140 +++++++++++------------ 2008/2xxx/CVE-2008-2118.json | 150 ++++++++++++------------- 2008/2xxx/CVE-2008-2210.json | 160 +++++++++++++------------- 2008/2xxx/CVE-2008-2758.json | 170 ++++++++++++++-------------- 2008/3xxx/CVE-2008-3616.json | 180 ++++++++++++++--------------- 2008/6xxx/CVE-2008-6591.json | 160 +++++++++++++------------- 2008/6xxx/CVE-2008-6797.json | 140 +++++++++++------------ 2008/6xxx/CVE-2008-6869.json | 140 +++++++++++------------ 2008/6xxx/CVE-2008-6926.json | 200 ++++++++++++++++----------------- 2008/7xxx/CVE-2008-7086.json | 140 +++++++++++------------ 2012/5xxx/CVE-2012-5194.json | 34 +++--- 2012/5xxx/CVE-2012-5828.json | 34 +++--- 2017/11xxx/CVE-2017-11036.json | 34 +++--- 2017/11xxx/CVE-2017-11321.json | 130 ++++++++++----------- 2017/11xxx/CVE-2017-11902.json | 34 +++--- 2017/11xxx/CVE-2017-11936.json | 142 +++++++++++------------ 2017/14xxx/CVE-2017-14054.json | 140 +++++++++++------------ 2017/14xxx/CVE-2017-14433.json | 122 ++++++++++---------- 2017/14xxx/CVE-2017-14893.json | 132 +++++++++++----------- 2017/15xxx/CVE-2017-15066.json | 34 +++--- 2017/15xxx/CVE-2017-15131.json | 132 +++++++++++----------- 2017/15xxx/CVE-2017-15442.json | 34 +++--- 2017/15xxx/CVE-2017-15635.json | 130 ++++++++++----------- 2017/15xxx/CVE-2017-15780.json | 120 ++++++++++---------- 2017/8xxx/CVE-2017-8186.json | 122 ++++++++++---------- 2017/8xxx/CVE-2017-8471.json | 150 ++++++++++++------------- 2018/12xxx/CVE-2018-12089.json | 120 ++++++++++---------- 2018/12xxx/CVE-2018-12094.json | 130 ++++++++++----------- 2018/12xxx/CVE-2018-12867.json | 140 +++++++++++------------ 2018/13xxx/CVE-2018-13104.json | 83 +++++++++++--- 2018/13xxx/CVE-2018-13644.json | 130 ++++++++++----------- 2018/16xxx/CVE-2018-16419.json | 140 +++++++++++------------ 2018/16xxx/CVE-2018-16503.json | 34 +++--- 2018/16xxx/CVE-2018-16898.json | 34 +++--- 2018/17xxx/CVE-2018-17084.json | 34 +++--- 2018/4xxx/CVE-2018-4338.json | 34 +++--- 2018/4xxx/CVE-2018-4438.json | 34 +++--- 2018/4xxx/CVE-2018-4624.json | 34 +++--- 50 files changed, 3045 insertions(+), 2996 deletions(-) diff --git a/2004/0xxx/CVE-2004-0400.json b/2004/0xxx/CVE-2004-0400.json index 9b366d65f6c..190ce1f726b 100644 --- a/2004/0xxx/CVE-2004-0400.json +++ b/2004/0xxx/CVE-2004-0400.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040506 Buffer overflows in exim, yet still exim much better than windows", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021015.html" - }, - { - "name" : "http://www.guninski.com/exim1.html", - "refsource" : "MISC", - "url" : "http://www.guninski.com/exim1.html" - }, - { - "name" : "DSA-501", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-501" - }, - { - "name" : "DSA-502", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-502" - }, - { - "name" : "exim-headerschecksyntax-bo(16077)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16077" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-502", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-502" + }, + { + "name": "DSA-501", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-501" + }, + { + "name": "20040506 Buffer overflows in exim, yet still exim much better than windows", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021015.html" + }, + { + "name": "http://www.guninski.com/exim1.html", + "refsource": "MISC", + "url": "http://www.guninski.com/exim1.html" + }, + { + "name": "exim-headerschecksyntax-bo(16077)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16077" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0475.json b/2004/0xxx/CVE-2004-0475.json index 1df424aa0f5..d69c5dfe92a 100644 --- a/2004/0xxx/CVE-2004-0475.json +++ b/2004/0xxx/CVE-2004-0475.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash (\"\\\\\") before the target CHM file, as demonstrated using an \"ms-its\" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040513 Showhelp() local CHM file execution", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/363202" - }, - { - "name" : "ie-showhelp-chm-execution(16147)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16147" - }, - { - "name" : "10348", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10348" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash (\"\\\\\") before the target CHM file, as demonstrated using an \"ms-its\" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10348", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10348" + }, + { + "name": "20040513 Showhelp() local CHM file execution", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/363202" + }, + { + "name": "ie-showhelp-chm-execution(16147)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16147" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0749.json b/2004/0xxx/CVE-2004-0749.json index 0b5390830dc..87df48ee7e1 100644 --- a/2004/0xxx/CVE-2004-0749.json +++ b/2004/0xxx/CVE-2004-0749.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FEDORA-2004-318", - "refsource" : "FEDORA", - "url" : "http://fedoranews.org/updates/FEDORA-2004-318.shtml" - }, - { - "name" : "GLSA-200409-35", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200409-35.xml" - }, - { - "name" : "http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt", - "refsource" : "CONFIRM", - "url" : "http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt" - }, - { - "name" : "11243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11243" - }, - { - "name" : "subversion-information-disclosure(17472)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17472" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FEDORA-2004-318", + "refsource": "FEDORA", + "url": "http://fedoranews.org/updates/FEDORA-2004-318.shtml" + }, + { + "name": "subversion-information-disclosure(17472)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17472" + }, + { + "name": "11243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11243" + }, + { + "name": "http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt", + "refsource": "CONFIRM", + "url": "http://subversion.tigris.org/security/CAN-2004-0749-advisory.txt" + }, + { + "name": "GLSA-200409-35", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-35.xml" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1439.json b/2004/1xxx/CVE-2004-1439.json index 9c808dcf226..7e065787f72 100644 --- a/2004/1xxx/CVE-2004-1439.json +++ b/2004/1xxx/CVE-2004-1439.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in BlackJumboDog 3.x allows remote attackers to execute arbitrary code via long FTP commands such as (1) USER, (2) PASS, (3) RETR,(4) CWD, (5) XMKD, and (6) XRMD." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.security.org.sg/vuln/bjd361.html", - "refsource" : "MISC", - "url" : "http://www.security.org.sg/vuln/bjd361.html" - }, - { - "name" : "20040910 BlackJumboDog FTP Server version 3.6.1 Buffer Overflow [Exploit included]", - "refsource" : "BUGTRAQ", - "url" : "http://www.ir3ip.net/pipermail/bugtraq/2004-September/009960.html" - }, - { - "name" : "VU#714584", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/714584" - }, - { - "name" : "10834", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10834" - }, - { - "name" : "12203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12203" - }, - { - "name" : "blackjumbodog-long-string-bo(16842)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in BlackJumboDog 3.x allows remote attackers to execute arbitrary code via long FTP commands such as (1) USER, (2) PASS, (3) RETR,(4) CWD, (5) XMKD, and (6) XRMD." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040910 BlackJumboDog FTP Server version 3.6.1 Buffer Overflow [Exploit included]", + "refsource": "BUGTRAQ", + "url": "http://www.ir3ip.net/pipermail/bugtraq/2004-September/009960.html" + }, + { + "name": "blackjumbodog-long-string-bo(16842)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16842" + }, + { + "name": "12203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12203" + }, + { + "name": "http://www.security.org.sg/vuln/bjd361.html", + "refsource": "MISC", + "url": "http://www.security.org.sg/vuln/bjd361.html" + }, + { + "name": "VU#714584", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/714584" + }, + { + "name": "10834", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10834" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1559.json b/2004/1xxx/CVE-2004-1559.json index 73440e3af44..a880e45c168 100644 --- a/2004/1xxx/CVE-2004-1559.json +++ b/2004/1xxx/CVE-2004-1559.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040927 Multiple XSS Vulnerabilities in Wordpress 1.2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109641484723194&w=2" - }, - { - "name" : "11268", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11268" - }, - { - "name" : "1011440", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011440" - }, - { - "name" : "12683", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12683" - }, - { - "name" : "wordpress-multiple-scripts-xss(17532)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wordpress-multiple-scripts-xss(17532)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17532" + }, + { + "name": "12683", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12683" + }, + { + "name": "20040927 Multiple XSS Vulnerabilities in Wordpress 1.2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109641484723194&w=2" + }, + { + "name": "11268", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11268" + }, + { + "name": "1011440", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011440" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1749.json b/2004/1xxx/CVE-2004-1749.json index bab6d32a687..5a1ea9e45bd 100644 --- a/2004/1xxx/CVE-2004-1749.json +++ b/2004/1xxx/CVE-2004-1749.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when configured in a one-armed routing configuration, allows remote attackers to cause a denial of service (CPU consumption) via a large number of HTTP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040825 IRM 010: Top Layer Attack Mitigator IPS 5500 Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109345253016318&w=2" - }, - { - "name" : "11049", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11049" - }, - { - "name" : "12390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12390" - }, - { - "name" : "am-ips5500-http-dos(17125)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when configured in a one-armed routing configuration, allows remote attackers to cause a denial of service (CPU consumption) via a large number of HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040825 IRM 010: Top Layer Attack Mitigator IPS 5500 Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109345253016318&w=2" + }, + { + "name": "11049", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11049" + }, + { + "name": "am-ips5500-http-dos(17125)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17125" + }, + { + "name": "12390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12390" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1766.json b/2004/1xxx/CVE-2004-1766.json index 58e98d499f0..3e483da7d1a 100644 --- a/2004/1xxx/CVE-2004-1766.json +++ b/2004/1xxx/CVE-2004-1766.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default installation of NetScreen-Security Manager before Feature Pack 1 does not enable encryption for communication with devices running ScreenOS 5.0, which allows remote attackers to obtain sensitive information via sniffing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.netscreen.com/services/security/alerts/1_19_04_58290.jsp", - "refsource" : "CONFIRM", - "url" : "http://www.netscreen.com/services/security/alerts/1_19_04_58290.jsp" - }, - { - "name" : "http://www.kb.cert.org/vuls/id/CRDY-5VEU8N", - "refsource" : "CONFIRM", - "url" : "http://www.kb.cert.org/vuls/id/CRDY-5VEU8N" - }, - { - "name" : "http://www.juniper.net/support/security/alerts/58290.txt", - "refsource" : "CONFIRM", - "url" : "http://www.juniper.net/support/security/alerts/58290.txt" - }, - { - "name" : "VU#927630", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/927630" - }, - { - "name" : "9455", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9455" - }, - { - "name" : "3613", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3613" - }, - { - "name" : "10675", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10675" - }, - { - "name" : "netscreen-information-disclosure(14886)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14886" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default installation of NetScreen-Security Manager before Feature Pack 1 does not enable encryption for communication with devices running ScreenOS 5.0, which allows remote attackers to obtain sensitive information via sniffing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#927630", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/927630" + }, + { + "name": "http://www.kb.cert.org/vuls/id/CRDY-5VEU8N", + "refsource": "CONFIRM", + "url": "http://www.kb.cert.org/vuls/id/CRDY-5VEU8N" + }, + { + "name": "9455", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9455" + }, + { + "name": "http://www.netscreen.com/services/security/alerts/1_19_04_58290.jsp", + "refsource": "CONFIRM", + "url": "http://www.netscreen.com/services/security/alerts/1_19_04_58290.jsp" + }, + { + "name": "10675", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10675" + }, + { + "name": "netscreen-information-disclosure(14886)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14886" + }, + { + "name": "3613", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3613" + }, + { + "name": "http://www.juniper.net/support/security/alerts/58290.txt", + "refsource": "CONFIRM", + "url": "http://www.juniper.net/support/security/alerts/58290.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1937.json b/2004/1xxx/CVE-2004-1937.json index a3b81870c07..272ddb42bd3 100644 --- a/2004/1xxx/CVE-2004-1937.json +++ b/2004/1xxx/CVE-2004-1937.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be loaded before conf.inc.php via (3) .. sequences in the file parameter with the page parameter set to globals, or (4) ../globals.php in the user_langue parameter, as demonstrated by modifying $nuked[prefix] in the Suggest module." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040417 [SCSA-028] Nuked-Klan Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108222826225823&w=2" - }, - { - "name" : "http://www.phpsecure.info/v2/tutos/frog/Nuked-KlaN.txt", - "refsource" : "MISC", - "url" : "http://www.phpsecure.info/v2/tutos/frog/Nuked-KlaN.txt" - }, - { - "name" : "10104", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10104" - }, - { - "name" : "11341", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11341" - }, - { - "name" : "nuked-klan-file-include(15843)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15843" - }, - { - "name" : "nuked-klan-configurtion-corruption(15844)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be loaded before conf.inc.php via (3) .. sequences in the file parameter with the page parameter set to globals, or (4) ../globals.php in the user_langue parameter, as demonstrated by modifying $nuked[prefix] in the Suggest module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040417 [SCSA-028] Nuked-Klan Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108222826225823&w=2" + }, + { + "name": "nuked-klan-file-include(15843)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15843" + }, + { + "name": "http://www.phpsecure.info/v2/tutos/frog/Nuked-KlaN.txt", + "refsource": "MISC", + "url": "http://www.phpsecure.info/v2/tutos/frog/Nuked-KlaN.txt" + }, + { + "name": "nuked-klan-configurtion-corruption(15844)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15844" + }, + { + "name": "11341", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11341" + }, + { + "name": "10104", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10104" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1941.json b/2004/1xxx/CVE-2004-1941.json index b375999311f..e4fd13bccd5 100644 --- a/2004/1xxx/CVE-2004-1941.json +++ b/2004/1xxx/CVE-2004-1941.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to cause a denial of service via a username that does not exist." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040419 DoS in NETFile FTP/Web Server", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108239249613861&w=2" - }, - { - "name" : "http://www.autistici.org/fdonato/advisory/FastreamNETFileFWServer6.5.1.980-adv.txt", - "refsource" : "MISC", - "url" : "http://www.autistici.org/fdonato/advisory/FastreamNETFileFWServer6.5.1.980-adv.txt" - }, - { - "name" : "10169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10169" - }, - { - "name" : "5548", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5548" - }, - { - "name" : "1009868", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009868" - }, - { - "name" : "11428", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11428" - }, - { - "name" : "fastream-user-pass-dos(15899)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15899" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to cause a denial of service via a username that does not exist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5548", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5548" + }, + { + "name": "10169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10169" + }, + { + "name": "http://www.autistici.org/fdonato/advisory/FastreamNETFileFWServer6.5.1.980-adv.txt", + "refsource": "MISC", + "url": "http://www.autistici.org/fdonato/advisory/FastreamNETFileFWServer6.5.1.980-adv.txt" + }, + { + "name": "1009868", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009868" + }, + { + "name": "fastream-user-pass-dos(15899)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15899" + }, + { + "name": "11428", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11428" + }, + { + "name": "20040419 DoS in NETFile FTP/Web Server", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108239249613861&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2079.json b/2004/2xxx/CVE-2004-2079.json index d5f8ca721fe..c7fa7b0896f 100644 --- a/2004/2xxx/CVE-2004-2079.json +++ b/2004/2xxx/CVE-2004-2079.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows remote attackers to bypass authentication by connecting from the same IP address as an active authenticated user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040209 Red-M Red-Alert Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/353211" - }, - { - "name" : "20040209 Red-M Red-Alert Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=107635119005407&w=2" - }, - { - "name" : "http://genhex.org/releases/031003.txt", - "refsource" : "MISC", - "url" : "http://genhex.org/releases/031003.txt" - }, - { - "name" : "http://www.securiteam.com/securitynews/5SP0C0KC0A.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/securitynews/5SP0C0KC0A.html" - }, - { - "name" : "9618", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9618" - }, - { - "name" : "1009001", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009001" - }, - { - "name" : "3952", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3952" - }, - { - "name" : "redalert-gain-access(15088)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15088" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows remote attackers to bypass authentication by connecting from the same IP address as an active authenticated user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040209 Red-M Red-Alert Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/353211" + }, + { + "name": "20040209 Red-M Red-Alert Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=107635119005407&w=2" + }, + { + "name": "3952", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3952" + }, + { + "name": "1009001", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009001" + }, + { + "name": "9618", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9618" + }, + { + "name": "http://www.securiteam.com/securitynews/5SP0C0KC0A.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/securitynews/5SP0C0KC0A.html" + }, + { + "name": "redalert-gain-access(15088)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15088" + }, + { + "name": "http://genhex.org/releases/031003.txt", + "refsource": "MISC", + "url": "http://genhex.org/releases/031003.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2168.json b/2004/2xxx/CVE-2004-2168.json index 08b5833fc39..b754d54a8aa 100644 --- a/2004/2xxx/CVE-2004-2168.json +++ b/2004/2xxx/CVE-2004-2168.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "BaSoMail 1.24 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections to TCP port (1) 25 (SMTP) or (2) 110 (POP3)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://members.lycos.co.uk/r34ct/main/Baso_mail/Baso_1.24.txt", - "refsource" : "MISC", - "url" : "http://members.lycos.co.uk/r34ct/main/Baso_mail/Baso_1.24.txt" - }, - { - "name" : "3789", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3789" - }, - { - "name" : "1008912", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008912" - }, - { - "name" : "10761", - "refsource" : "SECUNIA", - "url" : "http://www.secunia.com/advisories/10761/" - }, - { - "name" : "basomail-multiple-connection-dos(15002)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15002" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "BaSoMail 1.24 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections to TCP port (1) 25 (SMTP) or (2) 110 (POP3)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10761", + "refsource": "SECUNIA", + "url": "http://www.secunia.com/advisories/10761/" + }, + { + "name": "1008912", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008912" + }, + { + "name": "3789", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3789" + }, + { + "name": "basomail-multiple-connection-dos(15002)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15002" + }, + { + "name": "http://members.lycos.co.uk/r34ct/main/Baso_mail/Baso_1.24.txt", + "refsource": "MISC", + "url": "http://members.lycos.co.uk/r34ct/main/Baso_mail/Baso_1.24.