From f4a6f78c3c5485066152039dc0426e6dd864a162 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:34:10 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2003/0xxx/CVE-2003-0059.json | 200 +++++++++---------- 2003/0xxx/CVE-2003-0310.json | 120 ++++++------ 2003/1xxx/CVE-2003-1225.json | 130 ++++++------- 2003/1xxx/CVE-2003-1367.json | 150 +++++++-------- 2004/0xxx/CVE-2004-0189.json | 260 ++++++++++++------------- 2004/0xxx/CVE-2004-0343.json | 140 +++++++------- 2004/0xxx/CVE-2004-0411.json | 280 +++++++++++++-------------- 2004/0xxx/CVE-2004-0868.json | 34 ++-- 2004/1xxx/CVE-2004-1178.json | 34 ++-- 2004/1xxx/CVE-2004-1745.json | 150 +++++++-------- 2004/2xxx/CVE-2004-2709.json | 130 ++++++------- 2004/2xxx/CVE-2004-2730.json | 170 ++++++++--------- 2008/2xxx/CVE-2008-2254.json | 200 +++++++++---------- 2008/2xxx/CVE-2008-2310.json | 180 ++++++++--------- 2008/2xxx/CVE-2008-2659.json | 34 ++-- 2008/2xxx/CVE-2008-2697.json | 150 +++++++-------- 2008/6xxx/CVE-2008-6253.json | 170 ++++++++--------- 2008/6xxx/CVE-2008-6272.json | 130 ++++++------- 2008/6xxx/CVE-2008-6780.json | 140 +++++++------- 2008/6xxx/CVE-2008-6961.json | 180 ++++++++--------- 2012/1xxx/CVE-2012-1011.json | 170 ++++++++--------- 2012/1xxx/CVE-2012-1133.json | 340 ++++++++++++++++----------------- 2012/5xxx/CVE-2012-5092.json | 130 ++++++------- 2012/5xxx/CVE-2012-5341.json | 150 +++++++-------- 2012/5xxx/CVE-2012-5399.json | 34 ++-- 2012/5xxx/CVE-2012-5472.json | 150 +++++++-------- 2012/5xxx/CVE-2012-5549.json | 130 ++++++------- 2017/11xxx/CVE-2017-11115.json | 130 ++++++------- 2017/11xxx/CVE-2017-11486.json | 34 ++-- 2017/11xxx/CVE-2017-11509.json | 138 ++++++------- 2017/11xxx/CVE-2017-11638.json | 140 +++++++------- 2017/3xxx/CVE-2017-3238.json | 242 +++++++++++------------ 2017/3xxx/CVE-2017-3713.json | 34 ++-- 2017/3xxx/CVE-2017-3838.json | 140 +++++++------- 2017/3xxx/CVE-2017-3940.json | 34 ++-- 2017/7xxx/CVE-2017-7749.json | 256 ++++++++++++------------- 2017/8xxx/CVE-2017-8005.json | 140 +++++++------- 2017/8xxx/CVE-2017-8372.json | 140 +++++++------- 2017/8xxx/CVE-2017-8469.json | 150 +++++++-------- 2017/8xxx/CVE-2017-8650.json | 142 +++++++------- 2018/10xxx/CVE-2018-10540.json | 150 +++++++-------- 2018/12xxx/CVE-2018-12270.json | 34 ++-- 2018/12xxx/CVE-2018-12849.json | 140 +++++++------- 2018/13xxx/CVE-2018-13033.json | 140 +++++++------- 2018/13xxx/CVE-2018-13363.json | 34 ++-- 2018/13xxx/CVE-2018-13881.json | 34 ++-- 2018/16xxx/CVE-2018-16507.json | 34 ++-- 2018/16xxx/CVE-2018-16678.json | 34 ++-- 2018/17xxx/CVE-2018-17043.json | 130 ++++++------- 2018/17xxx/CVE-2018-17263.json | 34 ++-- 2018/17xxx/CVE-2018-17988.json | 120 ++++++------ 51 files changed, 3345 insertions(+), 3345 deletions(-) diff --git a/2003/0xxx/CVE-2003-0059.json b/2003/0xxx/CVE-2003-0059.json index 0eb3f619fae..67fb0c85fdb 100644 --- a/2003/0xxx/CVE-2003-0059.json +++ b/2003/0xxx/CVE-2003-0059.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt", - "refsource" : "CONFIRM", - "url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt" - }, - { - "name" : "CLSA-2003:639", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639" - }, - { - "name" : "MDKSA-2003:043", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043" - }, - { - "name" : "RHSA-2003:051", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-051.html" - }, - { - "name" : "RHSA-2003:052", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-052.html" - }, - { - "name" : "RHSA-2003:168", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-168.html" - }, - { - "name" : "VU#684563", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/684563" - }, - { - "name" : "6714", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6714" - }, - { - "name" : "kerberos-kdc-user-spoofing(11188)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:052", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-052.html" + }, + { + "name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt", + "refsource": "CONFIRM", + "url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt" + }, + { + "name": "CLSA-2003:639", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639" + }, + { + "name": "RHSA-2003:051", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-051.html" + }, + { + "name": "MDKSA-2003:043", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043" + }, + { + "name": "6714", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6714" + }, + { + "name": "kerberos-kdc-user-spoofing(11188)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11188" + }, + { + "name": "VU#684563", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/684563" + }, + { + "name": "RHSA-2003:168", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-168.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0310.json b/2003/0xxx/CVE-2003-0310.json index c63b41cde7a..4b995e780ee 100644 --- a/2003/0xxx/CVE-2003-0310.json +++ b/2003/0xxx/CVE-2003-0310.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in articleview.php for eZ publish 2.2 allows remote attackers to insert arbitrary web script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030516 EzPublish Directory XSS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105310013606680&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in articleview.php for eZ publish 2.2 allows remote attackers to insert arbitrary web script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030516 EzPublish Directory XSS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105310013606680&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1225.json b/2003/1xxx/CVE-2003-1225.json index d5d49b4417c..68005d6f9e5 100644 --- a/2003/1xxx/CVE-2003-1225.json +++ b/2003/1xxx/CVE-2003-1225.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1225", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1225", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "BEA03-30.00", - "refsource" : "BEA", - "url" : "http://dev2dev.bea.com/pub/advisory/22" - }, - { - "name" : "7563", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7563", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7563" + }, + { + "name": "BEA03-30.00", + "refsource": "BEA", + "url": "http://dev2dev.bea.com/pub/advisory/22" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1367.json b/2003/1xxx/CVE-2003-1367.json index 9547201f71e..3a74c50cd67 100644 --- a/2003/1xxx/CVE-2003-1367.json +++ b/2003/1xxx/CVE-2003-1367.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to \"open\" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a \"which\" command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030204 Majordomo info leakage, all versions", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/310113" - }, - { - "name" : "6761", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6761" - }, - { - "name" : "3235", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3235" - }, - { - "name" : "majordomo-whichaccess-email-disclosure(11243)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to \"open\" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a \"which\" command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3235", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3235" + }, + { + "name": "20030204 Majordomo info leakage, all versions", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/310113" + }, + { + "name": "6761", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6761" + }, + { + "name": "majordomo-whichaccess-email-disclosure(11243)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11243" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0189.json b/2004/0xxx/CVE-2004-0189.json index 6fcca09eab3..8dd2ae0e662 100644 --- a/2004/0xxx/CVE-2004-0189.json +++ b/2004/0xxx/CVE-2004-0189.