admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:06:34 +00:00
parent 4437d2b323
commit 430d9327b2
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
61 changed files with 4124 additions and 4124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

230
2003/0xxx/CVE-2003-0102.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0102",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104680706201721&w=2"
},
{
"name" : "http://www.idefense.com/advisory/03.04.03.txt",
"refsource" : "MISC",
"url" : "http://www.idefense.com/advisory/03.04.03.txt"
},
{
"name" : "DSA-260",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-260"
},
{
"name" : "IMNX-2003-7+-012-01",
"refsource" : "IMMUNIX",
"url" : "http://lwn.net/Alerts/34908/"
},
{
"name" : "MDKSA-2003:030",
"refsource" : "MANDRAKE",
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030"
},
{
"name" : "NetBSD-SA2003-003",
"refsource" : "NETBSD",
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc"
},
{
"name" : "SuSE-SA:2003:017",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2003_017_file.html"
},
{
"name" : "RHSA-2003:086",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-086.html"
},
{
"name" : "RHSA-2003:087",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-087.html"
},
{
"name" : "VU#611865",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/611865"
},
{
"name" : "7008",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7008"
},
{
"name" : "file-afctr-read-bo(11469)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11469"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.idefense.com/advisory/03.04.03.txt",
"refsource": "MISC",
"url": "http://www.idefense.com/advisory/03.04.03.txt"
},
{
"name": "file-afctr-read-bo(11469)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11469"
},
{
"name": "NetBSD-SA2003-003",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc"
},
{
"name": "RHSA-2003:087",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-087.html"
},
{
"name": "SuSE-SA:2003:017",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_017_file.html"
},
{
"name": "7008",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7008"
},
{
"name": "20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104680706201721&w=2"
},
{
"name": "IMNX-2003-7+-012-01",
"refsource": "IMMUNIX",
"url": "http://lwn.net/Alerts/34908/"
},
{
"name": "RHSA-2003:086",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-086.html"
},
{
"name": "DSA-260",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-260"
},
{
"name": "VU#611865",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/611865"
},
{
"name": "MDKSA-2003:030",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030"
}
]
}
}

260
2003/0xxx/CVE-2003-0132.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0132",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030408 iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.x",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104982175321731&w=2"
},
{
"name" : "http://www.idefense.com/advisory/04.08.03.txt",
"refsource" : "MISC",
"url" : "http://www.idefense.com/advisory/04.08.03.txt"
},
{
"name" : "20030402 [ANNOUNCE] Apache 2.0.45 Released",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104931360606484&w=2"
},
{
"name" : "20030408 Exploit Code Released for Apache 2.x Memory Leak",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104994309010974&w=2"
},
{
"name" : "20030409 GLSA: apache (200304-01)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104994239010517&w=2"
},
{
"name" : "20030410 working apache <= 2.0.44 DoS exploit for linux.",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105001663120995&w=2"
},
{
"name" : "20030411 PATCH: [CAN-2003-0132] Apache 2.0.44 Denial of Service",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105013378320711&w=2"
},
{
"name" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147",
"refsource" : "MISC",
"url" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147"
},
{
"name" : "RHSA-2003:139",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-139.html"
},
{
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html",
"refsource" : "CONFIRM",
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html"
},
{
"name" : "VU#206537",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/206537"
},
{
"name" : "oval:org.mitre.oval:def:156",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A156"
},
{
"name" : "8499",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/8499"
},
{
"name" : "34920",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34920"
},
{
"name" : "ADV-2009-1233",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1233"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030409 GLSA: apache (200304-01)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104994239010517&w=2"
},
{
"name": "ADV-2009-1233",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1233"
},
{
"name": "20030411 PATCH: [CAN-2003-0132] Apache 2.0.44 Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105013378320711&w=2"
},
{
"name": "http://www.idefense.com/advisory/04.08.03.txt",
"refsource": "MISC",
"url": "http://www.idefense.com/advisory/04.08.03.txt"
},
{
"name": "20030408 iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.x",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104982175321731&w=2"
},
{
"name": "34920",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34920"
},
{
"name": "oval:org.mitre.oval:def:156",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A156"
},
{
"name": "8499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8499"
},
{
"name": "20030410 working apache <= 2.0.44 DoS exploit for linux.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105001663120995&w=2"
},
{
"name": "RHSA-2003:139",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-139.html"
},
{
"name": "http://lists.apple.com/mhonarc/security-announce/msg00028.html",
"refsource": "CONFIRM",
"url": "http://lists.apple.com/mhonarc/security-announce/msg00028.html"
},
{
"name": "20030402 [ANNOUNCE] Apache 2.0.45 Released",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104931360606484&w=2"
},
{
"name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147",
"refsource": "MISC",
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147"
},
{
"name": "20030408 Exploit Code Released for Apache 2.x Memory Leak",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104994309010974&w=2"
},
{
"name": "VU#206537",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/206537"
}
]
}
}

130
2003/0xxx/CVE-2003-0498.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0498",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030701 Caché Insecure Installation File and Directory Permissions",
"refsource" : "IDEFENSE",
"url" : "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7"
},
{
"name" : "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/",
"refsource" : "CONFIRM",
"url" : "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cach\u00e9 Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030701 Cach\u00e9 Insecure Installation File and Directory Permissions",
"refsource": "IDEFENSE",
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7"
},
{
"name": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/",
"refsource": "CONFIRM",
"url": "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/"
}
]
}
}

140
2003/0xxx/CVE-2003-0936.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0936",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20031113 SRT2003-11-13-0218 - PCAnywhere local SYSTEM exploit",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=106875764826251&w=2"
},
{
"name" : "20031113 RE: Secure Network Operations SRT2003-11-13-0218, PCAnywhere allows local users to become SYSTEM",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=106876107330752&w=2"
},
{
"name" : "http://securityresponse.symantec.com/avcenter/security/Content/2003.11.13.html",
"refsource" : "CONFIRM",
"url" : "http://securityresponse.symantec.com/avcenter/security/Content/2003.11.13.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2003.11.13.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2003.11.13.html"
},
{
"name": "20031113 RE: Secure Network Operations SRT2003-11-13-0218, PCAnywhere allows local users to become SYSTEM",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106876107330752&w=2"
},
{
"name": "20031113 SRT2003-11-13-0218 - PCAnywhere local SYSTEM exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106875764826251&w=2"
}
]
}
}