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2707.json b/2004/2xxx/CVE-2004-2707.json index 752a498f82c..d7f5d2c76c1 100644 --- a/2004/2xxx/CVE-2004-2707.json +++ b/2004/2xxx/CVE-2004-2707.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) before 1.0.5 have unknown impact and attack vectors related to \"several security flaws,\" probably related to buffer overflows in HTTP server responses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php", - "refsource" : "CONFIRM", - "url" : "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php" - }, - { - "name" : "10975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10975" - }, - { - "name" : "8937", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8937" - }, - { - "name" : "1011058", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011058" - }, - { - "name" : "gyach-enhanced-dos(17096)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17096" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) before 1.0.5 have unknown impact and attack vectors related to \"several security flaws,\" probably related to buffer overflows in HTTP server responses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8937", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8937" + }, + { + "name": "1011058", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011058" + }, + { + "name": "gyach-enhanced-dos(17096)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17096" + }, + { + "name": "10975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10975" + }, + { + "name": "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php", + "refsource": "CONFIRM", + "url": "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2068.json b/2008/2xxx/CVE-2008-2068.json index af2151ec877..ad4cffb7a3b 100644 --- a/2008/2xxx/CVE-2008-2068.json +++ b/2008/2xxx/CVE-2008-2068.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wordpress.org/development/2008/04/wordpress-251/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/development/2008/04/wordpress-251/" - }, - { - "name" : "29965", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29965" - }, - { - "name" : "wordpress-unspecified-xss(42029)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://wordpress.org/development/2008/04/wordpress-251/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/development/2008/04/wordpress-251/" + }, + { + "name": "wordpress-unspecified-xss(42029)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42029" + }, + { + "name": "29965", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29965" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2118.json b/2008/2xxx/CVE-2008-2118.json index 6f653ca608c..06e775d0858 100644 --- a/2008/2xxx/CVE-2008-2118.json +++ b/2008/2xxx/CVE-2008-2118.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080502 project alumni v1.0.9 (info.php) SQL Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491552/100/0/threaded" - }, - { - "name" : "29019", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29019" - }, - { - "name" : "3863", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3863" - }, - { - "name" : "projectalumni-info-sql-injection(42148)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42148" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080502 project alumni v1.0.9 (info.php) SQL Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491552/100/0/threaded" + }, + { + "name": "29019", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29019" + }, + { + "name": "projectalumni-info-sql-injection(42148)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42148" + }, + { + "name": "3863", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3863" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2210.json b/2008/2xxx/CVE-2008-2210.json index 200c6ca5bde..c62a35ed8da 100644 --- a/2008/2xxx/CVE-2008-2210.json +++ b/2008/2xxx/CVE-2008-2210.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Maian Support 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script, (2) msg_script2, and (3) msg_script3 parameters to admin/inc/footer.php; and the (4) msg_script2 parameter to admin/inc/header.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080503 Maian Support v1.3 Xss Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491587/100/0/threaded" - }, - { - "name" : "29032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29032" - }, - { - "name" : "30068", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30068" - }, - { - "name" : "3888", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3888" - }, - { - "name" : "maian-support-footer-header-xss(42205)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42205" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Maian Support 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script, (2) msg_script2, and (3) msg_script3 parameters to admin/inc/footer.php; and the (4) msg_script2 parameter to admin/inc/header.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3888", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3888" + }, + { + "name": "29032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29032" + }, + { + "name": "30068", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30068" + }, + { + "name": "20080503 Maian Support v1.3 Xss Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491587/100/0/threaded" + }, + { + "name": "maian-support-footer-header-xss(42205)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42205" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2758.json b/2008/2xxx/CVE-2008-2758.json index 9a20d0736d7..a02fdaa1877 100644 --- a/2008/2xxx/CVE-2008-2758.json +++ b/2008/2xxx/CVE-2008-2758.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2758", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute News Manager XE 3.2 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) pblname and (2) text parameters to (a) admin/search.asp, (3) name parameter to (b) admin/publishers.asp, and other unspecified vectors to (c) anmviewer.asp and (d) editarticleX.asp in admin/. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080611 Xigla Multiple Products - Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=121322052622903&w=2" - }, - { - "name" : "http://bugreport.ir/index.php?/41", - "refsource" : "MISC", - "url" : "http://bugreport.ir/index.php?/41" - }, - { - "name" : "29672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29672" - }, - { - "name" : "30643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30643" - }, - { - "name" : "3950", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3950" - }, - { - "name" : "absolutenews-search-publishers-xss(43042)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43042" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute News Manager XE 3.2 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) pblname and (2) text parameters to (a) admin/search.asp, (3) name parameter to (b) admin/publishers.asp, and other unspecified vectors to (c) anmviewer.asp and (d) editarticleX.asp in admin/. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30643" + }, + { + "name": "http://bugreport.ir/index.php?/41", + "refsource": "MISC", + "url": "http://bugreport.ir/index.php?/41" + }, + { + "name": "29672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29672" + }, + { + "name": "absolutenews-search-publishers-xss(43042)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43042" + }, + { + "name": "20080611 Xigla Multiple Products - Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=121322052622903&w=2" + }, + { + "name": "3950", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3950" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3616.json b/2008/3xxx/CVE-2008-3616.json index d7eb17d5e9b..6a772a47d5d 100644 --- a/2008/3xxx/CVE-2008-3616.json +++ b/2008/3xxx/CVE-2008-3616.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with \"passing untrusted input\" to unspecified API functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2008-09-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" - }, - { - "name" : "TA08-260A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" - }, - { - "name" : "31189", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31189" - }, - { - "name" : "ADV-2008-2584", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2584" - }, - { - "name" : "1020880", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020880" - }, - { - "name" : "31882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31882" - }, - { - "name" : "macos-searchkitapi-code-execution(45172)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45172" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with \"passing untrusted input\" to unspecified API functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31189", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31189" + }, + { + "name": "APPLE-SA-2008-09-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" + }, + { + "name": "macos-searchkitapi-code-execution(45172)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45172" + }, + { + "name": "TA08-260A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" + }, + { + "name": "1020880", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020880" + }, + { + "name": "ADV-2008-2584", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2584" + }, + { + "name": "31882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31882" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6591.json b/2008/6xxx/CVE-2008-6591.json index e4393efbd5c..43766ce7e0c 100644 --- a/2008/6xxx/CVE-2008-6591.json +++ b/2008/6xxx/CVE-2008-6591.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LightNEasy \"no database\" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080418 LightNEasy v.1.2.2 flat Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491064/100/0/threaded" - }, - { - "name" : "28839", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28839" - }, - { - "name" : "44678", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/44678" - }, - { - "name" : "44679", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/44679" - }, - { - "name" : "29833", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/29833" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LightNEasy \"no database\" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080418 LightNEasy v.1.2.2 flat Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491064/100/0/threaded" + }, + { + "name": "44678", + "refsource": "OSVDB", + "url": "http://osvdb.org/44678" + }, + { + "name": "29833", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/29833" + }, + { + "name": "44679", + "refsource": "OSVDB", + "url": "http://osvdb.org/44679" + }, + { + "name": "28839", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28839" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6797.json b/2008/6xxx/CVE-2008-6797.json index b152d570952..a45d75b1a97 100644 --- a/2008/6xxx/CVE-2008-6797.json +++ b/2008/6xxx/CVE-2008-6797.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6797", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6797", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mitel.com/resources/NuPoint_and_Exchange.pdf", - "refsource" : "MISC", - "url" : "http://www.mitel.com/resources/NuPoint_and_Exchange.pdf" - }, - { - "name" : "VU#576996", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/576996" - }, - { - "name" : "34847", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34847" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The server in Mitel NuPoint Messenger R11 and R3 sends usernames and passwords in cleartext to Exchange servers, which allows remote attackers to obtain sensitive information by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34847", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34847" + }, + { + "name": "http://www.mitel.com/resources/NuPoint_and_Exchange.pdf", + "refsource": "MISC", + "url": "http://www.mitel.com/resources/NuPoint_and_Exchange.pdf" + }, + { + "name": "VU#576996", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/576996" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6869.json b/2008/6xxx/CVE-2008-6869.json index c2c081ae9df..9f605f70e6f 100644 --- a/2008/6xxx/CVE-2008-6869.json +++ b/2008/6xxx/CVE-2008-6869.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6869", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7286", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7286" - }, - { - "name" : "ADV-2008-3305", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/3305" - }, - { - "name" : "oramon-oramon-information-disclosure(46967)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46967" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for config/oramon.ini." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7286", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7286" + }, + { + "name": "oramon-oramon-information-disclosure(46967)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46967" + }, + { + "name": "ADV-2008-3305", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/3305" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6926.json b/2008/6xxx/CVE-2008-6926.json index dd2da136c70..765221ed0ac 100644 --- a/2008/6xxx/CVE-2008-6926.json +++ b/2008/6xxx/CVE-2008-6926.