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0189", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"%xx\" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL (\"%00\") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0189", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt" - }, - { - "name" : "CLA-2004:838", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838" - }, - { - "name" : "DSA-474", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-474" - }, - { - "name" : "GLSA-200403-11", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200403-11.xml" - }, - { - "name" : "MDKSA-2004:025", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025" - }, - { - "name" : "RHSA-2004:133", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-133.html" - }, - { - "name" : "RHSA-2004:134", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-134.html" - }, - { - "name" : "SCOSA-2005.16", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt" - }, - { - "name" : "20040404-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc" - }, - { - "name" : "20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108084935904110&w=2" - }, - { - "name" : "9778", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9778" - }, - { - "name" : "squid-urlregex-acl-bypass(15366)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15366" - }, - { - "name" : "5916", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5916" - }, - { - "name" : "oval:org.mitre.oval:def:877", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877" - }, - { - "name" : "oval:org.mitre.oval:def:941", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"%xx\" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL (\"%00\") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SCOSA-2005.16", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt" + }, + { + "name": "20040404-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc" + }, + { + "name": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt" + }, + { + "name": "squid-urlregex-acl-bypass(15366)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15366" + }, + { + "name": "DSA-474", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-474" + }, + { + "name": "oval:org.mitre.oval:def:877", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877" + }, + { + "name": "9778", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9778" + }, + { + "name": "MDKSA-2004:025", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025" + }, + { + "name": "oval:org.mitre.oval:def:941", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941" + }, + { + "name": "RHSA-2004:133", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-133.html" + }, + { + "name": "RHSA-2004:134", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-134.html" + }, + { + "name": "20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108084935904110&w=2" + }, + { + "name": "GLSA-200403-11", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200403-11.xml" + }, + { + "name": "CLA-2004:838", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838" + }, + { + "name": "5916", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5916" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0343.json b/2004/0xxx/CVE-2004-0343.json index c0523ca05e0..a079ff5082e 100644 --- a/2004/0xxx/CVE-2004-0343.json +++ b/2004/0xxx/CVE-2004-0343.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040301 YabbSE (3 on 1)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107816202813083&w=2" - }, - { - "name" : "yabb-multiple-sql-injection(15354)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15354" - }, - { - "name" : "9774", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9774" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040301 YabbSE (3 on 1)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107816202813083&w=2" + }, + { + "name": "9774", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9774" + }, + { + "name": "yabb-multiple-sql-injection(15354)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15354" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0411.json b/2004/0xxx/CVE-2004-0411.json index 0bad349248a..9774073fc77 100644 --- a/2004/0xxx/CVE-2004-0411.json +++ b/2004/0xxx/CVE-2004-0411.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0411", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter \"-\" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0411", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040513 Opera Telnet URI Handler Vulnerability also applies to other browsers", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/363225" - }, - { - "name" : "20040517 KDE Security Advisory: URI Handler Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108481412427344&w=2" - }, - { - "name" : "http://www.kde.org/info/security/advisory-20040517-1.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20040517-1.txt" - }, - { - "name" : "CLA-2004:843", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843" - }, - { - "name" : "DSA-518", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-518" - }, - { - "name" : "FEDORA-2004-121", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/advisories/6717" - }, - { - "name" : "FEDORA-2004-122", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/advisories/6743" - }, - { - "name" : "GLSA-200405-11", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200405-11.xml" - }, - { - "name" : "RHSA-2004:222", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-222.html" - }, - { - "name" : "SuSE-SA:2003:014", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_14_kdelibs.html" - }, - { - "name" : "SSA:2004-238", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.362635" - }, - { - "name" : "O-146", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-146.shtml" - }, - { - "name" : "10358", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10358" - }, - { - "name" : "6107", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6107" - }, - { - "name" : "oval:org.mitre.oval:def:954", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A954" - }, - { - "name" : "11602", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11602" - }, - { - "name" : "kde-url-handler-gain-access(16163)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter \"-\" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2004:222", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-222.html" + }, + { + "name": "SuSE-SA:2003:014", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_14_kdelibs.html" + }, + { + "name": "http://www.kde.org/info/security/advisory-20040517-1.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20040517-1.txt" + }, + { + "name": "kde-url-handler-gain-access(16163)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16163" + }, + { + "name": "FEDORA-2004-121", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/advisories/6717" + }, + { + "name": "20040513 Opera Telnet URI Handler Vulnerability also applies to other browsers", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/363225" + }, + { + "name": "DSA-518", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-518" + }, + { + "name": "FEDORA-2004-122", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/advisories/6743" + }, + { + "name": "6107", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6107" + }, + { + "name": "20040517 KDE Security Advisory: URI Handler Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108481412427344&w=2" + }, + { + "name": "11602", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11602" + }, + { + "name": "CLA-2004:843", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843" + }, + { + "name": "SSA:2004-238", + "refsource": "SLACKWARE", + "url": "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.362635" + }, + { + "name": "GLSA-200405-11", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200405-11.xml" + }, + { + "name": "oval:org.mitre.oval:def:954", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A954" + }, + { + "name": "10358", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10358" + }, + { + "name": "O-146", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-146.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0868.json b/2004/0xxx/CVE-2004-0868.json index 98d15df0b90..f51b6ee9b10 100644 --- a/2004/0xxx/CVE-2004-0868.json +++ b/2004/0xxx/CVE-2004-0868.