170
2003/1xxx/CVE-2003-1139.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1139",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Musicqueue 1.2.0 allows local users to overwrite arbitrary files by triggering a segmentation fault and using a symlink attack on the resulting musicqueue.crash file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20031027 Musicqueue multiple local vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/342476"
},
{
"name" : "20031027 Musicqueue multiple local vulnerabilities",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0021.html"
},
{
"name" : "8899",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8899"
},
{
"name" : "10104",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10104"
},
{
"name" : "1008014",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1008014"
},
{
"name" : "musicqueue-tmpfile-symlink(13520)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13520"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Musicqueue 1.2.0 allows local users to overwrite arbitrary files by triggering a segmentation fault and using a symlink attack on the resulting musicqueue.crash file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10104",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10104"
},
{
"name": "1008014",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1008014"
},
{
"name": "8899",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8899"
},
{
"name": "20031027 Musicqueue multiple local vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/342476"
},
{
"name": "musicqueue-tmpfile-symlink(13520)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13520"
},
{
"name": "20031027 Musicqueue multiple local vulnerabilities",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0021.html"
}
]
}
}

160
2003/1xxx/CVE-2003-1207.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1207",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Crob FTP Server 3.5.1 allows remote authenticated users to cause a denial of service (crash) via a dir command with a large number of \".\" characters followed by a \"/*\" string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040201 Vulnerabilities in Crob FTP Server V3.5.1",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/352329"
},
{
"name" : "9549",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9549"
},
{
"name" : "1008908",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1008908"
},
{
"name" : "10778",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10778"
},
{
"name" : "crob-dir-dos(15105)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15105"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Crob FTP Server 3.5.1 allows remote authenticated users to cause a denial of service (crash) via a dir command with a large number of \".\" characters followed by a \"/*\" string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10778"
},
{
"name": "1008908",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1008908"
},
{
"name": "20040201 Vulnerabilities in Crob FTP Server V3.5.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/352329"
},
{
"name": "9549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9549"
},
{
"name": "crob-dir-dos(15105)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15105"
}
]
}
}

140
2003/1xxx/CVE-2003-1214.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1214",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in the server login for VisualShapers ezContents 2.02 and earlier allows remote attackers to bypass access restrictions and gain access to restricted functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ezcontents.org/forum/viewtopic.php?t=361",
"refsource" : "CONFIRM",
"url" : "http://www.ezcontents.org/forum/viewtopic.php?t=361"
},
{
"name" : "10839",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10839"
},
{
"name" : "ezcontents-login-bypass(15136)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15136"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in the server login for VisualShapers ezContents 2.02 and earlier allows remote attackers to bypass access restrictions and gain access to restricted functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10839",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10839"
},
{
"name": "http://www.ezcontents.org/forum/viewtopic.php?t=361",
"refsource": "CONFIRM",
"url": "http://www.ezcontents.org/forum/viewtopic.php?t=361"
},
{
"name": "ezcontents-login-bypass(15136)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15136"
}
]
}
}

150
2003/1xxx/CVE-2003-1438.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1438",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "BEA03-26.01",
"refsource" : "BEA",
"url" : "http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-26.01.jsp"
},
{
"name" : "6717",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6717"
},
{
"name" : "1006018",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1006018"
},
{
"name" : "weblogic-clustered-race-condition(11221)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11221"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "BEA03-26.01",
"refsource": "BEA",
"url": "http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-26.01.jsp"
},
{
"name": "1006018",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1006018"
},
{
"name": "6717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6717"
},
{
"name": "weblogic-clustered-race-condition(11221)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11221"
}
]
}
}

180
2004/0xxx/CVE-2004-0047.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0047",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple programs in trr19 1.0 do not properly drop privileges before executing a system command, which could allow local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-430",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-430"
},
{
"name" : "9520",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9520"
},
{
"name" : "3747",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3747"
},
{
"name" : "1008875",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1008875"
},
{
"name" : "10744",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10744/"
},
{
"name" : "10745",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10745"
},
{
"name" : "trr19-gain-privileges(14975)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14975"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple programs in trr19 1.0 do not properly drop privileges before executing a system command, which could allow local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "trr19-gain-privileges(14975)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14975"
},
{
"name": "10745",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10745"
},
{
"name": "9520",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9520"
},
{
"name": "DSA-430",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-430"
},
{
"name": "3747",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3747"
},
{
"name": "1008875",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1008875"
},
{
"name": "10744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10744/"
}
]
}
}

160
2004/0xxx/CVE-2004-0667.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0667",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows access to sys_creat, sys_open, and sys_mknod inside jails, which could allow local users to gain elevated privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040630 rsbac 1.2.3 jail security problems",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108861182906067&w=2"
},
{
"name" : "20040702 Announce: RSBAC v1.2.3 released",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108879977120430&w=2"
},
{
"name" : "http://www.rsbac.org/download/bugfixes/",
"refsource" : "CONFIRM",
"url" : "http://www.rsbac.org/download/bugfixes/"
},
{
"name" : "rsbac-jail-gain-privileges(16552)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16552"
},
{
"name" : "10640",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10640"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows access to sys_creat, sys_open, and sys_mknod inside jails, which could allow local users to gain elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040702 Announce: RSBAC v1.2.3 released",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108879977120430&w=2"
},
{
"name": "20040630 rsbac 1.2.3 jail security problems",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108861182906067&w=2"
},
{
"name": "10640",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10640"
},
{
"name": "http://www.rsbac.org/download/bugfixes/",
"refsource": "CONFIRM",
"url": "http://www.rsbac.org/download/bugfixes/"
},
{
"name": "rsbac-jail-gain-privileges(16552)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16552"
}
]
}
}

