From f92a60ed999ee4c8dc81fb67d3b8b8684113cb0b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 00:05:21 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2004/0xxx/CVE-2004-0424.json | 240 ++++++++++++------------- 2004/0xxx/CVE-2004-0488.json | 300 +++++++++++++++---------------- 2004/0xxx/CVE-2004-0496.json | 130 +++++++------- 2004/0xxx/CVE-2004-0819.json | 140 +++++++-------- 2004/1xxx/CVE-2004-1117.json | 130 +++++++------- 2004/1xxx/CVE-2004-1196.json | 150 ++++++++-------- 2004/1xxx/CVE-2004-1295.json | 130 +++++++------- 2004/1xxx/CVE-2004-1625.json | 140 +++++++-------- 2004/2xxx/CVE-2004-2211.json | 170 +++++++++--------- 2004/2xxx/CVE-2004-2274.json | 170 +++++++++--------- 2004/2xxx/CVE-2004-2280.json | 150 ++++++++-------- 2008/2xxx/CVE-2008-2135.json | 160 ++++++++--------- 2008/2xxx/CVE-2008-2173.json | 130 +++++++------- 2008/2xxx/CVE-2008-2203.json | 150 ++++++++-------- 2008/2xxx/CVE-2008-2514.json | 230 ++++++++++++------------ 2008/2xxx/CVE-2008-2905.json | 160 ++++++++--------- 2008/3xxx/CVE-2008-3437.json | 150 ++++++++-------- 2008/3xxx/CVE-2008-3578.json | 170 +++++++++--------- 2008/6xxx/CVE-2008-6043.json | 150 ++++++++-------- 2008/6xxx/CVE-2008-6670.json | 180 +++++++++---------- 2008/6xxx/CVE-2008-6744.json | 180 +++++++++---------- 2008/6xxx/CVE-2008-6749.json | 150 ++++++++-------- 2008/6xxx/CVE-2008-6998.json | 200 ++++++++++----------- 2008/7xxx/CVE-2008-7312.json | 130 +++++++------- 2013/2xxx/CVE-2013-2234.json | 320 ++++++++++++++++----------------- 2013/2xxx/CVE-2013-2468.json | 320 ++++++++++++++++----------------- 2017/11xxx/CVE-2017-11141.json | 130 +++++++------- 2017/11xxx/CVE-2017-11576.json | 130 +++++++------- 2017/11xxx/CVE-2017-11724.json | 140 +++++++-------- 2017/11xxx/CVE-2017-11800.json | 142 +++++++-------- 2017/14xxx/CVE-2017-14073.json | 34 ++-- 2017/14xxx/CVE-2017-14406.json | 120 ++++++------- 2017/14xxx/CVE-2017-14498.json | 150 ++++++++-------- 2017/14xxx/CVE-2017-14654.json | 34 ++-- 2017/14xxx/CVE-2017-14891.json | 132 +++++++------- 2017/15xxx/CVE-2017-15118.json | 212 +++++++++++----------- 2017/8xxx/CVE-2017-8008.json | 34 ++-- 2017/8xxx/CVE-2017-8292.json | 34 ++-- 2017/8xxx/CVE-2017-8757.json | 142 +++++++-------- 2018/12xxx/CVE-2018-12020.json | 250 +++++++++++++------------- 2018/12xxx/CVE-2018-12556.json | 34 ++-- 2018/12xxx/CVE-2018-12732.json | 34 ++-- 2018/13xxx/CVE-2018-13401.json | 246 ++++++++++++------------- 2018/13xxx/CVE-2018-13648.json | 130 +++++++------- 2018/13xxx/CVE-2018-13947.json | 34 ++-- 2018/16xxx/CVE-2018-16147.json | 150 ++++++++-------- 2018/16xxx/CVE-2018-16396.json | 250 +++++++++++++------------- 2018/16xxx/CVE-2018-16763.json | 120 ++++++------- 2018/16xxx/CVE-2018-16785.json | 120 ++++++------- 2018/16xxx/CVE-2018-16803.json | 130 +++++++------- 2018/4xxx/CVE-2018-4585.json | 34 ++-- 2018/4xxx/CVE-2018-4905.json | 140 +++++++-------- 52 files changed, 3868 insertions(+), 3868 deletions(-) diff --git a/2004/0xxx/CVE-2004-0424.json b/2004/0xxx/CVE-2004-0424.json index c6a4893bdf4..cd09a0998fd 100644 --- a/2004/0xxx/CVE-2004-0424.json +++ b/2004/0xxx/CVE-2004-0424.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0424", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0424", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.isec.pl/vulnerabilities/isec-0015-msfilter.txt", - "refsource" : "MISC", - "url" : "http://www.isec.pl/vulnerabilities/isec-0015-msfilter.txt" - }, - { - "name" : "20040420 Linux kernel setsockopt MCAST_MSFILTER integer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108253171301153&w=2" - }, - { - "name" : "CLA-2004:852", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852" - }, - { - "name" : "RHSA-2004:183", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-183.html" - }, - { - "name" : "MDKSA-2004:037", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:037" - }, - { - "name" : "ESA-20040428-004", - "refsource" : "ENGARDE", - "url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html" - }, - { - "name" : "SSA:2004-119", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.659586" - }, - { - "name" : "20040504-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc" - }, - { - "name" : "SuSE-SA:2004:010", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_10_kernel.html" - }, - { - "name" : "10179", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10179" - }, - { - "name" : "oval:org.mitre.oval:def:11214", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11214" - }, - { - "name" : "linux-ipsetsockopt-integer-bo(15907)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15907" - }, - { - "name" : "oval:org.mitre.oval:def:939", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSA:2004-119", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.659586" + }, + { + "name": "SuSE-SA:2004:010", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_10_kernel.html" + }, + { + "name": "oval:org.mitre.oval:def:939", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A939" + }, + { + "name": "oval:org.mitre.oval:def:11214", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11214" + }, + { + "name": "RHSA-2004:183", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-183.html" + }, + { + "name": "MDKSA-2004:037", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:037" + }, + { + "name": "linux-ipsetsockopt-integer-bo(15907)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15907" + }, + { + "name": "20040504-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc" + }, + { + "name": "10179", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10179" + }, + { + "name": "ESA-20040428-004", + "refsource": "ENGARDE", + "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html" + }, + { + "name": "http://www.isec.pl/vulnerabilities/isec-0015-msfilter.txt", + "refsource": "MISC", + "url": "http://www.isec.pl/vulnerabilities/isec-0015-msfilter.txt" + }, + { + "name": "CLA-2004:852", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852" + }, + { + "name": "20040420 Linux kernel setsockopt MCAST_MSFILTER integer overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108253171301153&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0488.json b/2004/0xxx/CVE-2004-0488.json index 515eee085c7..3ff06ffa310 100644 --- a/2004/0xxx/CVE-2004-0488.json +++ b/2004/0xxx/CVE-2004-0488.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0488", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0488", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040517 mod_ssl ssl_util_uuencode_binary potential problem", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021610.html" - }, - { - "name" : "DSA-532", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-532" - }, - { - "name" : "FLSA:1888", - "refsource" : "FEDORA", - "url" : "https://bugzilla.fedora.us/show_bug.cgi?id=1888" - }, - { - "name" : "SSRT4777", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=109181600614477&w=2" - }, - { - "name" : "SSRT4788", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=109215056218824&w=2" - }, - { - "name" : "MDKSA-2004:054", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:054" - }, - { - "name" : "MDKSA-2004:055", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:055" - }, - { - "name" : "RHSA-2005:816", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-816.html" - }, - { - "name" : "2004-0031", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.net/errata/2004/0031/" - }, - { - "name" : "20040527 [OpenPKG-SA-2004.026] OpenPKG Security Advisory (apache)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108567431823750&w=2" - }, - { - "name" : "20040601 TSSA-2004-008 - apache", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108619129727620&w=2" - }, - { - "name" : "GLSA-200406-05", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200406-05.xml" - }, - { - "name" : "RHSA-2004:245", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2004-245.html" - }, - { - "name" : "RHSA-2004:342", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-342.html" - }, - { - "name" : "RHSA-2004:405", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-405.html" - }, - { - "name" : "20040605-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc" - }, - { - "name" : "10355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10355" - }, - { - "name" : "oval:org.mitre.oval:def:11458", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11458" - }, - { - "name" : "apache-modssl-uuencode-bo(16214)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "2004-0031", + "refsource": "TRUSTIX", + "url": "http://www.trustix.net/errata/2004/0031/" + }, + { + "name": "oval:org.mitre.oval:def:11458", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11458" + }, + { + "name": "MDKSA-2004:054", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:054" + }, + { + "name": "RHSA-2004:342", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-342.html" + }, + { + "name": "RHSA-2004:245", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2004-245.html" + }, + { + "name": "GLSA-200406-05", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200406-05.xml" + }, + { + "name": "20040527 [OpenPKG-SA-2004.026] OpenPKG Security Advisory (apache)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108567431823750&w=2" + }, + { + "name": "RHSA-2004:405", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-405.html" + }, + { + "name": "SSRT4788", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=109215056218824&w=2" + }, + { + "name": "20040605-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc" + }, + { + "name": "RHSA-2005:816", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-816.html" + }, + { + "name": "SSRT4777", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=109181600614477&w=2" + }, + { + "name": "20040517 mod_ssl ssl_util_uuencode_binary potential problem", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021610.html" + }, + { + "name": "10355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10355" + }, + { + "name": "DSA-532", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-532" + }, + { + "name": "FLSA:1888", + "refsource": "FEDORA", + "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1888" + }, + { + "name": "MDKSA-2004:055", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:055" + }, + { + "name": "apache-modssl-uuencode-bo(16214)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16214" + }, + { + "name": "20040601 TSSA-2004-008 - apache", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108619129727620&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0496.json b/2004/0xxx/CVE-2004-0496.json index 4018346da25..c38cb9666e3 100644 --- a/2004/0xxx/CVE-2004-0496.json +++ b/2004/0xxx/CVE-2004-0496.