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0868", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0866. Reason: This candidate is a duplicate of CVE-2004-0866. Notes: The description for CVE-2004-0866 was inadvertently attached to this issue instead. All CVE users should reference CVE-2004-0866 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2004-0868", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0866. Reason: This candidate is a duplicate of CVE-2004-0866. Notes: The description for CVE-2004-0866 was inadvertently attached to this issue instead. All CVE users should reference CVE-2004-0866 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1178.json b/2004/1xxx/CVE-2004-1178.json index 5e4498fca99..9fe00eb2a85 100644 --- a/2004/1xxx/CVE-2004-1178.json +++ b/2004/1xxx/CVE-2004-1178.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1178", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1178", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1745.json b/2004/1xxx/CVE-2004-1745.json index d2f993fa3ea..7139fbe68e0 100644 --- a/2004/1xxx/CVE-2004-1745.json +++ b/2004/1xxx/CVE-2004-1745.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1745", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Painkiller 1.3.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040824 Limited buffer overflow in Painkiller 1.31", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109339761608821&w=2" - }, - { - "name" : "11029", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11029" - }, - { - "name" : "12367", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12367" - }, - { - "name" : "painkiller-long-password-bo(17101)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Painkiller 1.3.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12367", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12367" + }, + { + "name": "20040824 Limited buffer overflow in Painkiller 1.31", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109339761608821&w=2" + }, + { + "name": "painkiller-long-password-bo(17101)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17101" + }, + { + "name": "11029", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11029" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2709.json b/2004/2xxx/CVE-2004-2709.json index b3295b6cd8a..4950b278795 100644 --- a/2004/2xxx/CVE-2004-2709.json +++ b/2004/2xxx/CVE-2004-2709.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors involving HTML tags." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php", - "refsource" : "CONFIRM", - "url" : "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php" - }, - { - "name" : "8969", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8969" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors involving HTML tags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8969", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8969" + }, + { + "name": "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php", + "refsource": "CONFIRM", + "url": "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2730.json b/2004/2xxx/CVE-2004-2730.json index e9b97c04d2a..eab1636c52b 100644 --- a/2004/2xxx/CVE-2004-2730.json +++ b/2004/2xxx/CVE-2004-2730.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2730", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, (2) PsGetsid before 1.41, (3) PsInfo before 1.61, (4) PsKill before 1.03, (5) PsList before 1.26, (6) PsLoglist before 2.51, (7) PsPasswd before 1.21, (8) PsService before 2.12, (9) PsSuspend before 1.05, and (10) PsShutdown before 2.32, does not properly disconnect from remote IPC$ and ADMIN$ shares, which allows local users to access the shares with elevated privileges by using the existing share mapping." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2730", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=28304", - "refsource" : "MISC", - "url" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=28304" - }, - { - "name" : "10759", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10759" - }, - { - "name" : "8140", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8140" - }, - { - "name" : "1010737", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010737" - }, - { - "name" : "12108", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12108" - }, - { - "name" : "pstools-gain-admin-access(16743)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16743" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, (2) PsGetsid before 1.41, (3) PsInfo before 1.61, (4) PsKill before 1.03, (5) PsList before 1.26, (6) PsLoglist before 2.51, (7) PsPasswd before 1.21, (8) PsService before 2.12, (9) PsSuspend before 1.05, and (10) PsShutdown before 2.32, does not properly disconnect from remote IPC$ and ADMIN$ shares, which allows local users to access the shares with elevated privileges by using the existing share mapping." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=28304", + "refsource": "MISC", + "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=28304" + }, + { + "name": "10759", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10759" + }, + { + "name": "12108", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12108" + }, + { + "name": "1010737", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010737" + }, + { + "name": "8140", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8140" + }, + { + "name": "pstools-gain-admin-access(16743)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16743" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2254.json b/2008/2xxx/CVE-2008-2254.json index e7d594d1a9c..71e0ccc1f8c 100644 --- a/2008/2xxx/CVE-2008-2254.json +++ b/2008/2xxx/CVE-2008-2254.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka \"HTML Object Memory Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-2254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBST02360", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2" - }, - { - "name" : "SSRT080117", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2" - }, - { - "name" : "MS08-045", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-045" - }, - { - "name" : "TA08-225A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-225A.html" - }, - { - "name" : "30614", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30614" - }, - { - "name" : "oval:org.mitre.oval:def:5820", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5820" - }, - { - "name" : "ADV-2008-2349", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2349" - }, - { - "name" : "1020674", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020674" - }, - { - "name" : "31375", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka \"HTML Object Memory Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "30614", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30614" + }, + { + "name": "oval:org.mitre.oval:def:5820", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5820" + }, + { + "name": "ADV-2008-2349", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2349" + }, + { + "name": "TA08-225A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html" + }, + { + "name": "1020674", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020674" + }, + { + "name": "HPSBST02360", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2" + }, + { + "name": "SSRT080117", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2" + }, + { + "name": "MS08-045", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-045" + }, + { + "name": "31375", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31375" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2310.json b/2008/2xxx/CVE-2008-2310.json index e6adf5fa811..ee64756ee0b 100644 --- a/2008/2xxx/CVE-2008-2310.json +++ b/2008/2xxx/CVE-2008-2310.