150
2004/0xxx/CVE-2004-0833.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0833",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-554",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-554"
},
{
"name" : "11262",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11262"
},
{
"name" : "12667",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12667"
},
{
"name" : "sendmail-mail-relay(17531)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17531"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sendmail-mail-relay(17531)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17531"
},
{
"name": "12667",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12667"
},
{
"name": "DSA-554",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-554"
},
{
"name": "11262",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11262"
}
]
}
}

130
2004/2xxx/CVE-2004-2247.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2247",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in the \"admin of paypal email addresses\" in AudienceConnect before 1.0.beta.21 has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=98629&release_id=279700",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=98629&release_id=279700"
},
{
"name" : "11443",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/11443"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in the \"admin of paypal email addresses\" in AudienceConnect before 1.0.beta.21 has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=98629&release_id=279700",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=98629&release_id=279700"
},
{
"name": "11443",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11443"
}
]
}
}

160
2004/2xxx/CVE-2004-2421.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2421",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7, when running on HP-UX in trusted mode, allows attackers to bypass authentication and gain administrator rights."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.hitachi-support.com/security_e/vuls_e/HS04-004_e/index-e.html",
"refsource" : "CONFIRM",
"url" : "http://www.hitachi-support.com/security_e/vuls_e/HS04-004_e/index-e.html"
},
{
"name" : "11012",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11012"
},
{
"name" : "1011023",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1011023"
},
{
"name" : "12050",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12050"
},
{
"name" : "hitachi-jp1ftp-authentication(17074)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17074"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7, when running on HP-UX in trusted mode, allows attackers to bypass authentication and gain administrator rights."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12050",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12050"
},
{
"name": "11012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11012"
},
{
"name": "1011023",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011023"
},
{
"name": "http://www.hitachi-support.com/security_e/vuls_e/HS04-004_e/index-e.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi-support.com/security_e/vuls_e/HS04-004_e/index-e.html"
},
{
"name": "hitachi-jp1ftp-authentication(17074)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17074"
}
]
}
}

150
2008/2xxx/CVE-2008-2063.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2063",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows remote attackers to execute arbitrary SQL commands via the category parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5520",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5520"
},
{
"name" : "28979",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28979"
},
{
"name" : "29991",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29991"
},
{
"name" : "joovili-category-sql-injection(42086)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42086"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows remote attackers to execute arbitrary SQL commands via the category parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29991"
},
{
"name": "28979",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28979"
},
{
"name": "5520",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5520"
},
{
"name": "joovili-category-sql-injection(42086)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42086"
}
]
}
}

200
2008/2xxx/CVE-2008-2232.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2232",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The expand_template function in afuse.c in afuse 0.2 allows local users to gain privileges via shell metacharacters in a pathname."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490921",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490921"
},
{
"name" : "DSA-1611",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1611"
},
{
"name" : "FEDORA-2009-8792",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00921.html"
},
{
"name" : "FEDORA-2009-8816",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00947.html"
},
{
"name" : "30245",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30245"
},
{
"name" : "31086",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31086"
},
{
"name" : "31131",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31131"
},
{
"name" : "36358",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36358"
},
{
"name" : "afuse-filenames-command-execution(43834)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43834"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The expand_template function in afuse.c in afuse 0.2 allows local users to gain privileges via shell metacharacters in a pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30245"
},
{
"name": "DSA-1611",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1611"
},
{
"name": "31086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31086"
},
{
"name": "afuse-filenames-command-execution(43834)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43834"
},
{
"name": "31131",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31131"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490921",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490921"
},
{
"name": "FEDORA-2009-8792",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00921.html"
},
{
"name": "36358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36358"
},
{
"name": "FEDORA-2009-8816",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00947.html"
}
]
}
}

170
2008/2xxx/CVE-2008-2301.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2301",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Kostenloses Linkmanagementscript allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) top_view.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080515 Kostenloses Linkmanagementscript SQL Injection Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/492111/100/0/threaded"
},
{
"name" : "5623",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5623"
},
{
"name" : "29236",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29236"
},
{
"name" : "30201",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30201"
},
{
"name" : "3893",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3893"
},
{
"name" : "kostenloses-view-sql-injection(42455)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42455"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Kostenloses Linkmanagementscript allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) top_view.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3893",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3893"
},
{
"name": "kostenloses-view-sql-injection(42455)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42455"
},
{
"name": "30201",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30201"
},
{
"name": "20080515 Kostenloses Linkmanagementscript SQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492111/100/0/threaded"
},
{
"name": "29236",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29236"
},
{
"name": "5623",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5623"
}
]
}
}

200
2008/2xxx/CVE-2008-2714.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2714",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera before 9.26 allows remote attackers to misrepresent web page addresses using \"certain characters\" that \"cause the page address text to be misplaced.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.opera.com/docs/changelogs/linux/950/#security",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/linux/950/#security"
},
{
"name" : "http://www.opera.com/docs/changelogs/windows/950/#security",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/windows/950/#security"
},
{
"name" : "http://www.opera.com/support/search/view/878/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/support/search/view/878/"
},
{
"name" : "SUSE-SA:2008:029",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00005.html"
},
{
"name" : "29684",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29684"
},
{
"name" : "ADV-2008-1812",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1812"
},
{
"name" : "30636",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30636"
},
{
"name" : "30682",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30682"
},
{
"name" : "opera-pageaddress-spoofing(43035)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43035"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera before 9.26 allows remote attackers to misrepresent web page addresses using \"certain characters\" that \"cause the page address text to be misplaced.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29684",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29684"
},
{
"name": "ADV-2008-1812",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1812"
},
{
"name": "opera-pageaddress-spoofing(43035)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43035"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/950/#security",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/950/#security"
},
{
"name": "SUSE-SA:2008:029",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00005.html"
},
{
"name": "http://www.opera.com/docs/changelogs/linux/950/#security",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/linux/950/#security"
},
{
"name": "http://www.opera.com/support/search/view/878/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/search/view/878/"
},
{
"name": "30682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30682"
},
{
"name": "30636",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30636"
}
]
}
}