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SUSE-SA:2004:020", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_20_kernel.html" - }, - { - "name" : "linux-gain-privileges(16625)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16625" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "linux-gain-privileges(16625)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16625" + }, + { + "name": "SUSE-SA:2004:020", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_20_kernel.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0819.json b/2004/0xxx/CVE-2004-0819.json index 86c9f5da93e..5fc1ead5cb8 100644 --- a/2004/0xxx/CVE-2004-0819.json +++ b/2004/0xxx/CVE-2004-0819.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0819", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The bridge functionality in OpenBSD 3.4 and 3.5, when running a gateway configured as a bridging firewall with the link2 option for IPSec enabled, allows remote attackers to cause a denial of service (crash) via an ICMP echo (ping) packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0819", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040825 Vulnerability: OpenBSD 3.5 Kernel Panic.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109345131508824&w=2" - }, - { - "name" : "20040826 028: RELIABILITY FIX: August 26, 2004", - "refsource" : "OPENBSD", - "url" : "http://openbsd.org/errata34.html" - }, - { - "name" : "openbsd-icmp-echo-dos(17129)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17129" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The bridge functionality in OpenBSD 3.4 and 3.5, when running a gateway configured as a bridging firewall with the link2 option for IPSec enabled, allows remote attackers to cause a denial of service (crash) via an ICMP echo (ping) packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openbsd-icmp-echo-dos(17129)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17129" + }, + { + "name": "20040826 028: RELIABILITY FIX: August 26, 2004", + "refsource": "OPENBSD", + "url": "http://openbsd.org/errata34.html" + }, + { + "name": "20040825 Vulnerability: OpenBSD 3.5 Kernel Panic.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109345131508824&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1117.json b/2004/1xxx/CVE-2004-1117.json index 68f3b361991..45fca70c9d5 100644 --- a/2004/1xxx/CVE-2004-1117.json +++ b/2004/1xxx/CVE-2004-1117.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1117", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1117", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200411-26", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200411-26.xml" - }, - { - "name" : "seti@home-gain-privileges(18149)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200411-26", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-26.xml" + }, + { + "name": "seti@home-gain-privileges(18149)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18149" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1196.json b/2004/1xxx/CVE-2004-1196.json index 83b41611ffd..2153e43303c 100644 --- a/2004/1xxx/CVE-2004-1196.json +++ b/2004/1xxx/CVE-2004-1196.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail allows remote attackers to inject arbitrary web script or HTML via the acao parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041124 XSS in Brazilian Insite products", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110140029419018&w=2" - }, - { - "name" : "13188", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13188/" - }, - { - "name" : "11758", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11758" - }, - { - "name" : "insite-inmail-inshop-xss(18268)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail allows remote attackers to inject arbitrary web script or HTML via the acao parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "insite-inmail-inshop-xss(18268)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18268" + }, + { + "name": "20041124 XSS in Brazilian Insite products", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110140029419018&w=2" + }, + { + "name": "13188", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13188/" + }, + { + "name": "11758", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11758" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1295.json b/2004/1xxx/CVE-2004-1295.json index 37115b664c2..fc44c58a632 100644 --- a/2004/1xxx/CVE-2004-1295.json +++ b/2004/1xxx/CVE-2004-1295.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1295", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The slip_down function in slip.c for the uml_net program in uml-utilities 20030903, when uml_net is installed setuid root, does not verify whether the calling user has sufficient permission to disable an interface, which allows local users to cause a denial of service (network service disabled)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1295", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://tigger.uic.edu/~jlongs2/holes/uml-utilites.txt", - "refsource" : "MISC", - "url" : "http://tigger.uic.edu/~jlongs2/holes/uml-utilites.txt" - }, - { - "name" : "umlutilities-umtnet-slipdown-dos(18562)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18562" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The slip_down function in slip.c for the uml_net program in uml-utilities 20030903, when uml_net is installed setuid root, does not verify whether the calling user has sufficient permission to disable an interface, which allows local users to cause a denial of service (network service disabled)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://tigger.uic.edu/~jlongs2/holes/uml-utilites.txt", + "refsource": "MISC", + "url": "http://tigger.uic.edu/~jlongs2/holes/uml-utilites.txt" + }, + { + "name": "umlutilities-umtnet-slipdown-dos(18562)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18562" + } + ] + } +} \ No newline at end of file diff --git a/2004/1xxx/CVE-2004-1625.json b/2004/1xxx/CVE-2004-1625.json index 3e7fe83f99e..dc2cb235413 100644 --- a/2004/1xxx/CVE-2004-1625.json +++ b/2004/1xxx/CVE-2004-1625.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-1625", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "pGina 1.7.6 and possibly older versions, when the Restart or Shutdown options are enabled on the login screen, allows remote attackers to cause a denial of service by connecting via Remote Desktop and clicking restart or shutdown." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-1625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041022 Windows DoS in certain pGina configurations", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109849689808245&w=2" - }, - { - "name" : "http://www.lovebug.org/pgina_dos.txt", - "refsource" : "MISC", - "url" : "http://www.lovebug.org/pgina_dos.txt" - }, - { - "name" : "pgina-dos(17836)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17836" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "pGina 1.7.6 and possibly older versions, when the Restart or Shutdown options are enabled on the login screen, allows remote attackers to cause a denial of service by connecting via Remote Desktop and clicking restart or shutdown." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pgina-dos(17836)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17836" + }, + { + "name": "20041022 Windows DoS in certain pGina configurations", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109849689808245&w=2" + }, + { + "name": "http://www.lovebug.org/pgina_dos.txt", + "refsource": "MISC", + "url": "http://www.lovebug.org/pgina_dos.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2211.json b/2004/2xxx/CVE-2004-2211.json index 821a5140d8e..cef8f6590cf 100644 --- a/2004/2xxx/CVE-2004-2211.json +++ b/2004/2xxx/CVE-2004-2211.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) forum_id, (2) method, or (3) forum_title parameters to post.asp, (4) the forum_title parameter to forum.asp, or (5) the id parameter to post.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.maxpatrol.com/advdetails.asp?id=5", - "refsource" : "MISC", - "url" : "http://www.maxpatrol.com/advdetails.asp?id=5" - }, - { - "name" : "http://www.maxpatrol.com/mp_advisory.asp", - "refsource" : "MISC", - "url" : "http://www.maxpatrol.com/mp_advisory.asp" - }, - { - "name" : "11427", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11427" - }, - { - "name" : "10775", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10775" - }, - { - "name" : "12844", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12844" - }, - { - "name" : "alivesites-xss(17725)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17725" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) forum_id, (2) method, or (3) forum_title parameters to post.asp, (4) the forum_title parameter to forum.asp, or (5) the id parameter to post.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.maxpatrol.com/mp_advisory.asp", + "refsource": "MISC", + "url": "http://www.maxpatrol.com/mp_advisory.asp" + }, + { + "name": "10775", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10775" + }, + { + "name": "http://www.maxpatrol.com/advdetails.asp?id=5", + "refsource": "MISC", + "url": "http://www.maxpatrol.com/advdetails.asp?id=5" + }, + { + "name": "alivesites-xss(17725)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17725" + }, + { + "name": "11427", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11427" + }, + { + "name": "12844", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12844" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2274.json b/2004/2xxx/CVE-2004-2274.json index 663d59334a0..6ab5e1b63ce 100644 --- a/2004/2xxx/CVE-2004-2274.json +++ b/2004/2xxx/CVE-2004-2274.