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT2163", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT2163" - }, - { - "name" : "APPLE-SA-2008-06-30", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" - }, - { - "name" : "30018", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30018" - }, - { - "name" : "ADV-2008-1981", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1981/references" - }, - { - "name" : "1020392", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020392" - }, - { - "name" : "30802", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30802" - }, - { - "name" : "macos-c++filt-format-string(43494)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43494" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT2163", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT2163" + }, + { + "name": "ADV-2008-1981", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1981/references" + }, + { + "name": "macos-c++filt-format-string(43494)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43494" + }, + { + "name": "APPLE-SA-2008-06-30", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" + }, + { + "name": "30802", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30802" + }, + { + "name": "1020392", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020392" + }, + { + "name": "30018", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30018" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2659.json b/2008/2xxx/CVE-2008-2659.json index def3ef92e8e..a01d130600a 100644 --- a/2008/2xxx/CVE-2008-2659.json +++ b/2008/2xxx/CVE-2008-2659.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2659", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2659", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2697.json b/2008/2xxx/CVE-2008-2697.json index bb34dc31e72..d7fe5034517 100644 --- a/2008/2xxx/CVE-2008-2697.json +++ b/2008/2xxx/CVE-2008-2697.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5759", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5759" - }, - { - "name" : "29593", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29593" - }, - { - "name" : "30566", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30566" - }, - { - "name" : "rapidrecipe-recipeid-sql-injection(42924)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42924" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "rapidrecipe-recipeid-sql-injection(42924)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42924" + }, + { + "name": "30566", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30566" + }, + { + "name": "29593", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29593" + }, + { + "name": "5759", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5759" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6253.json b/2008/6xxx/CVE-2008-6253.json index 90ba64fce6f..c263e900e10 100644 --- a/2008/6xxx/CVE-2008-6253.json +++ b/2008/6xxx/CVE-2008-6253.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6253", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pluck 4.5.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the g_pcltar_lib_dir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6253", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20081118 [DSECRG-08-039] Local File Include Vulnerability in Pluck CMS 4.5.3", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/498438" - }, - { - "name" : "7153", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7153" - }, - { - "name" : "http://www.pluck-cms.org/index.php?file=kop11.php", - "refsource" : "CONFIRM", - "url" : "http://www.pluck-cms.org/index.php?file=kop11.php" - }, - { - "name" : "32342", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32342" - }, - { - "name" : "32736", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32736" - }, - { - "name" : "pluck-pcltarlib-file-include(46676)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46676" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pluck 4.5.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the g_pcltar_lib_dir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20081118 [DSECRG-08-039] Local File Include Vulnerability in Pluck CMS 4.5.3", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/498438" + }, + { + "name": "7153", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7153" + }, + { + "name": "32342", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32342" + }, + { + "name": "32736", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32736" + }, + { + "name": "http://www.pluck-cms.org/index.php?file=kop11.php", + "refsource": "CONFIRM", + "url": "http://www.pluck-cms.org/index.php?file=kop11.php" + }, + { + "name": "pluck-pcltarlib-file-include(46676)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46676" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6272.json b/2008/6xxx/CVE-2008-6272.json index 2a96bbe7e5e..c36231cb110 100644 --- a/2008/6xxx/CVE-2008-6272.json +++ b/2008/6xxx/CVE-2008-6272.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6272", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the pass parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6272", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6969", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6969" - }, - { - "name" : "apoll-index-sql-injection(46286)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the pass parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "apoll-index-sql-injection(46286)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46286" + }, + { + "name": "6969", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6969" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6780.json b/2008/6xxx/CVE-2008-6780.json index 0c14629d404..7dc10512886 100644 --- a/2008/6xxx/CVE-2008-6780.json +++ b/2008/6xxx/CVE-2008-6780.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in directory.php in Scripts for Sites (SFS) SFS EZ Affiliate allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6911", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6911" - }, - { - "name" : "49554", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/49554" - }, - { - "name" : "32558", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in directory.php in Scripts for Sites (SFS) SFS EZ Affiliate allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6911", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6911" + }, + { + "name": "32558", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32558" + }, + { + "name": "49554", + "refsource": "OSVDB", + "url": "http://osvdb.org/49554" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6961.json b/2008/6xxx/CVE-2008-6961.json index 2d94e220ca5..1a4bd82683a 100644 --- a/2008/6xxx/CVE-2008-6961.json +++ b/2008/6xxx/CVE-2008-6961.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6961", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6961", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-59.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-59.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=458883", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=458883" - }, - { - "name" : "32363", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/32363" - }, - { - "name" : "1021247", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021247" - }, - { - "name" : "32714", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32714" - }, - { - "name" : "32715", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32715" - }, - { - "name" : "mozilla-domproperties-info-disclosure(46734)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46734" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32363", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/32363" + }, + { + "name": "mozilla-domproperties-info-disclosure(46734)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46734" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=458883", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=458883" + }, + { + "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-59.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-59.html" + }, + { + "name": "32715", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32715" + }, + { + "name": "1021247", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021247" + }, + { + "name": "32714", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32714" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1011.json b/2012/1xxx/CVE-2012-1011.json index 86b0eb339bf..8e08e61b1b9 100644 --- a/2012/1xxx/CVE-2012-1011.json +++ b/2012/1xxx/CVE-2012-1011.