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081031 Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/497964/100/0/threaded" - }, - { - "name" : "20081120 Re: Cpanel 11 Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498519" - }, - { - "name" : "20081120 Re: Cpanel 11 Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498526" - }, - { - "name" : "20081120 Re: Re: Cpanel 11 Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498529" - }, - { - "name" : "20081120 Re: Re: Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498529/100/0/threaded" - }, - { - "name" : "6897", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6897" - }, - { - "name" : "http://www.netenberg.com/forum/index.php?topic=6832", - "refsource" : "CONFIRM", - "url" : "http://www.netenberg.com/forum/index.php?topic=6832" - }, - { - "name" : "32016", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32016" - }, - { - "name" : "cpanel-autoinstall-file-include(46252)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46252" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32016", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32016" + }, + { + "name": "20081120 Re: Cpanel 11 Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498526" + }, + { + "name": "20081120 Re: Re: Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498529/100/0/threaded" + }, + { + "name": "cpanel-autoinstall-file-include(46252)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46252" + }, + { + "name": "6897", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6897" + }, + { + "name": "20081120 Re: Cpanel 11 Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498519" + }, + { + "name": "http://www.netenberg.com/forum/index.php?topic=6832", + "refsource": "CONFIRM", + "url": "http://www.netenberg.com/forum/index.php?topic=6832" + }, + { + "name": "20081120 Re: Re: Cpanel 11 Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498529" + }, + { + "name": "20081031 Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/497964/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7086.json b/2008/7xxx/CVE-2008-7086.json index 2f7e7ef1fc5..3cf649b79e9 100644 --- a/2008/7xxx/CVE-2008-7086.json +++ b/2008/7xxx/CVE-2008-7086.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6050", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6050" - }, - { - "name" : "30199", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30199" - }, - { - "name" : "maiangreetings-index-security-bypass(43744)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6050", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6050" + }, + { + "name": "30199", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30199" + }, + { + "name": "maiangreetings-index-security-bypass(43744)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43744" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5194.json b/2012/5xxx/CVE-2012-5194.json index 2cea605c7e6..497e77138ac 100644 --- a/2012/5xxx/CVE-2012-5194.json +++ b/2012/5xxx/CVE-2012-5194.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5194", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5194", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5828.json b/2012/5xxx/CVE-2012-5828.json index c53d8b74437..d21f99f1b5b 100644 --- a/2012/5xxx/CVE-2012-5828.json +++ b/2012/5xxx/CVE-2012-5828.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5828", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5828", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11036.json b/2017/11xxx/CVE-2017-11036.json index abf98a2901c..362bc9531e3 100644 --- a/2017/11xxx/CVE-2017-11036.json +++ b/2017/11xxx/CVE-2017-11036.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11036", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11036", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11321.json b/2017/11xxx/CVE-2017-11321.json index 4b224aa50f0..b21c687368b 100644 --- a/2017/11xxx/CVE-2017-11321.json +++ b/2017/11xxx/CVE-2017-11321.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42937", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42937/" - }, - { - "name" : "https://sysdream.com/news/lab/2017-09-29-cve-2017-11321-ucopia-wireless-appliance-5-1-8-restricted-shell-escape/", - "refsource" : "MISC", - "url" : "https://sysdream.com/news/lab/2017-09-29-cve-2017-11321-ucopia-wireless-appliance-5-1-8-restricted-shell-escape/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sysdream.com/news/lab/2017-09-29-cve-2017-11321-ucopia-wireless-appliance-5-1-8-restricted-shell-escape/", + "refsource": "MISC", + "url": "https://sysdream.com/news/lab/2017-09-29-cve-2017-11321-ucopia-wireless-appliance-5-1-8-restricted-shell-escape/" + }, + { + "name": "42937", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42937/" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11902.json b/2017/11xxx/CVE-2017-11902.json index 184012f2886..abe0f4a6a3a 100644 --- a/2017/11xxx/CVE-2017-11902.json +++ b/2017/11xxx/CVE-2017-11902.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11902", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11902", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11936.json b/2017/11xxx/CVE-2017-11936.json index a9981bcf011..c0940ac95bf 100644 --- a/2017/11xxx/CVE-2017-11936.json +++ b/2017/11xxx/CVE-2017-11936.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-12-12T00:00:00", - "ID" : "CVE-2017-11936", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft SharePoint", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft SharePoint Enterprise Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-12-12T00:00:00", + "ID": "CVE-2017-11936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft SharePoint", + "version": { + "version_data": [ + { + "version_value": "Microsoft SharePoint Enterprise Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11936", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11936" - }, - { - "name" : "102068", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102068" - }, - { - "name" : "1039995", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11936", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11936" + }, + { + "name": "1039995", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039995" + }, + { + "name": "102068", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102068" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14054.json b/2017/14xxx/CVE-2017-14054.json index 3253cdaff58..e3928f1ff1d 100644 --- a/2017/14xxx/CVE-2017-14054.json +++ b/2017/14xxx/CVE-2017-14054.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large \"len\" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/FFmpeg/FFmpeg/commit/124eb202e70678539544f6268efc98131f19fa49", - "refsource" : "CONFIRM", - "url" : "https://github.com/FFmpeg/FFmpeg/commit/124eb202e70678539544f6268efc98131f19fa49" - }, - { - "name" : "DSA-3996", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3996" - }, - { - "name" : "100627", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100627" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large \"len\" field in the header but does not contain sufficient backing data, is provided, the first type==4 loop would consume huge CPU resources, since there is no EOF check inside the loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100627", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100627" + }, + { + "name": "https://github.com/FFmpeg/FFmpeg/commit/124eb202e70678539544f6268efc98131f19fa49", + "refsource": "CONFIRM", + "url": "https://github.com/FFmpeg/FFmpeg/commit/124eb202e70678539544f6268efc98131f19fa49" + }, + { + "name": "DSA-3996", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3996" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14433.json b/2017/14xxx/CVE-2017-14433.json index 4d8b9828e9f..061106a104c 100644 --- a/2017/14xxx/CVE-2017-14433.json +++ b/2017/14xxx/CVE-2017-14433.