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.w3.org/Jigsaw/RelNotes.html#2.2.4", - "refsource" : "CONFIRM", - "url" : "http://www.w3.org/Jigsaw/RelNotes.html#2.2.4" - }, - { - "name" : "9711", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9711" - }, - { - "name" : "4014", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4014" - }, - { - "name" : "1009169", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1009169" - }, - { - "name" : "10975", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10975" - }, - { - "name" : "jigsaw-url-execute-code(15298)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1009169", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1009169" + }, + { + "name": "jigsaw-url-execute-code(15298)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15298" + }, + { + "name": "http://www.w3.org/Jigsaw/RelNotes.html#2.2.4", + "refsource": "CONFIRM", + "url": "http://www.w3.org/Jigsaw/RelNotes.html#2.2.4" + }, + { + "name": "9711", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9711" + }, + { + "name": "4014", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4014" + }, + { + "name": "10975", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10975" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2280.json b/2004/2xxx/CVE-2004-2280.json index faba1eefecb..9ef64528245 100644 --- a/2004/2xxx/CVE-2004-2280.json +++ b/2004/2xxx/CVE-2004-2280.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2280", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2280", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=475&context=SSKTWP&q1=Java&uid=swg21173910&loc=en_US&cs=utf-8&lang=en", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=475&context=SSKTWP&q1=Java&uid=swg21173910&loc=en_US&cs=utf-8&lang=en" - }, - { - "name" : "10704", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10704" - }, - { - "name" : "8418", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8418" - }, - { - "name" : "12046", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12046" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=475&context=SSKTWP&q1=Java&uid=swg21173910&loc=en_US&cs=utf-8&lang=en", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=475&context=SSKTWP&q1=Java&uid=swg21173910&loc=en_US&cs=utf-8&lang=en" + }, + { + "name": "10704", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10704" + }, + { + "name": "12046", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12046" + }, + { + "name": "8418", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8418" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2135.json b/2008/2xxx/CVE-2008-2135.json index dd9976175b0..b615bc58bef 100644 --- a/2008/2xxx/CVE-2008-2135.json +++ b/2008/2xxx/CVE-2008-2135.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) contentname parameter to showdetails.php and the (2) article parameter to printer.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080508 ezContents CMS Version 2.0.0 SQL Injection Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491813/100/0/threaded" - }, - { - "name" : "5559", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5559" - }, - { - "name" : "29098", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29098" - }, - { - "name" : "3865", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3865" - }, - { - "name" : "ezcontents-showdetails-sql-injection(42260)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42260" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) contentname parameter to showdetails.php and the (2) article parameter to printer.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080508 ezContents CMS Version 2.0.0 SQL Injection Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491813/100/0/threaded" + }, + { + "name": "3865", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3865" + }, + { + "name": "ezcontents-showdetails-sql-injection(42260)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42260" + }, + { + "name": "5559", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5559" + }, + { + "name": "29098", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29098" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2173.json b/2008/2xxx/CVE-2008-2173.json index 9476c0d5b15..2896f817b6c 100644 --- a/2008/2xxx/CVE-2008-2173.json +++ b/2008/2xxx/CVE-2008-2173.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Yamaha routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#929656", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/929656" - }, - { - "name" : "28999", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/28999" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Yamaha routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "28999", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/28999" + }, + { + "name": "VU#929656", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/929656" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2203.json b/2008/2xxx/CVE-2008-2203.json index 7596763f609..ed2d8dabc56 100644 --- a/2008/2xxx/CVE-2008-2203.json +++ b/2008/2xxx/CVE-2008-2203.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080503 Maian Search v1.1 Multiple Vulnerabilities (XSS/SQL INJECTION)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491586/100/0/threaded" - }, - { - "name" : "29032", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29032" - }, - { - "name" : "3883", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3883" - }, - { - "name" : "maian-search-search-sql-injection(42196)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42196" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "29032", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29032" + }, + { + "name": "maian-search-search-sql-injection(42196)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42196" + }, + { + "name": "20080503 Maian Search v1.1 Multiple Vulnerabilities (XSS/SQL INJECTION)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491586/100/0/threaded" + }, + { + "name": "3883", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3883" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2514.json b/2008/2xxx/CVE-2008-2514.json index 824ccae50d8..ef0a37a2987 100644 --- a/2008/2xxx/CVE-2008-2514.json +++ b/2008/2xxx/CVE-2008-2514.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/errpt_advisory.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/errpt_advisory.asc" - }, - { - "name" : "IZ19905", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ19905" - }, - { - "name" : "IZ21494", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ21494" - }, - { - "name" : "IZ22346", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ22346" - }, - { - "name" : "IZ22347", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ22347" - }, - { - "name" : "IZ22348", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ22348" - }, - { - "name" : "29323", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29323" - }, - { - "name" : "oval:org.mitre.oval:def:5629", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5629" - }, - { - "name" : "30349", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30349" - }, - { - "name" : "ADV-2008-1626", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1626/references" - }, - { - "name" : "1020084", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020084" - }, - { - "name" : "ibm-aix-setuidroot-errpt-bo(42578)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42578" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:5629", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5629" + }, + { + "name": "IZ21494", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ21494" + }, + { + "name": "IZ22348", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22348" + }, + { + "name": "30349", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30349" + }, + { + "name": "IZ22347", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22347" + }, + { + "name": "IZ22346", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22346" + }, + { + "name": "ADV-2008-1626", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1626/references" + }, + { + "name": "1020084", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020084" + }, + { + "name": "ibm-aix-setuidroot-errpt-bo(42578)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42578" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/errpt_advisory.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/errpt_advisory.asc" + }, + { + "name": "IZ19905", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ19905" + }, + { + "name": "29323", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29323" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2905.json b/2008/2xxx/CVE-2008-2905.json index 00492dea045..bdd65496086 100644 --- a/2008/2xxx/CVE-2008-2905.json +++ b/2008/2xxx/CVE-2008-2905.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5808", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5808" - }, - { - "name" : "29716", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29716" - }, - { - "name" : "1020295", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020295" - }, - { - "name" : "30685", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30685" - }, - { - "name" : "mambo-output-file-include(43101)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5808", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5808" + }, + { + "name": "30685", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30685" + }, + { + "name": "29716", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29716" + }, + { + "name": "1020295", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020295" + }, + { + "name": "mambo-output-file-include(43101)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43101" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3437.json b/2008/3xxx/CVE-2008-3437.json index 4afb83655c0..f821b3545e3 100644 --- a/2008/3xxx/CVE-2008-3437.json +++ b/2008/3xxx/CVE-2008-3437.