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1011", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120122 AllWebMenus < 1.1.9 WordPress Menu Plugin Arbitrary file upload", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0137.html" - }, - { - "name" : "18407", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18407" - }, - { - "name" : "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/" - }, - { - "name" : "51615", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51615" - }, - { - "name" : "47659", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47659" - }, - { - "name" : "allwebmenus-actions-file-upload(72640)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18407", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18407" + }, + { + "name": "51615", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51615" + }, + { + "name": "allwebmenus-actions-file-upload(72640)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72640" + }, + { + "name": "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/" + }, + { + "name": "20120122 AllWebMenus < 1.1.9 WordPress Menu Plugin Arbitrary file upload", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0137.html" + }, + { + "name": "47659", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47659" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1133.json b/2012/1xxx/CVE-2012-1133.json index 96db54dd7db..9ae2bd9ab05 100644 --- a/2012/1xxx/CVE-2012-1133.json +++ b/2012/1xxx/CVE-2012-1133.json @@ -1,172 +1,172 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1133", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1133", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/06/16" - }, - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=733512", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=733512" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=800591", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=800591" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "DSA-2428", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2428" - }, - { - "name" : "GLSA-201204-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201204-04.xml" - }, - { - "name" : "MDVSA-2012:057", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:057" - }, - { - "name" : "SUSE-SU-2012:0483", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html" - }, - { - "name" : "SUSE-SU-2012:0521", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html" - }, - { - "name" : "SUSE-SU-2012:0484", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html" - }, - { - "name" : "openSUSE-SU-2012:0489", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html" - }, - { - "name" : "USN-1403-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1403-1" - }, - { - "name" : "52318", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52318" - }, - { - "name" : "1026765", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026765" - }, - { - "name" : "48918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48918" - }, - { - "name" : "48951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48951" - }, - { - "name" : "48822", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48822" - }, - { - "name" : "48973", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48973" - }, - { - "name" : "48797", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48797" - }, - { - "name" : "48508", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48508" - }, - { - "name" : "48300", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48797", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48797" + }, + { + "name": "48300", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48300" + }, + { + "name": "48508", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48508" + }, + { + "name": "48822", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48822" + }, + { + "name": "MDVSA-2012:057", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:057" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "52318", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52318" + }, + { + "name": "USN-1403-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1403-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=733512", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=733512" + }, + { + "name": "48918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48918" + }, + { + "name": "[oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/06/16" + }, + { + "name": "SUSE-SU-2012:0484", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html" + }, + { + "name": "SUSE-SU-2012:0521", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html" + }, + { + "name": "48973", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48973" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html" + }, + { + "name": "SUSE-SU-2012:0483", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=800591", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800591" + }, + { + "name": "1026765", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026765" + }, + { + "name": "openSUSE-SU-2012:0489", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html" + }, + { + "name": "48951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48951" + }, + { + "name": "GLSA-201204-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201204-04.xml" + }, + { + "name": "DSA-2428", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2428" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5092.json b/2012/5xxx/CVE-2012-5092.json index 78fdf50f8e4..52319951a6f 100644 --- a/2012/5xxx/CVE-2012-5092.json +++ b/2012/5xxx/CVE-2012-5092.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Supply Chain Relationship Management." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-5092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Supply Chain Relationship Management." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5341.json b/2012/5xxx/CVE-2012-5341.json index 24b81175285..f9afcbd71b4 100644 --- a/2012/5xxx/CVE-2012-5341.json +++ b/2012/5xxx/CVE-2012-5341.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter, (2) show parameter in a stat_tld action, or (3) order parameter in a stat_abfragen action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/108340/statit4-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/108340/statit4-xss.txt" - }, - { - "name" : "http://st2tea.blogspot.com/2012/01/otterware-statit4-cross-site-scripting.html", - "refsource" : "MISC", - "url" : "http://st2tea.blogspot.com/2012/01/otterware-statit4-cross-site-scripting.html" - }, - { - "name" : "51280", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51280" - }, - { - "name" : "statit-statistik-xss(72139)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72139" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter, (2) show parameter in a stat_tld action, or (3) order parameter in a stat_abfragen action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://st2tea.blogspot.com/2012/01/otterware-statit4-cross-site-scripting.html", + "refsource": "MISC", + "url": "http://st2tea.blogspot.com/2012/01/otterware-statit4-cross-site-scripting.html" + }, + { + "name": "51280", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51280" + }, + { + "name": "statit-statistik-xss(72139)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72139" + }, + { + "name": "http://packetstormsecurity.org/files/108340/statit4-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/108340/statit4-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5399.json b/2012/5xxx/CVE-2012-5399.json index a47746ac2dc..8a7ff480fc8 100644 --- a/2012/5xxx/CVE-2012-5399.json +++ b/2012/5xxx/CVE-2012-5399.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5399", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5399", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5472.json b/2012/5xxx/CVE-2012-5472.json index 9bb7f64dc2f..7396d2c6619 100644 --- a/2012/5xxx/CVE-2012-5472.json +++ b/2012/5xxx/CVE-2012-5472.