490
2008/2xxx/CVE-2008-2933.json
View File

@ -1,247 +1,247 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2933",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-2933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080729 rPSA-2008-0238-1 firefox",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/494860/100/0/threaded"
},
{
"name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-35.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-35.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=441120",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=441120"
},
{
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238"
},
{
"name" : "https://issues.rpath.com/browse/RPL-2683",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-2683"
},
{
"name" : "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5031400",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5031400"
},
{
"name" : "DSA-1614",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1614"
},
{
"name" : "DSA-1615",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1615"
},
{
"name" : "DSA-1697",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1697"
},
{
"name" : "GLSA-200808-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200808-03.xml"
},
{
"name" : "MDVSA-2008:148",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:148"
},
{
"name" : "RHSA-2008:0597",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0597.html"
},
{
"name" : "RHSA-2008:0598",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0598.html"
},
{
"name" : "SSA:2008-198-01",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.380974"
},
{
"name" : "256408",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"name" : "USN-623-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-623-1"
},
{
"name" : "USN-626-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-626-1"
},
{
"name" : "USN-626-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-626-2"
},
{
"name" : "VU#130923",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/130923"
},
{
"name" : "30242",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30242"
},
{
"name" : "oval:org.mitre.oval:def:11618",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11618"
},
{
"name" : "1020500",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020500"
},
{
"name" : "31106",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31106"
},
{
"name" : "31120",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31120"
},
{
"name" : "31121",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31121"
},
{
"name" : "31129",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31129"
},
{
"name" : "31157",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31157"
},
{
"name" : "31145",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31145"
},
{
"name" : "31176",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31176"
},
{
"name" : "31183",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31183"
},
{
"name" : "31270",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31270"
},
{
"name" : "31261",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31261"
},
{
"name" : "31306",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31306"
},
{
"name" : "31377",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31377"
},
{
"name" : "33433",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33433"
},
{
"name" : "34501",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34501"
},
{
"name" : "ADV-2009-0977",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0977"
},
{
"name" : "firefox-commandline-uri-security-bypass(43832)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43832"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5031400",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5031400"
},
{
"name": "DSA-1697",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1697"
},
{
"name": "RHSA-2008:0597",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0597.html"
},
{
"name": "31270",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31270"
},
{
"name": "31121",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31121"
},
{
"name": "ADV-2009-0977",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0977"
},
{
"name": "31145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31145"
},
{
"name": "1020500",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020500"
},
{
"name": "31377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31377"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238"
},
{
"name": "GLSA-200808-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
},
{
"name": "20080729 rPSA-2008-0238-1 firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494860/100/0/threaded"
},
{
"name": "USN-626-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-626-2"
},
{
"name": "RHSA-2008:0598",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0598.html"
},
{
"name": "31157",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31157"
},
{
"name": "33433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33433"
},
{
"name": "DSA-1614",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1614"
},
{
"name": "31183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31183"
},
{
"name": "31106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31106"
},
{
"name": "VU#130923",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/130923"
},
{
"name": "256408",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"name": "https://issues.rpath.com/browse/RPL-2683",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2683"
},
{
"name": "31261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31261"
},
{
"name": "31120",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31120"
},
{
"name": "http://www.mozilla.org/security/announce/2008/mfsa2008-35.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-35.html"
},
{
"name": "USN-623-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-623-1"
},
{
"name": "oval:org.mitre.oval:def:11618",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11618"
},
{
"name": "SSA:2008-198-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.380974"
},
{
"name": "DSA-1615",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1615"
},
{
"name": "31176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31176"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=441120",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=441120"
},
{
"name": "31129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31129"
},
{
"name": "30242",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30242"
},
{
"name": "USN-626-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-626-1"
},
{
"name": "MDVSA-2008:148",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:148"
},
{
"name": "31306",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31306"
},
{
"name": "firefox-commandline-uri-security-bypass(43832)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43832"
},
{
"name": "34501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34501"
}
]
}
}

220
2008/2xxx/CVE-2008-2953.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2953",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via \"partial file list requests\" that trigger a NULL pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=608612&group_id=40287",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=608612&group_id=40287"
},
{
"name" : "http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/ShareManager.cpp.diff?r1=1.14&r2=1.15&sortby=date",
"refsource" : "CONFIRM",
"url" : "http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/ShareManager.cpp.diff?r1=1.14&r2=1.15&sortby=date"
},
{
"name" : "FEDORA-2008-6018",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00101.html"
},
{
"name" : "FEDORA-2008-6038",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00116.html"
},
{
"name" : "29924",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29924"
},
{
"name" : "1020407",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020407"
},
{
"name" : "1020408",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020408"
},
{
"name" : "30812",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30812"
},
{
"name" : "30907",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30907"
},
{
"name" : "30918",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30918"
},
{
"name" : "dc-partialfilelist-dos(43341)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43341"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via \"partial file list requests\" that trigger a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29924"
},
{
"name": "1020407",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020407"
},
{
"name": "http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/ShareManager.cpp.diff?r1=1.14&r2=1.15&sortby=date",
"refsource": "CONFIRM",
"url": "http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/ShareManager.cpp.diff?r1=1.14&r2=1.15&sortby=date"
},
{
"name": "FEDORA-2008-6038",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00116.html"
},
{
"name": "1020408",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020408"
},
{
"name": "30812",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30812"
},
{
"name": "30907",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30907"
},
{
"name": "30918",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30918"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=608612&group_id=40287",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=608612&group_id=40287"
},
{
"name": "FEDORA-2008-6018",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00101.html"
},
{
"name": "dc-partialfilelist-dos(43341)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43341"
}
]
}
}