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html" - }, - { - "name" : "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf", - "refsource" : "MISC", - "url" : "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf" - }, - { - "name" : "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz", - "refsource" : "MISC", - "url" : "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz" - }, - { - "name" : "1020583", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1020583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf", + "refsource": "MISC", + "url": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf" + }, + { + "name": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz", + "refsource": "MISC", + "url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz" + }, + { + "name": "1020583", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1020583" + }, + { + "name": "20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/3xxx/CVE-2008-3578.json b/2008/3xxx/CVE-2008-3578.json index 9630c28af2f..7486b3aa35e 100644 --- a/2008/3xxx/CVE-2008-3578.json +++ b/2008/3xxx/CVE-2008-3578.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-3578", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long irc:// URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-3578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6201", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6201" - }, - { - "name" : "30523", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30523" - }, - { - "name" : "ADV-2008-2309", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2309" - }, - { - "name" : "31376", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31376" - }, - { - "name" : "4126", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4126" - }, - { - "name" : "hydrairc-irc-bo(44204)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long irc:// URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-2309", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2309" + }, + { + "name": "6201", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6201" + }, + { + "name": "31376", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31376" + }, + { + "name": "4126", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4126" + }, + { + "name": "hydrairc-irc-bo(44204)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44204" + }, + { + "name": "30523", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30523" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6043.json b/2008/6xxx/CVE-2008-6043.json index 16478c8131a..f4613daf0e9 100644 --- a/2008/6xxx/CVE-2008-6043.json +++ b/2008/6xxx/CVE-2008-6043.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 allow remote attackers to execute arbitrary SQL commands via the (1) order_field and (2) order_type parameters to categories.php and unspecified other components. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080919 PHP pro bid v 6.04 SQL injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/496533/100/0/threaded" - }, - { - "name" : "31263", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31263" - }, - { - "name" : "48484", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/48484" - }, - { - "name" : "31981", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31981" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 allow remote attackers to execute arbitrary SQL commands via the (1) order_field and (2) order_type parameters to categories.php and unspecified other components. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48484", + "refsource": "OSVDB", + "url": "http://osvdb.org/48484" + }, + { + "name": "31981", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31981" + }, + { + "name": "31263", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31263" + }, + { + "name": "20080919 PHP pro bid v 6.04 SQL injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/496533/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6670.json b/2008/6xxx/CVE-2008-6670.json index 1e70bd77a83..8350f72bf17 100644 --- a/2008/6xxx/CVE-2008-6670.json +++ b/2008/6xxx/CVE-2008-6670.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet to UDP port 27960." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/sunagex-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/sunagex-adv.txt" - }, - { - "name" : "http://aluigi.org/poc/sunagex.zip", - "refsource" : "MISC", - "url" : "http://aluigi.org/poc/sunagex.zip" - }, - { - "name" : "29889", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29889" - }, - { - "name" : "46561", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46561" - }, - { - "name" : "30823", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30823" - }, - { - "name" : "ADV-2008-1903", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1903/references" - }, - { - "name" : "sunage-unspecified-dos(43249)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43249" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet to UDP port 27960." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1903", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1903/references" + }, + { + "name": "sunage-unspecified-dos(43249)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43249" + }, + { + "name": "30823", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30823" + }, + { + "name": "46561", + "refsource": "OSVDB", + "url": "http://osvdb.org/46561" + }, + { + "name": "29889", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29889" + }, + { + "name": "http://aluigi.org/poc/sunagex.zip", + "refsource": "MISC", + "url": "http://aluigi.org/poc/sunagex.zip" + }, + { + "name": "http://aluigi.altervista.org/adv/sunagex-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/sunagex-adv.txt" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6744.json b/2008/6xxx/CVE-2008-6744.json index a07dfb15fbb..de80d7cd260 100644 --- a/2008/6xxx/CVE-2008-6744.json +++ b/2008/6xxx/CVE-2008-6744.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cybozu.co.jp/products/dl/notice/detail/0016.html", - "refsource" : "CONFIRM", - "url" : "http://cybozu.co.jp/products/dl/notice/detail/0016.html" - }, - { - "name" : "http://cybozu.co.jp/products/dl/notice/detail/0018.html", - "refsource" : "CONFIRM", - "url" : "http://cybozu.co.jp/products/dl/notice/detail/0018.html" - }, - { - "name" : "JVN#18405927", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN18405927/index.html" - }, - { - "name" : "JVNDB-2008-000033", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000033.html" - }, - { - "name" : "46575", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/46575" - }, - { - "name" : "30882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30882" - }, - { - "name" : "garoon-unspecified-csrf(43438)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43438" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://cybozu.co.jp/products/dl/notice/detail/0016.html", + "refsource": "CONFIRM", + "url": "http://cybozu.co.jp/products/dl/notice/detail/0016.html" + }, + { + "name": "http://cybozu.co.jp/products/dl/notice/detail/0018.html", + "refsource": "CONFIRM", + "url": "http://cybozu.co.jp/products/dl/notice/detail/0018.html" + }, + { + "name": "JVN#18405927", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN18405927/index.html" + }, + { + "name": "JVNDB-2008-000033", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000033.html" + }, + { + "name": "garoon-unspecified-csrf(43438)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43438" + }, + { + "name": "30882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30882" + }, + { + "name": "46575", + "refsource": "OSVDB", + "url": "http://osvdb.org/46575" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6749.json b/2008/6xxx/CVE-2008-6749.json index 68d06fe2ddb..f604c139aaa 100644 --- a/2008/6xxx/CVE-2008-6749.json +++ b/2008/6xxx/CVE-2008-6749.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) checkuser and (2) checkpass parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7614", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/7614" - }, - { - "name" : "51302", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51302" - }, - { - "name" : "33353", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33353" - }, - { - "name" : "flexphpdirectory-index-sql-injection(47640)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) checkuser and (2) checkpass parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33353", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33353" + }, + { + "name": "flexphpdirectory-index-sql-injection(47640)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47640" + }, + { + "name": "51302", + "refsource": "OSVDB", + "url": "http://osvdb.org/51302" + }, + { + "name": "7614", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/7614" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6998.json b/2008/6xxx/CVE-2008-6998.json index 031da3e1d7e..85a8c214399 100644 --- a/2008/6xxx/CVE-2008-6998.json +++ b/2008/6xxx/CVE-2008-6998.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Google Chrome 0.2.149.27 and other versions before 0.2.149.29 might allow user-assisted remote attackers to execute arbitrary code via a link target (href attribute) with a large number of path elements, which triggers the overflow when the status bar is updated after the user hovers over the link." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "6372", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/6372" - }, - { - "name" : "http://shinnok.evonet.ro/vulns_html/chrome.html", - "refsource" : "MISC", - "url" : "http://shinnok.evonet.ro/vulns_html/chrome.html" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2008/09/beta-release-0214929.