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121119 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/11/19/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32785", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32785" - }, - { - "name" : "https://moodle.org/mod/forum/discuss.php?d=216156", - "refsource" : "CONFIRM", - "url" : "https://moodle.org/mod/forum/discuss.php?d=216156" - }, - { - "name" : "56505", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56505", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56505" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32785", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32785" + }, + { + "name": "https://moodle.org/mod/forum/discuss.php?d=216156", + "refsource": "CONFIRM", + "url": "https://moodle.org/mod/forum/discuss.php?d=216156" + }, + { + "name": "[oss-security] 20121119 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/11/19/1" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5549.json b/2012/5xxx/CVE-2012-5549.json index 40067f52694..5d0310bba97 100644 --- a/2012/5xxx/CVE-2012-5549.json +++ b/2012/5xxx/CVE-2012-5549.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/20/4" - }, - { - "name" : "http://drupal.org/node/1822066", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1822066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupal.org/node/1822066", + "refsource": "MISC", + "url": "http://drupal.org/node/1822066" + }, + { + "name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/20/4" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11115.json b/2017/11xxx/CVE-2017-11115.json index 6f597acf113..654571c895c 100644 --- a/2017/11xxx/CVE-2017-11115.json +++ b/2017/11xxx/CVE-2017-11115.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ExifJpegHUFFTable::deriveTable function in ExifHuffmanTable.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted jpg file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jul/77", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Jul/77" - }, - { - "name" : "https://sourceforge.net/p/openexif/bugs/18/", - "refsource" : "MISC", - "url" : "https://sourceforge.net/p/openexif/bugs/18/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ExifJpegHUFFTable::deriveTable function in ExifHuffmanTable.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted jpg file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceforge.net/p/openexif/bugs/18/", + "refsource": "MISC", + "url": "https://sourceforge.net/p/openexif/bugs/18/" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Jul/77", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Jul/77" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11486.json b/2017/11xxx/CVE-2017-11486.json index fd56c94823d..28853bd491a 100644 --- a/2017/11xxx/CVE-2017-11486.json +++ b/2017/11xxx/CVE-2017-11486.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11486", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-11486", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11509.json b/2017/11xxx/CVE-2017-11509.json index 9db5559f43e..b45271d05e8 100644 --- a/2017/11xxx/CVE-2017-11509.json +++ b/2017/11xxx/CVE-2017-11509.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnreport@tenable.com", - "DATE_PUBLIC" : "2017-11-21T00:00:00", - "ID" : "CVE-2017-11509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firebird SQL Server", - "version" : { - "version_data" : [ - { - "version_value" : "2.5.7" - }, - { - "version_value" : "3.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "Firebird Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Authenticated Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "vulnreport@tenable.com", + "DATE_PUBLIC": "2017-11-21T00:00:00", + "ID": "CVE-2017-11509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firebird SQL Server", + "version": { + "version_data": [ + { + "version_value": "2.5.7" + }, + { + "version_value": "3.0.2" + } + ] + } + } + ] + }, + "vendor_name": "Firebird Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html" - }, - { - "name" : "https://www.tenable.com/security/research/tra-2017-36", - "refsource" : "MISC", - "url" : "https://www.tenable.com/security/research/tra-2017-36" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authenticated Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html" + }, + { + "name": "https://www.tenable.com/security/research/tra-2017-36", + "refsource": "MISC", + "url": "https://www.tenable.com/security/research/tra-2017-36" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11638.json b/2017/11xxx/CVE-2017-11638.json index 8507a55dbe1..149e1300027 100644 --- a/2017/11xxx/CVE-2017-11638.json +++ b/2017/11xxx/CVE-2017-11638.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" - }, - { - "name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9", - "refsource" : "CONFIRM", - "url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9" - }, - { - "name" : "DSA-4321", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4321", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4321" + }, + { + "name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" + }, + { + "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9", + "refsource": "CONFIRM", + "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3238.json b/2017/3xxx/CVE-2017-3238.json index 46b1509315a..fe984ab6fae 100644 --- a/2017/3xxx/CVE-2017-3238.json +++ b/2017/3xxx/CVE-2017-3238.json @@ -1,123 +1,123 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3238", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_value" : "5.5.53 and earlier" - }, - { - "version_value" : "5.6.34 and earlier" - }, - { - "version_value" : "5.7.16 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.5.53 and earlier" + }, + { + "version_value": "5.6.34 and earlier" + }, + { + "version_value": "5.7.16 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "DSA-3767", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3767" - }, - { - "name" : "DSA-3770", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3770" - }, - { - "name" : "GLSA-201702-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-17" - }, - { - "name" : "GLSA-201702-18", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-18" - }, - { - "name" : "RHSA-2017:2886", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2886" - }, - { - "name" : "RHSA-2017:2787", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2787" - }, - { - "name" : "RHSA-2017:2192", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2192" - }, - { - "name" : "RHSA-2018:0279", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0279" - }, - { - "name" : "RHSA-2018:0574", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0574" - }, - { - "name" : "95571", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95571" - }, - { - "name" : "1037640", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:2787", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2787" + }, + { + "name": "GLSA-201702-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-17" + }, + { + "name": "RHSA-2018:0574", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0574" + }, + { + "name": "GLSA-201702-18", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-18" + }, + { + "name": "1037640", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037640" + }, + { + "name": "RHSA-2018:0279", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0279" + }, + { + "name": "DSA-3767", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3767" + }, + { + "name": "95571", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95571" + }, + { + "name": "RHSA-2017:2886", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2886" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + }, + { + "name": "DSA-3770", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3770" + }, + { + "name": "RHSA-2017:2192", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2192" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3713.json b/2017/3xxx/CVE-2017-3713.json index b673a3c9f5c..2ab766c2778 100644 --- a/2017/3xxx/CVE-2017-3713.json +++ b/2017/3xxx/CVE-2017-3713.