140
2008/6xxx/CVE-2008-6550.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6550",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in glossaire.php in Glossaire 2.0 allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/28609.html",
"refsource" : "MISC",
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/28609.html"
},
{
"name" : "28609",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28609"
},
{
"name" : "glossaire-glossaire-letter-xss(49772)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49772"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in glossaire.php in Glossaire 2.0 allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28609"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/28609.html",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/28609.html"
},
{
"name": "glossaire-glossaire-letter-xss(49772)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49772"
}
]
}
}

34
2012/1xxx/CVE-2012-1092.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1092",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-1410. Reason: This candidate is a reservation duplicate of CVE-2012-1410. Notes: All CVE users should reference CVE-2012-1410 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-1092",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-1410. Reason: This candidate is a reservation duplicate of CVE-2012-1410. Notes: All CVE users should reference CVE-2012-1410 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

34
2012/1xxx/CVE-2012-1101.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1101",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1101",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2012/1xxx/CVE-2012-1611.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1611",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive \"administrative back end\" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120403 CVE-request: Joomla 2012-04 398-20120307 399-20120308",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/03/3"
},
{
"name" : "[oss-security] 20120403 Re: CVE-request: Joomla 2012-04 398-20120307 399-20120308",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/03/5"
},
{
"name" : "http://developer.joomla.org/security/news/398-20120307-core-information-disclosure.html",
"refsource" : "CONFIRM",
"url" : "http://developer.joomla.org/security/news/398-20120307-core-information-disclosure.html"
},
{
"name" : "48683",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48683"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive \"administrative back end\" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120403 Re: CVE-request: Joomla 2012-04 398-20120307 399-20120308",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/5"
},
{
"name": "[oss-security] 20120403 CVE-request: Joomla 2012-04 398-20120307 399-20120308",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/03/3"
},
{
"name": "http://developer.joomla.org/security/news/398-20120307-core-information-disclosure.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/398-20120307-core-information-disclosure.html"
},
{
"name": "48683",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48683"
}
]
}
}

190
2012/1xxx/CVE-2012-1645.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1645",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the \"Far Future expiration\" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name" : "https://drupal.org/node/1441502",
"refsource" : "MISC",
"url" : "https://drupal.org/node/1441502"
},
{
"name" : "http://drupal.org/node/1441480",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1441480"
},
{
"name" : "http://drupal.org/node/1441482",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1441482"
},
{
"name" : "http://drupalcode.org/project/cdn.git/commitdiff/cd2a5ff",
"refsource" : "CONFIRM",
"url" : "http://drupalcode.org/project/cdn.git/commitdiff/cd2a5ff"
},
{
"name" : "http://drupalcode.org/project/cdn.git/commitdiff/eca85e6",
"refsource" : "CONFIRM",
"url" : "http://drupalcode.org/project/cdn.git/commitdiff/eca85e6"
},
{
"name" : "79317",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/79317"
},
{
"name" : "48032",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48032"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the \"Far Future expiration\" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1441480",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1441480"
},
{
"name": "http://drupalcode.org/project/cdn.git/commitdiff/cd2a5ff",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/cdn.git/commitdiff/cd2a5ff"
},
{
"name": "http://drupalcode.org/project/cdn.git/commitdiff/eca85e6",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/cdn.git/commitdiff/eca85e6"
},
{
"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "https://drupal.org/node/1441502",
"refsource": "MISC",
"url": "https://drupal.org/node/1441502"
},
{
"name": "79317",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79317"
},
{
"name": "48032",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48032"
},
{
"name": "http://drupal.org/node/1441482",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1441482"
}
]
}
}

180
2012/1xxx/CVE-2012-1733.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1733",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality via unknown vectors related to CM."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-1733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "54539",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54539"
},
{
"name" : "83968",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/83968"
},
{
"name" : "1027265",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027265"
},
{
"name" : "49951",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49951"
},
{
"name" : "peoplesoftenterprise-ptcm-info-disc(77029)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77029"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality via unknown vectors related to CM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "83968",
"refsource": "OSVDB",
"url": "http://osvdb.org/83968"
},
{
"name": "peoplesoftenterprise-ptcm-info-disc(77029)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77029"
},
{
"name": "49951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49951"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name": "54539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54539"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "1027265",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027265"
}
]
}
}

130
2012/5xxx/CVE-2012-5383.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5383",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\\ directory, might allow local users to gain privileges via a Trojan horse DLL in the \"C:\\MySQL\\MySQL Server 5.5\\bin\" directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the \"IKE and AuthIP IPsec Keying Modules\" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the MySQL installation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.htbridge.com/advisory/HTB23108",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23108"
},
{
"name" : "86175",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/86175"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\\ directory, might allow local users to gain privileges via a Trojan horse DLL in the \"C:\\MySQL\\MySQL Server 5.5\\bin\" directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the \"IKE and AuthIP IPsec Keying Modules\" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the MySQL installation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "86175",
"refsource": "OSVDB",
"url": "http://osvdb.org/86175"
},
{
"name": "https://www.htbridge.com/advisory/HTB23108",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23108"
}
]
}
}