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2008/09/beta-release-0214929.html" - }, - { - "name" : "http://src.chromium.org/viewvc/chrome/branches/chrome_official_branch/src/chrome/common/gfx/url_elider.cc?r1=1774&r2=1797&pathrev=1797", - "refsource" : "CONFIRM", - "url" : "http://src.chromium.org/viewvc/chrome/branches/chrome_official_branch/src/chrome/common/gfx/url_elider.cc?r1=1774&r2=1797&pathrev=1797" - }, - { - "name" : "31034", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31034" - }, - { - "name" : "31071", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/31071" - }, - { - "name" : "48264", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/48264" - }, - { - "name" : "google-chrome-href-dos(44934)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44934" - }, - { - "name" : "google-chrome-urlelider-bo(45032)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45032" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Google Chrome 0.2.149.27 and other versions before 0.2.149.29 might allow user-assisted remote attackers to execute arbitrary code via a link target (href attribute) with a large number of path elements, which triggers the overflow when the status bar is updated after the user hovers over the link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "google-chrome-href-dos(44934)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44934" + }, + { + "name": "http://src.chromium.org/viewvc/chrome/branches/chrome_official_branch/src/chrome/common/gfx/url_elider.cc?r1=1774&r2=1797&pathrev=1797", + "refsource": "CONFIRM", + "url": "http://src.chromium.org/viewvc/chrome/branches/chrome_official_branch/src/chrome/common/gfx/url_elider.cc?r1=1774&r2=1797&pathrev=1797" + }, + { + "name": "google-chrome-urlelider-bo(45032)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45032" + }, + { + "name": "31034", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31034" + }, + { + "name": "http://googlechromereleases.blogspot.com/2008/09/beta-release-0214929.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2008/09/beta-release-0214929.html" + }, + { + "name": "6372", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/6372" + }, + { + "name": "48264", + "refsource": "OSVDB", + "url": "http://osvdb.org/48264" + }, + { + "name": "http://shinnok.evonet.ro/vulns_html/chrome.html", + "refsource": "MISC", + "url": "http://shinnok.evonet.ro/vulns_html/chrome.html" + }, + { + "name": "31071", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/31071" + } + ] + } +} \ No newline at end of file diff --git a/2008/7xxx/CVE-2008-7312.json b/2008/7xxx/CVE-2008-7312.json index c992ab4069c..e11872250c0 100644 --- a/2008/7xxx/CVE-2008-7312.json +++ b/2008/7xxx/CVE-2008-7312.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-7312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Filtering Service in Websense Enterprise 5.2 through 6.3 does not consider the IP address during URL categorization, which makes it easier for remote attackers to bypass filtering via an HTTP request, as demonstrated by a request to a compromised server associated with a specific IP address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-7312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.websense.com/support/article/t-kbarticle/Why-doesn-t-my-Websense-installation-categorize-URLs-and-Permit-Block-in-accordance-with-the-Site-Lookup-Tool-s-categorization", - "refsource" : "CONFIRM", - "url" : "http://www.websense.com/support/article/t-kbarticle/Why-doesn-t-my-Websense-installation-categorize-URLs-and-Permit-Block-in-accordance-with-the-Site-Lookup-Tool-s-categorization" - }, - { - "name" : "websense-filtering-sec-bypass(78299)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78299" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Filtering Service in Websense Enterprise 5.2 through 6.3 does not consider the IP address during URL categorization, which makes it easier for remote attackers to bypass filtering via an HTTP request, as demonstrated by a request to a compromised server associated with a specific IP address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "websense-filtering-sec-bypass(78299)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78299" + }, + { + "name": "http://www.websense.com/support/article/t-kbarticle/Why-doesn-t-my-Websense-installation-categorize-URLs-and-Permit-Block-in-accordance-with-the-Site-Lookup-Tool-s-categorization", + "refsource": "CONFIRM", + "url": "http://www.websense.com/support/article/t-kbarticle/Why-doesn-t-my-Websense-installation-categorize-URLs-and-Permit-Block-in-accordance-with-the-Site-Lookup-Tool-s-categorization" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2234.json b/2013/2xxx/CVE-2013-2234.json index 2d5f7fd1a80..cad87977ad8 100644 --- a/2013/2xxx/CVE-2013-2234.json +++ b/2013/2xxx/CVE-2013-2234.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2013-2234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130702 Re: CVE Request: information leak in AF_KEY notify messages", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2013/07/02/7" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=980995", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=980995" - }, - { - "name" : "https://github.com/torvalds/linux/commit/a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2", - "refsource" : "CONFIRM", - "url" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2" - }, - { - "name" : "DSA-2766", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2013/dsa-2766" - }, - { - "name" : "RHSA-2013:1645", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1645.html" - }, - { - "name" : "RHSA-2013:1166", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1166.html" - }, - { - "name" : "SUSE-SU-2013:1473", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html" - }, - { - "name" : "SUSE-SU-2013:1474", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html" - }, - { - "name" : "openSUSE-SU-2013:1971", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html" - }, - { - "name" : "USN-1912-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1912-1" - }, - { - "name" : "USN-1913-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1913-1" - }, - { - "name" : "USN-1938-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1938-1" - }, - { - "name" : "USN-1941-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1941-1" - }, - { - "name" : "USN-1942-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1942-1" - }, - { - "name" : "USN-1943-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1943-1" - }, - { - "name" : "USN-1944-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1944-1" - }, - { - "name" : "USN-1945-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1945-1" - }, - { - "name" : "USN-1946-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1946-1" - }, - { - "name" : "USN-1947-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1947-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1943-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1943-1" + }, + { + "name": "RHSA-2013:1166", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1166.html" + }, + { + "name": "USN-1913-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1913-1" + }, + { + "name": "SUSE-SU-2013:1473", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html" + }, + { + "name": "https://github.com/torvalds/linux/commit/a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887" + }, + { + "name": "USN-1938-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1938-1" + }, + { + "name": "RHSA-2013:1645", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html" + }, + { + "name": "USN-1944-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1944-1" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887" + }, + { + "name": "USN-1945-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1945-1" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2", + "refsource": "CONFIRM", + "url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2" + }, + { + "name": "DSA-2766", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2013/dsa-2766" + }, + { + "name": "openSUSE-SU-2013:1971", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html" + }, + { + "name": "SUSE-SU-2013:1474", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html" + }, + { + "name": "USN-1947-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1947-1" + }, + { + "name": "[oss-security] 20130702 Re: CVE Request: information leak in AF_KEY notify messages", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2013/07/02/7" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=980995", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=980995" + }, + { + "name": "USN-1941-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1941-1" + }, + { + "name": "USN-1942-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1942-1" + }, + { + "name": "USN-1912-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1912-1" + }, + { + "name": "USN-1946-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1946-1" + } + ] + } +} \ No newline at end of file diff --git a/2013/2xxx/CVE-2013-2468.json b/2013/2xxx/CVE-2013-2468.json index 3e31cef9547..ac16dff58a1 100644 --- a/2013/2xxx/CVE-2013-2468.json +++ b/2013/2xxx/CVE-2013-2468.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2013-2468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2466." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2013-2468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644197" - }, - { - "name" : "HPSBUX02907", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137545505800971&w=2" - }, - { - "name" : "HPSBUX02908", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=137545592101387&w=2" - }, - { - "name" : "RHSA-2013:0963", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0963.html" - }, - { - "name" : "RHSA-2013:1060", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1060.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "RHSA-2013:1059", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1059.html" - }, - { - "name" : "RHSA-2014:0414", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2014:0414" - }, - { - "name" : "SUSE-SU-2013:1305", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" - }, - { - "name" : "SUSE-SU-2013:1255", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" - }, - { - "name" : "SUSE-SU-2013:1256", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" - }, - { - "name" : "SUSE-SU-2013:1257", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" - }, - { - "name" : "TA13-169A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/ncas/alerts/TA13-169A" - }, - { - "name" : "60637", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/60637" - }, - { - "name" : "oval:org.mitre.oval:def:17206", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17206" - }, - { - "name" : "oval:org.mitre.oval:def:19478", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19478" - }, - { - "name" : "oval:org.mitre.oval:def:19605", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19605" - }, - { - "name" : "54154", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2466." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:1060", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html" + }, + { + "name": "HPSBUX02908", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137545592101387&w=2" + }, + { + "name": "RHSA-2014:0414", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2014:0414" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" + }, + { + "name": "SUSE-SU-2013:1257", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" + }, + { + "name": "oval:org.mitre.oval:def:19478", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19478" + }, + { + "name": "HPSBUX02907", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=137545505800971&w=2" + }, + { + "name": "SUSE-SU-2013:1256", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" + }, + { + "name": "54154", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54154" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "RHSA-2013:1059", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html" + }, + { + "name": "oval:org.mitre.oval:def:19605", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19605" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197" + }, + { + "name": "TA13-169A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/ncas/alerts/TA13-169A" + }, + { + "name": "RHSA-2013:0963", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0963.html" + }, + { + "name": "SUSE-SU-2013:1255", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "oval:org.mitre.oval:def:17206", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17206" + }, + { + "name": "60637", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/60637" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" + }, + { + "name": "SUSE-SU-2013:1305", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11141.json b/2017/11xxx/CVE-2017-11141.json index adc685f7cb2..c710556c20c 100644 --- a/2017/11xxx/CVE-2017-11141.json +++ b/2017/11xxx/CVE-2017-11141.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ReadMATImage function in coders\\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/469", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/469" - }, - { - "name" : "99506", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99506" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ReadMATImage function in coders\\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99506", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99506" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/469", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/469" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11576.json b/2017/11xxx/CVE-2017-11576.json index 3c53f763ab0..40b1aac1e93 100644 --- a/2017/11xxx/CVE-2017-11576.json +++ b/2017/11xxx/CVE-2017-11576.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/fontforge/fontforge/issues/3091", - "refsource" : "MISC", - "url" : "https://github.com/fontforge/fontforge/issues/3091" - }, - { - "name" : "DSA-3958", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3958" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3958", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3958" + }, + { + "name": "https://github.com/fontforge/fontforge/issues/3091", + "refsource": "MISC", + "url": "https://github.com/fontforge/fontforge/issues/3091" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11724.json b/2017/11xxx/CVE-2017-11724.json index d5c6505d98a..02e2c4e6fb0 100644 --- a/2017/11xxx/CVE-2017-11724.json +++ b/2017/11xxx/CVE-2017-11724.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11724", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11724", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/624", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/624" - }, - { - "name" : "GLSA-201711-07", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201711-07" - }, - { - "name" : "104597", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201711-07", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201711-07" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/624", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/624" + }, + { + "name": "104597", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104597" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11800.json b/2017/11xxx/CVE-2017-11800.json index 6360bcaf51a..7fefcd612d2 100644 --- a/2017/11xxx/CVE-2017-11800.json +++ b/2017/11xxx/CVE-2017-11800.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-11800", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-11800", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11800", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11800" - }, - { - "name" : "101127", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101127" - }, - { - "name" : "1039529", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039529" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039529", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039529" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11800", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11800" + }, + { + "name": "101127", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101127" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14073.json b/2017/14xxx/CVE-2017-14073.json index 9414c8e1321..781d4ff35e7 100644 --- a/2017/14xxx/CVE-2017-14073.json +++ b/2017/14xxx/CVE-2017-14073.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14073", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14073", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14406.json b/2017/14xxx/CVE-2017-14406.json index 43b048907b5..92128dd4830 100644 --- a/2017/14xxx/CVE-2017-14406.json +++ b/2017/14xxx/CVE-2017-14406.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A NULL pointer dereference was discovered in sync_buffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/09/08/mp3gain-null-pointer-dereference-in-sync_buffer-mpglibdblinterface-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/09/08/mp3gain-null-pointer-dereference-in-sync_buffer-mpglibdblinterface-c/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A NULL pointer dereference was discovered in sync_buffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/09/08/mp3gain-null-pointer-dereference-in-sync_buffer-mpglibdblinterface-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/09/08/mp3gain-null-pointer-dereference-in-sync_buffer-mpglibdblinterface-c/" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14498.json b/2017/14xxx/CVE-2017-14498.json index aeacc8fa97b..606dafd9e58 100644 --- a/2017/14xxx/CVE-2017-14498.json +++ b/2017/14xxx/CVE-2017-14498.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lists.openwall.net/full-disclosure/2017/09/14/2", - "refsource" : "MISC", - "url" : "http://lists.openwall.net/full-disclosure/2017/09/14/2" - }, - { - "name" : "https://docs.silverstripe.org/en/3/changelogs/3.6.1", - "refsource" : "MISC", - "url" : "https://docs.silverstripe.org/en/3/changelogs/3.6.1" - }, - { - "name" : "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a", - "refsource" : "MISC", - "url" : "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a" - }, - { - "name" : "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39", - "refsource" : "MISC", - "url" : "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lists.openwall.net/full-disclosure/2017/09/14/2", + "refsource": "MISC", + "url": "http://lists.openwall.net/full-disclosure/2017/09/14/2" + }, + { + "name": "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a", + "refsource": "MISC", + "url": "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a" + }, + { + "name": "https://docs.silverstripe.org/en/3/changelogs/3.6.1", + "refsource": "MISC", + "url": "https://docs.silverstripe.org/en/3/changelogs/3.6.1" + }, + { + "name": "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39", + "refsource": "MISC", + "url": "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39" + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14654.json b/2017/14xxx/CVE-2017-14654.json index 3039e6bf89e..fc16a156344 100644 --- a/2017/14xxx/CVE-2017-14654.json +++ b/2017/14xxx/CVE-2017-14654.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-14654", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-14654", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14891.json b/2017/14xxx/CVE-2017-14891.json index ec4ebe7f7a6..3e917c46a4a 100644 --- a/2017/14xxx/CVE-2017-14891.json +++ b/2017/14xxx/CVE-2017-14891.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "DATE_PUBLIC" : "2018-03-26T00:00:00", - "ID" : "CVE-2017-14891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-12, the contents of the stack can get leaked due to an uninitialized variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure in Graphics" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "DATE_PUBLIC": "2018-03-26T00:00:00", + "ID": "CVE-2017-14891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android for MSM, Firefox OS for MSM, QRD Android", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=736667bf08b03fdca824e88b901c2dbdd6703a0c", - "refsource" : "MISC", - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=736667bf08b03fdca824e88b901c2dbdd6703a0c" - }, - { - "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-12, the contents of the stack can get leaked due to an uninitialized variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure in Graphics" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=736667bf08b03fdca824e88b901c2dbdd6703a0c", + "refsource": "MISC", + "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=736667bf08b03fdca824e88b901c2dbdd6703a0c" + }, + { + "name": "https://source.android.com/security/bulletin/pixel/2018-02-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/pixel/2018-02-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15118.json b/2017/15xxx/CVE-2017-15118.json index 60b2cd99041..f6d1b730f96 100644 --- a/2017/15xxx/CVE-2017-15118.json +++ b/2017/15xxx/CVE-2017-15118.json @@ -1,108 +1,108 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2017-15118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Qemu", - "version" : { - "version_data" : [ - { - "version_value" : "2.11" - } - ] - } - } - ] - }, - "vendor_name" : "QEMU" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "8.