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3713", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3713", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3838.json b/2017/3xxx/CVE-2017-3838.json index 51ca793e466..fc12aedb4fc 100644 --- a/2017/3xxx/CVE-2017-3838.json +++ b/2017/3xxx/CVE-2017-3838.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Secure Access Control System", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Secure Access Control System" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc04838. Known Affected Releases: 5.8(2.5)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Secure Access Control System", + "version": { + "version_data": [ + { + "version_value": "Cisco Secure Access Control System" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs" - }, - { - "name" : "96234", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96234" - }, - { - "name" : "1037835", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037835" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc04838. Known Affected Releases: 5.8(2.5)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037835", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037835" + }, + { + "name": "96234", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96234" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3940.json b/2017/3xxx/CVE-2017-3940.json index 35bf7d6f88b..275c1349ae8 100644 --- a/2017/3xxx/CVE-2017-3940.json +++ b/2017/3xxx/CVE-2017-3940.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3940", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-3940", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7749.json b/2017/7xxx/CVE-2017-7749.json index ff46400e16e..21a76fa6a6c 100644 --- a/2017/7xxx/CVE-2017-7749.json +++ b/2017/7xxx/CVE-2017-7749.json @@ -1,130 +1,130 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "54" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.2" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.2" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use-after-free during docshell reloading" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "54" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.2" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.2" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1355039", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1355039" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-15/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-15/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-16/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-16/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-17/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-17/" - }, - { - "name" : "DSA-3881", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3881" - }, - { - "name" : "DSA-3918", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3918" - }, - { - "name" : "RHSA-2017:1440", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1440" - }, - { - "name" : "RHSA-2017:1561", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1561" - }, - { - "name" : "99057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99057" - }, - { - "name" : "1038689", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-after-free during docshell reloading" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355039", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355039" + }, + { + "name": "99057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99057" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-15/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/" + }, + { + "name": "DSA-3918", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3918" + }, + { + "name": "1038689", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038689" + }, + { + "name": "DSA-3881", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3881" + }, + { + "name": "RHSA-2017:1440", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1440" + }, + { + "name": "RHSA-2017:1561", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1561" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-17/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-17/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-16/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-16/" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8005.json b/2017/8xxx/CVE-2017-8005.json index 07d29e071cf..2d8ba7411a0 100644 --- a/2017/8xxx/CVE-2017-8005.json +++ b/2017/8xxx/CVE-2017-8005.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security_alert@emc.com", - "ID" : "CVE-2017-8005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)", - "version" : { - "version_data" : [ - { - "version_value" : "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Multiple Stored Cross-Site Scripting Vulnerabilities" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2017-8005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)", + "version": { + "version_data": [ + { + "version_value": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Jul/24", - "refsource" : "CONFIRM", - "url" : "http://seclists.org/fulldisclosure/2017/Jul/24" - }, - { - "name" : "99591", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99591" - }, - { - "name" : "1038877", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038877" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Multiple Stored Cross-Site Scripting Vulnerabilities" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038877", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038877" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Jul/24", + "refsource": "CONFIRM", + "url": "http://seclists.org/fulldisclosure/2017/Jul/24" + }, + { + "name": "99591", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99591" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8372.json b/2017/8xxx/CVE-2017-8372.json index 526e8b3f3f9..068f6821e4f 100644 --- a/2017/8xxx/CVE-2017-8372.json +++ b/2017/8xxx/CVE-2017-8372.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8372", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8372", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180518 [SECURITY] [DLA 1380-1] libmad security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00011.html" - }, - { - "name" : "https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/" - }, - { - "name" : "DSA-4192", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4192" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/" + }, + { + "name": "DSA-4192", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4192" + }, + { + "name": "[debian-lts-announce] 20180518 [SECURITY] [DLA 1380-1] libmad security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00011.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8469.json b/2017/8xxx/CVE-2017-8469.json index d05fc220f9f..adfdc8dda4a 100644 --- a/2017/8xxx/CVE-2017-8469.json +++ b/2017/8xxx/CVE-2017-8469.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka \"Windows Kernel Information Disclosure Vulnerability,\" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Windows", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42217", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42217/" - }, - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8469", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8469" - }, - { - "name" : "98842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98842" - }, - { - "name" : "1038659", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038659" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka \"Windows Kernel Information Disclosure Vulnerability,\" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038659", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038659" + }, + { + "name": "42217", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42217/" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8469", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8469" + }, + { + "name": "98842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98842" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8650.json b/2017/8xxx/CVE-2017-8650.json index 20d3d4a264d..8a6b04d85d8 100644 --- a/2017/8xxx/CVE-2017-8650.json +++ b/2017/8xxx/CVE-2017-8650.