240
2012/5xxx/CVE-2012-5849.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5849",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_fav, (4) rating, or (5) flag_object action to ajax.php; cid parameter in an (6) add_new_item, (7) remove_collection_item, (8) get_item, or (9) load_more_items action to ajax.php; (10) ci_id parameter in a get_item action to ajax.php; user parameter to (11) user_contacts.php or (12) view_channel.php; (13) pid parameter to view_page.php; (14) tid parameter to view_topic.php; or (15) v parameter to watch_video.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20121205 Multiple SQL Injection vulnerabilities in ClipBucket",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-12/0056.html"
},
{
"name" : "20121207 Multiple SQL Injection vulnerabilities in ClipBucket",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-12/0063.html"
},
{
"name" : "23252",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/23252"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23125",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23125"
},
{
"name" : "http://forums.clip-bucket.com/showthread.php?12527-Security-Fix-ClipBucket-2-6-SQL-Injections-fix-%28Updated%29",
"refsource" : "CONFIRM",
"url" : "http://forums.clip-bucket.com/showthread.php?12527-Security-Fix-ClipBucket-2-6-SQL-Injections-fix-%28Updated%29"
},
{
"name" : "http://sourceforge.net/projects/clipbucket/files/ClipBucket%20v2/",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/projects/clipbucket/files/ClipBucket%20v2/"
},
{
"name" : "56854",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56854"
},
{
"name" : "88175",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/88175"
},
{
"name" : "88176",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/88176"
},
{
"name" : "88177",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/88177"
},
{
"name" : "88178",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/88178"
},
{
"name" : "88179",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/88179"
},
{
"name" : "88180",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/88180"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_fav, (4) rating, or (5) flag_object action to ajax.php; cid parameter in an (6) add_new_item, (7) remove_collection_item, (8) get_item, or (9) load_more_items action to ajax.php; (10) ci_id parameter in a get_item action to ajax.php; user parameter to (11) user_contacts.php or (12) view_channel.php; (13) pid parameter to view_page.php; (14) tid parameter to view_topic.php; or (15) v parameter to watch_video.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.clip-bucket.com/showthread.php?12527-Security-Fix-ClipBucket-2-6-SQL-Injections-fix-%28Updated%29",
"refsource": "CONFIRM",
"url": "http://forums.clip-bucket.com/showthread.php?12527-Security-Fix-ClipBucket-2-6-SQL-Injections-fix-%28Updated%29"
},
{
"name": "23252",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/23252"
},
{
"name": "88175",
"refsource": "OSVDB",
"url": "http://osvdb.org/88175"
},
{
"name": "http://sourceforge.net/projects/clipbucket/files/ClipBucket%20v2/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/clipbucket/files/ClipBucket%20v2/"
},
{
"name": "88177",
"refsource": "OSVDB",
"url": "http://osvdb.org/88177"
},
{
"name": "56854",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56854"
},
{
"name": "88179",
"refsource": "OSVDB",
"url": "http://osvdb.org/88179"
},
{
"name": "88180",
"refsource": "OSVDB",
"url": "http://osvdb.org/88180"
},
{
"name": "20121207 Multiple SQL Injection vulnerabilities in ClipBucket",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0063.html"
},
{
"name": "20121205 Multiple SQL Injection vulnerabilities in ClipBucket",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0056.html"
},
{
"name": "88178",
"refsource": "OSVDB",
"url": "http://osvdb.org/88178"
},
{
"name": "https://www.htbridge.com/advisory/HTB23125",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23125"
},
{
"name": "88176",
"refsource": "OSVDB",
"url": "http://osvdb.org/88176"
}
]
}
}

150
2012/5xxx/CVE-2012-5888.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5888",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_basics) extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://forge.typo3.org/issues/35532",
"refsource" : "MISC",
"url" : "http://forge.typo3.org/issues/35532"
},
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-006/",
"refsource" : "MISC",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-006/"
},
{
"name" : "52772",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52772"
},
{
"name" : "typo3-seobasics-unspecified-xss(74483)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74483"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_basics) extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forge.typo3.org/issues/35532",
"refsource": "MISC",
"url": "http://forge.typo3.org/issues/35532"
},
{
"name": "typo3-seobasics-unspecified-xss(74483)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74483"
},
{
"name": "52772",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52772"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-006/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-006/"
}
]
}
}

122
2017/11xxx/CVE-2017-11047.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-12-04T00:00:00",
"ID" : "CVE-2017-11047",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a graphics driver ioctl handler, the lack of copy_from_user() function calls may result in writes to kernel memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Input Validation in Display"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2017-12-04T00:00:00",
"ID": "CVE-2017-11047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/pixel/2017-12-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2017-12-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a graphics driver ioctl handler, the lack of copy_from_user() function calls may result in writes to kernel memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation in Display"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2017-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2017-12-01"
}
]
}
}

130
2017/11xxx/CVE-2017-11467.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11467",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OrientDB through 2.2.22 does not enforce privilege requirements during \"where\" or \"fetchplan\" or \"order by\" use, which allows remote attackers to execute arbitrary OS commands via a crafted request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.heavensec.org/?p=1703",
"refsource" : "MISC",
"url" : "http://www.heavensec.org/?p=1703"
},
{
"name" : "https://github.com/orientechnologies/orientdb/wiki/OrientDB-2.2-Release-Notes#2223---july-11-2017",
"refsource" : "MISC",
"url" : "https://github.com/orientechnologies/orientdb/wiki/OrientDB-2.2-Release-Notes#2223---july-11-2017"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OrientDB through 2.2.22 does not enforce privilege requirements during \"where\" or \"fetchplan\" or \"order by\" use, which allows remote attackers to execute arbitrary OS commands via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.heavensec.org/?p=1703",
"refsource": "MISC",
"url": "http://www.heavensec.org/?p=1703"
},
{
"name": "https://github.com/orientechnologies/orientdb/wiki/OrientDB-2.2-Release-Notes#2223---july-11-2017",
"refsource": "MISC",
"url": "https://github.com/orientechnologies/orientdb/wiki/OrientDB-2.2-Release-Notes#2223---july-11-2017"
}
]
}
}

34
2017/11xxx/CVE-2017-11660.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11660",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11660",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/11xxx/CVE-2017-11686.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11686",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://init6.me/exploiting-manageengine-eventlog-analyzer.html",
"refsource" : "MISC",
"url" : "http://init6.me/exploiting-manageengine-eventlog-analyzer.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://init6.me/exploiting-manageengine-eventlog-analyzer.html",
"refsource": "MISC",
"url": "http://init6.me/exploiting-manageengine-eventlog-analyzer.html"
}
]
}
}

140
2017/3xxx/CVE-2017-3041.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-3041",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing font data in the MakeAccessible plugin. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html"
},
{
"name" : "97556",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97556"
},
{
"name" : "1038228",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038228"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing font data in the MakeAccessible plugin. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038228",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038228"
},
{
"name": "97556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97556"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html"
}
]
}
}