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-15118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Qemu", + "version": { + "version_data": [ + { + "version_value": "2.11" + } + ] + } + } + ] + }, + "vendor_name": "QEMU" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "43194", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/43194/" - }, - { - "name" : "http://www.openwall.com/lists/oss-security/2017/11/28/8", - "refsource" : "MISC", - "url" : "http://www.openwall.com/lists/oss-security/2017/11/28/8" - }, - { - "name" : "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html", - "refsource" : "MISC", - "url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118" - }, - { - "name" : "RHSA-2018:1104", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:1104" - }, - { - "name" : "USN-3575-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3575-1/" - }, - { - "name" : "101975", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101975" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "8.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", + "version": "3.0" + } + ], + [ + { + "vectorString": "7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118" + }, + { + "name": "RHSA-2018:1104", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:1104" + }, + { + "name": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html", + "refsource": "MISC", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html" + }, + { + "name": "USN-3575-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3575-1/" + }, + { + "name": "101975", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101975" + }, + { + "name": "http://www.openwall.com/lists/oss-security/2017/11/28/8", + "refsource": "MISC", + "url": "http://www.openwall.com/lists/oss-security/2017/11/28/8" + }, + { + "name": "43194", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/43194/" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8008.json b/2017/8xxx/CVE-2017-8008.json index 81f498c0308..216090020f1 100644 --- a/2017/8xxx/CVE-2017-8008.json +++ b/2017/8xxx/CVE-2017-8008.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8008", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-8008", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8292.json b/2017/8xxx/CVE-2017-8292.json index a167bd1dfe7..598961b3b96 100644 --- a/2017/8xxx/CVE-2017-8292.json +++ b/2017/8xxx/CVE-2017-8292.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8292", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8292", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8757.json b/2017/8xxx/CVE-2017-8757.json index 392ecedda44..e55d51e9d60 100644 --- a/2017/8xxx/CVE-2017-8757.json +++ b/2017/8xxx/CVE-2017-8757.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-09-12T00:00:00", - "ID" : "CVE-2017-8757", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way Microsoft Edge handles objects in memory, aka \"Microsoft Edge Remote Code Execution Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-09-12T00:00:00", + "ID": "CVE-2017-8757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8757", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8757" - }, - { - "name" : "100721", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100721" - }, - { - "name" : "1039326", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way Microsoft Edge handles objects in memory, aka \"Microsoft Edge Remote Code Execution Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8757", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8757" + }, + { + "name": "100721", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100721" + }, + { + "name": "1039326", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039326" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12020.json b/2018/12xxx/CVE-2018-12020.json index bfb20e5c310..560de538a72 100644 --- a/2018/12xxx/CVE-2018-12020.json +++ b/2018/12xxx/CVE-2018-12020.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12020", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the \"--status-fd 2\" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12020", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2018/06/08/2", - "refsource" : "MISC", - "url" : "http://openwall.com/lists/oss-security/2018/06/08/2" - }, - { - "name" : "https://dev.gnupg.org/T4012", - "refsource" : "MISC", - "url" : "https://dev.gnupg.org/T4012" - }, - { - "name" : "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html", - "refsource" : "MISC", - "url" : "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html" - }, - { - "name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", - "refsource" : "CONFIRM", - "url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" - }, - { - "name" : "DSA-4222", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4222" - }, - { - "name" : "DSA-4223", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4223" - }, - { - "name" : "DSA-4224", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4224" - }, - { - "name" : "RHSA-2018:2180", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2180" - }, - { - "name" : "RHSA-2018:2181", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2181" - }, - { - "name" : "USN-3675-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3675-1/" - }, - { - "name" : "USN-3675-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3675-2/" - }, - { - "name" : "USN-3675-3", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3675-3/" - }, - { - "name" : "104450", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104450" - }, - { - "name" : "1041051", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the \"--status-fd 2\" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3675-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3675-2/" + }, + { + "name": "RHSA-2018:2180", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2180" + }, + { + "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html", + "refsource": "MISC", + "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html" + }, + { + "name": "http://openwall.com/lists/oss-security/2018/06/08/2", + "refsource": "MISC", + "url": "http://openwall.com/lists/oss-security/2018/06/08/2" + }, + { + "name": "DSA-4222", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4222" + }, + { + "name": "RHSA-2018:2181", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2181" + }, + { + "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", + "refsource": "CONFIRM", + "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" + }, + { + "name": "DSA-4224", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4224" + }, + { + "name": "104450", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104450" + }, + { + "name": "DSA-4223", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4223" + }, + { + "name": "USN-3675-3", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3675-3/" + }, + { + "name": "1041051", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041051" + }, + { + "name": "USN-3675-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3675-1/" + }, + { + "name": "https://dev.gnupg.org/T4012", + "refsource": "MISC", + "url": "https://dev.gnupg.org/T4012" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12556.json b/2018/12xxx/CVE-2018-12556.json index fc1951a0ef7..943d9708bde 100644 --- a/2018/12xxx/CVE-2018-12556.json +++ b/2018/12xxx/CVE-2018-12556.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12556", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12556", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12732.json b/2018/12xxx/CVE-2018-12732.json index 6e3e246c9a6..5df2b9e55ef 100644 --- a/2018/12xxx/CVE-2018-12732.json +++ b/2018/12xxx/CVE-2018-12732.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12732", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12732", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13401.json b/2018/13xxx/CVE-2018-13401.json index 0198860f076..86129afcbf8 100644 --- a/2018/13xxx/CVE-2018-13401.json +++ b/2018/13xxx/CVE-2018-13401.json @@ -1,125 +1,125 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-10-23T00:00:00", - "ID" : "CVE-2018-13401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jira", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "7.6.9" - }, - { - "version_affected" : ">=", - "version_value" : "7.7.0" - }, - { - "version_affected" : "<", - "version_value" : "7.7.5" - }, - { - "version_affected" : ">=", - "version_value" : "7.8.0" - }, - { - "version_affected" : "<", - "version_value" : "7.8.5" - }, - { - "version_affected" : ">=", - "version_value" : "7.9.0" - }, - { - "version_affected" : "<", - "version_value" : "7.9.3" - }, - { - "version_affected" : ">=", - "version_value" : "7.10.0" - }, - { - "version_affected" : "<", - "version_value" : "7.10.3" - }, - { - "version_affected" : ">=", - "version_value" : "7.11.0" - }, - { - "version_affected" : "<", - "version_value" : "7.11.3" - }, - { - "version_affected" : ">=", - "version_value" : "7.12.0" - }, - { - "version_affected" : "<", - "version_value" : "7.12.3" - }, - { - "version_affected" : ">=", - "version_value" : "7.13.0" - }, - { - "version_affected" : "<", - "version_value" : "7.13.1" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "URL Redirection to Untrusted Site ('Open Redirect')" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-10-23T00:00:00", + "ID": "CVE-2018-13401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.6.9" + }, + { + "version_affected": ">=", + "version_value": "7.7.0" + }, + { + "version_affected": "<", + "version_value": "7.7.5" + }, + { + "version_affected": ">=", + "version_value": "7.8.0" + }, + { + "version_affected": "<", + "version_value": "7.8.5" + }, + { + "version_affected": ">=", + "version_value": "7.9.0" + }, + { + "version_affected": "<", + "version_value": "7.9.3" + }, + { + "version_affected": ">=", + "version_value": "7.10.0" + }, + { + "version_affected": "<", + "version_value": "7.10.3" + }, + { + "version_affected": ">=", + "version_value": "7.11.0" + }, + { + "version_affected": "<", + "version_value": "7.11.3" + }, + { + "version_affected": ">=", + "version_value": "7.12.0" + }, + { + "version_affected": "<", + "version_value": "7.12.3" + }, + { + "version_affected": ">=", + "version_value": "7.13.0" + }, + { + "version_affected": "<", + "version_value": "7.13.1" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/JRASERVER-68139", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/JRASERVER-68139" - }, - { - "name" : "105751", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "URL Redirection to Untrusted Site ('Open Redirect')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105751", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105751" + }, + { + "name": "https://jira.atlassian.com/browse/JRASERVER-68139", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/JRASERVER-68139" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13648.json b/2018/13xxx/CVE-2018-13648.json index f8b88bdecad..ce8e843cd5b 100644 --- a/2018/13xxx/CVE-2018-13648.json +++ b/2018/13xxx/CVE-2018-13648.