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-04-13T00:00:00", - "ID" : "CVE-2017-14433", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Moxa", - "version" : { - "version_data" : [ - { - "version_value" : "Moxa EDR-810 V4.1 build 17030317" - } - ] - } - } - ] - }, - "vendor_name" : "Talos" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetwork0= parameter in the \"/goform/net\\_Web\\_get_value\" uri to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "command injection" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-04-13T00:00:00", + "ID": "CVE-2017-14433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Moxa", + "version": { + "version_data": [ + { + "version_value": "Moxa EDR-810 V4.1 build 17030317" + } + ] + } + } + ] + }, + "vendor_name": "Talos" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetwork0= parameter in the \"/goform/net\\_Web\\_get_value\" uri to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14893.json b/2017/14xxx/CVE-2017-14893.json index ec71208a854..9d692a7b88d 100644 --- a/2017/14xxx/CVE-2017-14893.json +++ b/2017/14xxx/CVE-2017-14893.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-06-05T00:00:00", - "ID" : "CVE-2017-14893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller than the image header size + total image header entry in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Possible buffer overread while flashing meta image" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-06-05T00:00:00", + "ID": "CVE-2017-14893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components" - }, - { - "name" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8dc3bf07ee909e6e57ad7887f9d3c0ffa5df795", - "refsource" : "CONFIRM", - "url" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8dc3bf07ee909e6e57ad7887f9d3c0ffa5df795" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller than the image header size + total image header entry in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Possible buffer overread while flashing meta image" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components" + }, + { + "name": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8dc3bf07ee909e6e57ad7887f9d3c0ffa5df795", + "refsource": "CONFIRM", + "url": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8dc3bf07ee909e6e57ad7887f9d3c0ffa5df795" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15066.json b/2017/15xxx/CVE-2017-15066.json index 58940c48828..b31fd4c2503 100644 --- a/2017/15xxx/CVE-2017-15066.json +++ b/2017/15xxx/CVE-2017-15066.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15066", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15066", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15131.json b/2017/15xxx/CVE-2017-15131.json index 9b20252fe68..ed56b576430 100644 --- a/2017/15xxx/CVE-2017-15131.json +++ b/2017/15xxx/CVE-2017-15131.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2017-05-24T00:00:00", - "ID" : "CVE-2017-15131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RHEL shipped xdg-user-dirs and gnome-session", - "version" : { - "version_data" : [ - { - "version_value" : "before 0.15-5" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-284" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2017-05-24T00:00:00", + "ID": "CVE-2017-15131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RHEL shipped xdg-user-dirs and gnome-session", + "version": { + "version_data": [ + { + "version_value": "before 0.15-5" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1412762", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1412762" - }, - { - "name" : "RHSA-2018:0842", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1412762", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412762" + }, + { + "name": "RHSA-2018:0842", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0842" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15442.json b/2017/15xxx/CVE-2017-15442.json index bc350167c15..6337695fd5a 100644 --- a/2017/15xxx/CVE-2017-15442.json +++ b/2017/15xxx/CVE-2017-15442.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15442", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15442", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15635.json b/2017/15xxx/CVE-2017-15635.json index 2104c5d76c3..6e1bbf38d99 100644 --- a/2017/15xxx/CVE-2017-15635.json +++ b/2017/15xxx/CVE-2017-15635.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15635", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/541655/100/0/threaded" - }, - { - "name" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt", - "refsource" : "MISC", - "url" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt", + "refsource": "MISC", + "url": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt" + }, + { + "name": "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/541655/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15780.json b/2017/15xxx/CVE-2017-15780.json index b2938e551d0..21260379148 100644 --- a/2017/15xxx/CVE-2017-15780.json +++ b/2017/15xxx/CVE-2017-15780.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-15780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a \"Read Access Violation starting at CADImage+0x0000000000285dad.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-15780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15780", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a \"Read Access Violation starting at CADImage+0x0000000000285dad.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15780", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15780" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8186.json b/2017/8xxx/CVE-2017-8186.json index 429d14d0f78..3941dece98e 100644 --- a/2017/8xxx/CVE-2017-8186.json +++ b/2017/8xxx/CVE-2017-8186.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8186", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MHA-AL00A", - "version" : { - "version_data" : [ - { - "version_value" : "Earlier than MHA-AL00BC00B231 versions" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Bastet of some Huawei mobile phones with software of earlier than MHA-AL00BC00B231 versions has a DOS vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DOS" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8186", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MHA-AL00A", + "version": { + "version_data": [ + { + "version_value": "Earlier than MHA-AL00BC00B231 versions" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-dos-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-dos-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Bastet of some Huawei mobile phones with software of earlier than MHA-AL00BC00B231 versions has a DOS vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DOS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-dos-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-dos-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8471.json b/2017/8xxx/CVE-2017-8471.json index 043dd5bb1b8..8c2100ac550 100644 --- a/2017/8xxx/CVE-2017-8471.json +++ b/2017/8xxx/CVE-2017-8471.