140
2017/3xxx/CVE-2017-3088.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-3088",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Digital Editions 4.5.4 and earlier.",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Digital Editions 4.5.4 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF runtime engine. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Digital Editions 4.5.4 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Digital Editions 4.5.4 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html"
},
{
"name" : "99020",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99020"
},
{
"name" : "1038658",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038658"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF runtime engine. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99020"
},
{
"name": "1038658",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038658"
},
{
"name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-20.html"
}
]
}
}

176
2017/3xxx/CVE-2017-3274.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3274",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Email Center",
"version" : {
"version_data" : [
{
"version_value" : "12.1.1"
},
{
"version_value" : "12.1.2"
},
{
"version_value" : "12.1.3"
},
{
"version_value" : "12.2.3"
},
{
"version_value" : "12.2.4"
},
{
"version_value" : "12.2.5"
},
{
"version_value" : "12.2.6"
}
]
}
}
]
},
"vendor_name" : "Oracle"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Email Center",
"version": {
"version_data": [
{
"version_value": "12.1.1"
},
{
"version_value": "12.1.2"
},
{
"version_value": "12.1.3"
},
{
"version_value": "12.2.3"
},
{
"version_value": "12.2.4"
},
{
"version_value": "12.2.5"
},
{
"version_value": "12.2.6"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name" : "95591",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95591"
},
{
"name" : "1037639",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037639"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95591"
},
{
"name": "1037639",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037639"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}

230
2017/3xxx/CVE-2017-3530.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3530",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Transportation Management",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "6.2"
},
{
"version_affected" : "=",
"version_value" : "6.3.0"
},
{
"version_affected" : "=",
"version_value" : "6.3.1"
},
{
"version_affected" : "=",
"version_value" : "6.3.2"
},
{
"version_affected" : "=",
"version_value" : "6.3.3"
},
{
"version_affected" : "=",
"version_value" : "6.3.4"
},
{
"version_affected" : "=",
"version_value" : "6.3.5"
},
{
"version_affected" : "=",
"version_value" : "6.3.6"
},
{
"version_affected" : "=",
"version_value" : "6.3.7"
},
{
"version_affected" : "=",
"version_value" : "6.4.0"
},
{
"version_affected" : "=",
"version_value" : "6.4.1"
},
{
"version_affected" : "=",
"version_value" : "6.4.2"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Transportation Manager component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, 6.4.1 and 6.4.2. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Transportation Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Transportation Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Transportation Manager accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Transportation Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Transportation Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Transportation Manager accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Transportation Management",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.2"
},
{
"version_affected": "=",
"version_value": "6.3.0"
},
{
"version_affected": "=",
"version_value": "6.3.1"
},
{
"version_affected": "=",
"version_value": "6.3.2"
},
{
"version_affected": "=",
"version_value": "6.3.3"
},
{
"version_affected": "=",
"version_value": "6.3.4"
},
{
"version_affected": "=",
"version_value": "6.3.5"
},
{
"version_affected": "=",
"version_value": "6.3.6"
},
{
"version_affected": "=",
"version_value": "6.3.7"
},
{
"version_affected": "=",
"version_value": "6.4.0"
},
{
"version_affected": "=",
"version_value": "6.4.1"
},
{
"version_affected": "=",
"version_value": "6.4.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name" : "97723",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97723"
},
{
"name" : "1038303",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038303"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Transportation Manager component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, 6.4.1 and 6.4.2. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Transportation Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Transportation Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Transportation Manager accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily \"exploitable\" vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Transportation Manager. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Transportation Manager accessible data as well as unauthorized access to critical data or complete access to all Oracle Transportation Manager accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name": "1038303",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038303"
},
{
"name": "97723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97723"
}
]
}
}

140
2017/3xxx/CVE-2017-3820.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-3820",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco IOS XE 15.x",
"version" : {
"version_data" : [
{
"version_value" : "Cisco IOS XE 15.x"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. More Information: CSCux68796. Known Affected Releases: 15.5(3)S2.1 15.6(1)S1.1. Known Fixed Releases: 15.4(3)S6.1 15.4(3)S6.2 15.5(3)S2.2 15.5(3)S3 15.6(0.22)S0.23 15.6(1)S2 16.2(0.295) 16.3(0.94) 15.5.3S3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-3820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE 15.x",
"version": {
"version_data": [
{
"version_value": "Cisco IOS XE 15.x"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-asrsnmp",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-asrsnmp"
},
{
"name" : "95934",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95934"
},
{
"name" : "1037770",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037770"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. More Information: CSCux68796. Known Affected Releases: 15.5(3)S2.1 15.6(1)S1.1. Known Fixed Releases: 15.4(3)S6.1 15.4(3)S6.2 15.5(3)S2.2 15.5(3)S3 15.6(0.22)S0.23 15.6(1)S2 16.2(0.295) 16.3(0.94) 15.5.3S3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-asrsnmp",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-asrsnmp"
},
{
"name": "1037770",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037770"
},
{
"name": "95934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95934"
}
]
}
}

34
2017/3xxx/CVE-2017-3975.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3975",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3975",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/7xxx/CVE-2017-7166.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7166",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7166",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2017/7xxx/CVE-2017-7174.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7174",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 allows remote attackers to execute arbitrary code. This is fixed in 2.4.5."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://discourse.chef.io/t/chef-manage-2-4-5-security-release/10599",
"refsource" : "CONFIRM",
"url" : "https://discourse.chef.io/t/chef-manage-2-4-5-security-release/10599"
},
{
"name" : "97069",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97069"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 allows remote attackers to execute arbitrary code. This is fixed in 2.4.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discourse.chef.io/t/chef-manage-2-4-5-security-release/10599",
"refsource": "CONFIRM",
"url": "https://discourse.chef.io/t/chef-manage-2-4-5-security-release/10599"
},
{
"name": "97069",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97069"
}
]
}
}