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for BGC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BGC", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BGC" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for BGC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BGC", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BGC" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13947.json b/2018/13xxx/CVE-2018-13947.json index b9dd472ce1a..969c0745142 100644 --- a/2018/13xxx/CVE-2018-13947.json +++ b/2018/13xxx/CVE-2018-13947.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13947", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13947", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16147.json b/2018/16xxx/CVE-2018-16147.json index d4a13dcce74..b010fcf6623 100644 --- a/2018/16xxx/CVE-2018-16147.json +++ b/2018/16xxx/CVE-2018-16147.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180904 [CORE-2018-0008] - Opsview Monitor Multiple Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "https://seclists.org/fulldisclosure/2018/Sep/3" - }, - { - "name" : "https://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities" - }, - { - "name" : "https://knowledge.opsview.com/v5.3/docs/whats-new", - "refsource" : "CONFIRM", - "url" : "https://knowledge.opsview.com/v5.3/docs/whats-new" - }, - { - "name" : "https://knowledge.opsview.com/v5.4/docs/whats-new", - "refsource" : "CONFIRM", - "url" : "https://knowledge.opsview.com/v5.4/docs/whats-new" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://knowledge.opsview.com/v5.4/docs/whats-new", + "refsource": "CONFIRM", + "url": "https://knowledge.opsview.com/v5.4/docs/whats-new" + }, + { + "name": "20180904 [CORE-2018-0008] - Opsview Monitor Multiple Vulnerabilities", + "refsource": "FULLDISC", + "url": "https://seclists.org/fulldisclosure/2018/Sep/3" + }, + { + "name": "https://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities", + "refsource": "MISC", + "url": "https://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities" + }, + { + "name": "https://knowledge.opsview.com/v5.3/docs/whats-new", + "refsource": "CONFIRM", + "url": "https://knowledge.opsview.com/v5.3/docs/whats-new" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16396.json b/2018/16xxx/CVE-2018-16396.json index aa134523c7c..350db0a0837 100644 --- a/2018/16xxx/CVE-2018-16396.json +++ b/2018/16xxx/CVE-2018-16396.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16396", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html" - }, - { - "name" : "https://hackerone.com/reports/385070", - "refsource" : "MISC", - "url" : "https://hackerone.com/reports/385070" - }, - { - "name" : "https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/", - "refsource" : "CONFIRM", - "url" : "https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/" - }, - { - "name" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/", - "refsource" : "CONFIRM", - "url" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/" - }, - { - "name" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/", - "refsource" : "CONFIRM", - "url" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/" - }, - { - "name" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/", - "refsource" : "CONFIRM", - "url" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/" - }, - { - "name" : "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/", - "refsource" : "CONFIRM", - "url" : "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190221-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190221-0002/" - }, - { - "name" : "DSA-4332", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4332" - }, - { - "name" : "RHSA-2018:3729", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3729" - }, - { - "name" : "RHSA-2018:3730", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3730" - }, - { - "name" : "RHSA-2018:3731", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3731" - }, - { - "name" : "USN-3808-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3808-1/" - }, - { - "name" : "1042106", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1042106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://hackerone.com/reports/385070", + "refsource": "MISC", + "url": "https://hackerone.com/reports/385070" + }, + { + "name": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/", + "refsource": "CONFIRM", + "url": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/" + }, + { + "name": "RHSA-2018:3729", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3729" + }, + { + "name": "RHSA-2018:3730", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3730" + }, + { + "name": "RHSA-2018:3731", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3731" + }, + { + "name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/", + "refsource": "CONFIRM", + "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/" + }, + { + "name": "DSA-4332", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4332" + }, + { + "name": "USN-3808-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3808-1/" + }, + { + "name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/", + "refsource": "CONFIRM", + "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190221-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190221-0002/" + }, + { + "name": "https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/", + "refsource": "CONFIRM", + "url": "https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/" + }, + { + "name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/", + "refsource": "CONFIRM", + "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/" + }, + { + "name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html" + }, + { + "name": "1042106", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1042106" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16763.json b/2018/16xxx/CVE-2018-16763.json index 0d0c79cbfb9..df1aac8502e 100644 --- a/2018/16xxx/CVE-2018-16763.json +++ b/2018/16xxx/CVE-2018-16763.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16763", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/daylightstudio/FUEL-CMS/issues/478", - "refsource" : "MISC", - "url" : "https://github.com/daylightstudio/FUEL-CMS/issues/478" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/daylightstudio/FUEL-CMS/issues/478", + "refsource": "MISC", + "url": "https://github.com/daylightstudio/FUEL-CMS/issues/478" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16785.json b/2018/16xxx/CVE-2018-16785.json index faf590ebed8..4055c04d43e 100644 --- a/2018/16xxx/CVE-2018-16785.json +++ b/2018/16xxx/CVE-2018-16785.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ky-j/dedecms/issues/4", - "refsource" : "MISC", - "url" : "https://github.com/ky-j/dedecms/issues/4" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ky-j/dedecms/issues/4", + "refsource": "MISC", + "url": "https://github.com/ky-j/dedecms/issues/4" + } + ] + } +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16803.json b/2018/16xxx/CVE-2018-16803.json index da1f9fddf62..2c982ecf8c1 100644 --- a/2018/16xxx/CVE-2018-16803.json +++ b/2018/16xxx/CVE-2018-16803.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-16803", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-16803", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://twitter.com/DC3VDP/status/1083359509995753473", - "refsource" : "MISC", - "url" : "https://twitter.com/DC3VDP/status/1083359509995753473" - }, - { - "name" : "https://www.linkedin.com/feed/update/urn:li:activity:6489145511902212096/", - "refsource" : "MISC", - "url" : "https://www.linkedin.com/feed/update/urn:li:activity:6489145511902212096/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.linkedin.com/feed/update/urn:li:activity:6489145511902212096/", + "refsource": "MISC", + "url": "https://www.linkedin.com/feed/update/urn:li:activity:6489145511902212096/" + }, + { + "name": "https://twitter.com/DC3VDP/status/1083359509995753473", + "refsource": "MISC", + "url": "https://twitter.com/DC3VDP/status/1083359509995753473" + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4585.json b/2018/4xxx/CVE-2018-4585.json index ace041334c4..8fe0c1b150c 100644 --- a/2018/4xxx/CVE-2018-4585.json +++ b/2018/4xxx/CVE-2018-4585.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-4585", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-4585", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4905.json b/2018/4xxx/CVE-2018-4905.json index 043204d3b7f..b980e1cef17 100644 --- a/2018/4xxx/CVE-2018-4905.json +++ b/2018/4xxx/CVE-2018-4905.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-4905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-4905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" - }, - { - "name" : "102996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102996" - }, - { - "name" : "1040364", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040364" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102996" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" + }, + { + "name": "1040364", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040364" + } + ] + } +} \ No newline at end of file