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8470, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Windows", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42224", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42224/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8471", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8471" - }, - { - "name" : "98849", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98849" - }, - { - "name" : "1038659", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038659" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8470, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038659", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038659" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8471", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8471" + }, + { + "name": "98849", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98849" + }, + { + "name": "42224", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42224/" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12089.json b/2018/12xxx/CVE-2018-12089.json index a21236c3dd5..40f6ab76aca 100644 --- a/2018/12xxx/CVE-2018-12089.json +++ b/2018/12xxx/CVE-2018-12089.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is fixed in 2018.6.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/OctopusDeploy/Issues/issues/4628", - "refsource" : "CONFIRM", - "url" : "https://github.com/OctopusDeploy/Issues/issues/4628" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. This is fixed in 2018.6.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/OctopusDeploy/Issues/issues/4628", + "refsource": "CONFIRM", + "url": "https://github.com/OctopusDeploy/Issues/issues/4628" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12094.json b/2018/12xxx/CVE-2018-12094.json index 859a58bf59f..7d65f86cda2 100644 --- a/2018/12xxx/CVE-2018-12094.json +++ b/2018/12xxx/CVE-2018-12094.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44897", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44897/" - }, - { - "name" : "https://cxsecurity.com/issue/WLB-2018060091", - "refsource" : "MISC", - "url" : "https://cxsecurity.com/issue/WLB-2018060091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44897", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44897/" + }, + { + "name": "https://cxsecurity.com/issue/WLB-2018060091", + "refsource": "MISC", + "url": "https://cxsecurity.com/issue/WLB-2018060091" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12867.json b/2018/12xxx/CVE-2018-12867.json index c91fcb239af..4048739a870 100644 --- a/2018/12xxx/CVE-2018-12867.json +++ b/2018/12xxx/CVE-2018-12867.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12867", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105439" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "105439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105439" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13104.json b/2018/13xxx/CVE-2018-13104.json index ede1648d91e..167d74b3f87 100644 --- a/2018/13xxx/CVE-2018-13104.json +++ b/2018/13xxx/CVE-2018-13104.json @@ -1,18 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13104", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OX App Suite 7.8.4 and earlier allows XSS. Internal reference: 58742 (Bug ID)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151243/Open-Xchange-OX-App-Suite-Cross-Site-Scripting-SSRF.html" + }, + { + "url": "http://seclists.org/fulldisclosure/2019/Jan/46", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/Jan/46" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13644.json b/2018/13xxx/CVE-2018-13644.json index 04243bba342..da73ec55f8a 100644 --- a/2018/13xxx/CVE-2018-13644.json +++ b/2018/13xxx/CVE-2018-13644.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for RoyalClassicCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RoyalClassicCoin", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RoyalClassicCoin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for RoyalClassicCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RoyalClassicCoin", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RoyalClassicCoin" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16419.json b/2018/16xxx/CVE-2018-16419.json index 03eefc533a2..06bfe3f1139 100644 --- a/2018/16xxx/CVE-2018-16419.json +++ b/2018/16xxx/CVE-2018-16419.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16419", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16419", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-a6074523a9cbd875e26c58e20868fb15", - "refsource" : "MISC", - "url" : "https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-a6074523a9cbd875e26c58e20868fb15" - }, - { - "name" : "https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1", - "refsource" : "MISC", - "url" : "https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1" - }, - { - "name" : "https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/", - "refsource" : "MISC", - "url" : "https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-a6074523a9cbd875e26c58e20868fb15", + "refsource": "MISC", + "url": "https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-a6074523a9cbd875e26c58e20868fb15" + }, + { + "name": "https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1", + "refsource": "MISC", + "url": "https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1" + }, + { + "name": "https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/", + "refsource": "MISC", + "url": "https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16503.json b/2018/16xxx/CVE-2018-16503.json index 750da810b42..c6217b62294 100644 --- a/2018/16xxx/CVE-2018-16503.json +++ b/2018/16xxx/CVE-2018-16503.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16503", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16503", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16898.json b/2018/16xxx/CVE-2018-16898.json index 97d516eff34..8636f574b52 100644 --- a/2018/16xxx/CVE-2018-16898.json +++ b/2018/16xxx/CVE-2018-16898.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16898", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16898", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17084.json b/2018/17xxx/CVE-2018-17084.json index a7f0f980111..b0c3bcaa0a6 100644 --- a/2018/17xxx/CVE-2018-17084.json +++ b/2018/17xxx/CVE-2018-17084.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17084", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17084", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4338.json b/2018/4xxx/CVE-2018-4338.json index 434016bb300..70a6342b0e7 100644 --- a/2018/4xxx/CVE-2018-4338.json +++ b/2018/4xxx/CVE-2018-4338.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4338", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4338", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4438.json b/2018/4xxx/CVE-2018-4438.json index 239d0c98277..b64c5e61909 100644 --- a/2018/4xxx/CVE-2018-4438.json +++ b/2018/4xxx/CVE-2018-4438.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4438", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4438", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4624.json b/2018/4xxx/CVE-2018-4624.json index 922cbd4750b..c91e0a65ba6 100644 --- a/2018/4xxx/CVE-2018-4624.json +++ b/2018/4xxx/CVE-2018-4624.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4624", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4624", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file