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-8650", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 1703." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka \"Microsoft Edge Security Feature Bypass Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Security Feature Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-8650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 1703." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8650", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8650" - }, - { - "name" : "100048", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100048" - }, - { - "name" : "1039101", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka \"Microsoft Edge Security Feature Bypass Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100048", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100048" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8650", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8650" + }, + { + "name": "1039101", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039101" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10540.json b/2018/10xxx/CVE-2018-10540.json index 0773a348c9f..4222b530ab0 100644 --- a/2018/10xxx/CVE-2018-10540.json +++ b/2018/10xxx/CVE-2018-10540.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10540", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10540", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d", - "refsource" : "MISC", - "url" : "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d" - }, - { - "name" : "https://github.com/dbry/WavPack/issues/33", - "refsource" : "MISC", - "url" : "https://github.com/dbry/WavPack/issues/33" - }, - { - "name" : "DSA-4197", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4197" - }, - { - "name" : "USN-3637-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3637-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/dbry/WavPack/issues/33", + "refsource": "MISC", + "url": "https://github.com/dbry/WavPack/issues/33" + }, + { + "name": "DSA-4197", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4197" + }, + { + "name": "USN-3637-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3637-1/" + }, + { + "name": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d", + "refsource": "MISC", + "url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12270.json b/2018/12xxx/CVE-2018-12270.json index 26ed6dd5858..2b9fd9955da 100644 --- a/2018/12xxx/CVE-2018-12270.json +++ b/2018/12xxx/CVE-2018-12270.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12270", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12270", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12849.json b/2018/12xxx/CVE-2018-12849.json index abd63ad1ab9..7bc0544bbc5 100644 --- a/2018/12xxx/CVE-2018-12849.json +++ b/2018/12xxx/CVE-2018-12849.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html" - }, - { - "name" : "105358", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105358" - }, - { - "name" : "1041702", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041702" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html" + }, + { + "name": "105358", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105358" + }, + { + "name": "1041702", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041702" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13033.json b/2018/13xxx/CVE-2018-13033.json index 81d0126d98a..924eb4d16fd 100644 --- a/2018/13xxx/CVE-2018-13033.json +++ b/2018/13xxx/CVE-2018-13033.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23361", - "refsource" : "MISC", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23361" - }, - { - "name" : "RHSA-2018:3032", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3032" - }, - { - "name" : "104584", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23361", + "refsource": "MISC", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23361" + }, + { + "name": "RHSA-2018:3032", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3032" + }, + { + "name": "104584", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104584" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13363.json b/2018/13xxx/CVE-2018-13363.json index 48a8b364eac..97fdaa174ec 100644 --- a/2018/13xxx/CVE-2018-13363.json +++ b/2018/13xxx/CVE-2018-13363.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13363", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13363", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13881.json b/2018/13xxx/CVE-2018-13881.json index b7d4b52e33d..4065c68de68 100644 --- a/2018/13xxx/CVE-2018-13881.json +++ b/2018/13xxx/CVE-2018-13881.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13881", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13881", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16507.json b/2018/16xxx/CVE-2018-16507.json index e16dd80c900..063f716feca 100644 --- a/2018/16xxx/CVE-2018-16507.json +++ b/2018/16xxx/CVE-2018-16507.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16507", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16507", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16678.json b/2018/16xxx/CVE-2018-16678.json index f81a30473e0..9cf13f2dc81 100644 --- a/2018/16xxx/CVE-2018-16678.json +++ b/2018/16xxx/CVE-2018-16678.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16678", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16678", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17043.json b/2018/17xxx/CVE-2018-17043.json index 2205fd49655..18666628b5f 100644 --- a/2018/17xxx/CVE-2018-17043.json +++ b/2018/17xxx/CVE-2018-17043.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue has been found in doc2txt through 2014-03-19. It is a heap-based buffer overflow in the function Storage::init in Storage.cpp, called from parse_doc in parse_doc.cpp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/grandnew/software-vulnerabilities/tree/master/doc2txt#heap-buffer-overflow-in-function-storageinit", - "refsource" : "MISC", - "url" : "https://github.com/grandnew/software-vulnerabilities/tree/master/doc2txt#heap-buffer-overflow-in-function-storageinit" - }, - { - "name" : "https://github.com/tsfn/doc2txt/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/tsfn/doc2txt/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue has been found in doc2txt through 2014-03-19. It is a heap-based buffer overflow in the function Storage::init in Storage.cpp, called from parse_doc in parse_doc.cpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/tsfn/doc2txt/issues/1", + "refsource": "MISC", + "url": "https://github.com/tsfn/doc2txt/issues/1" + }, + { + "name": "https://github.com/grandnew/software-vulnerabilities/tree/master/doc2txt#heap-buffer-overflow-in-function-storageinit", + "refsource": "MISC", + "url": "https://github.com/grandnew/software-vulnerabilities/tree/master/doc2txt#heap-buffer-overflow-in-function-storageinit" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17263.json b/2018/17xxx/CVE-2018-17263.json index 98e2f6abdfa..bfc394763db 100644 --- a/2018/17xxx/CVE-2018-17263.json +++ b/2018/17xxx/CVE-2018-17263.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17263", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-17263", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17988.json b/2018/17xxx/CVE-2018-17988.json index b4b9be0d906..7434ada71e4 100644 --- a/2018/17xxx/CVE-2018-17988.json +++ b/2018/17xxx/CVE-2018-17988.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17988", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LayerBB 1.1.1 has SQL Injection via the search.php search_query parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45530", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45530/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LayerBB 1.1.1 has SQL Injection via the search.php search_query parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45530", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45530/" + } + ] + } +} \ No newline at end of file