120
2017/7xxx/CVE-2017-7315.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7315",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://seclists.org/fulldisclosure/2017/Jun/45",
"refsource" : "MISC",
"url" : "http://seclists.org/fulldisclosure/2017/Jun/45"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Humax Digital HG100R 2.0.6 devices. To download the backup file it's not necessary to use credentials, and the router credentials are stored in plaintext inside the backup, aka GatewaySettings.bin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Jun/45",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Jun/45"
}
]
}
}

120
2017/8xxx/CVE-2017-8035.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"ID" : "CVE-2017-8035",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cloud Controller",
"version" : {
"version_data" : [
{
"version_value" : "Cloud Controller"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "API access to CC VM contents"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-8035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cloud Controller",
"version": {
"version_data": [
{
"version_value": "Cloud Controller"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.cloudfoundry.org/cve-2017-8035/",
"refsource" : "CONFIRM",
"url" : "https://www.cloudfoundry.org/cve-2017-8035/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow them to gain access to files on the Cloud Controller VM for that installation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "API access to CC VM contents"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/cve-2017-8035/",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/cve-2017-8035/"
}
]
}
}

152
2017/8xxx/CVE-2017-8495.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-07-11T00:00:00",
"ID" : "CVE-2017-8495",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016.",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to prevent tampering with the SNAME field during ticket exchange, aka \"Kerberos SNAME Security Feature Bypass Vulnerability\" or Orpheus' Lyre."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Security Feature Bypass"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-8495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016.",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.orpheus-lyre.info/",
"refsource" : "MISC",
"url" : "https://www.orpheus-lyre.info/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8495",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8495"
},
{
"name" : "99424",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99424"
},
{
"name" : "1038862",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038862"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to prevent tampering with the SNAME field during ticket exchange, aka \"Kerberos SNAME Security Feature Bypass Vulnerability\" or Orpheus' Lyre."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.orpheus-lyre.info/",
"refsource": "MISC",
"url": "https://www.orpheus-lyre.info/"
},
{
"name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8495",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8495"
},
{
"name": "99424",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99424"
},
{
"name": "1038862",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038862"
}
]
}
}

140
2017/8xxx/CVE-2017-8497.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-8497",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows 10 1607 and Windows Server 2016."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8496."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows 10 1607 and Windows Server 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8497",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8497"
},
{
"name" : "98882",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98882"
},
{
"name" : "1038661",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038661"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8496."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98882"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8497",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8497"
},
{
"name": "1038661",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038661"
}
]
}
}

142
2017/8xxx/CVE-2017-8674.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00",
"ID" : "CVE-2017-8674",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Scripting Engine",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows 10 1703."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8672."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-8674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Scripting Engine",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows 10 1703."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8674",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8674"
},
{
"name" : "100081",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100081"
},
{
"name" : "1039095",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039095"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8672."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8674",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8674"
},
{
"name": "100081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100081"
},
{
"name": "1039095",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039095"
}
]
}
}

120
2017/8xxx/CVE-2017-8781.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8781",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted JPEG 2000 file that is mishandled during the opening of a directory in \"Browser\" mode, because of a \"Stack Buffer Overrun\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8781",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8781"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted JPEG 2000 file that is mishandled during the opening of a directory in \"Browser\" mode, because of a \"Stack Buffer Overrun\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8781",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8781"
}
]
}
}

150
2018/10xxx/CVE-2018-10092.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10092",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20180521 [CVE-2018-10092] Dolibarr admin panel authenticated Remote Code Execution (RCE) vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2018/05/21/2"
},
{
"name" : "https://sysdream.com/news/lab/2018-05-21-cve-2018-10092-dolibarr-admin-panel-authenticated-remote-code-execution-rce-vulnerability/",
"refsource" : "MISC",
"url" : "https://sysdream.com/news/lab/2018-05-21-cve-2018-10092-dolibarr-admin-panel-authenticated-remote-code-execution-rce-vulnerability/"
},
{
"name" : "https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog",
"refsource" : "CONFIRM",
"url" : "https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog"
},
{
"name" : "https://github.com/Dolibarr/dolibarr/commit/5d121b2d3ae2a95abebc9dc31e4782cbc61a1f39",
"refsource" : "CONFIRM",
"url" : "https://github.com/Dolibarr/dolibarr/commit/5d121b2d3ae2a95abebc9dc31e4782cbc61a1f39"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Dolibarr/dolibarr/commit/5d121b2d3ae2a95abebc9dc31e4782cbc61a1f39",
"refsource": "CONFIRM",
"url": "https://github.com/Dolibarr/dolibarr/commit/5d121b2d3ae2a95abebc9dc31e4782cbc61a1f39"
},
{
"name": "https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog",
"refsource": "CONFIRM",
"url": "https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog"
},
{
"name": "https://sysdream.com/news/lab/2018-05-21-cve-2018-10092-dolibarr-admin-panel-authenticated-remote-code-execution-rce-vulnerability/",
"refsource": "MISC",
"url": "https://sysdream.com/news/lab/2018-05-21-cve-2018-10092-dolibarr-admin-panel-authenticated-remote-code-execution-rce-vulnerability/"
},
{
"name": "[oss-security] 20180521 [CVE-2018-10092] Dolibarr admin panel authenticated Remote Code Execution (RCE) vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/05/21/2"
}
]
}
}

34
2018/10xxx/CVE-2018-10458.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10458",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10458",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/10xxx/CVE-2018-10459.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10459",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10459",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/10xxx/CVE-2018-10625.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10625",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10625",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/10xxx/CVE-2018-10762.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10762",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-10762",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

34
2018/12xxx/CVE-2018-12146.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12146",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12146",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/12xxx/CVE-2018-12736.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12736",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12736",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/12xxx/CVE-2018-12953.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12953",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12953",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/13xxx/CVE-2018-13476.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13476",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for PhilCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PhilCoin",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PhilCoin"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for PhilCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PhilCoin",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PhilCoin"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
}

120
2018/17xxx/CVE-2018-17021.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17021",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allows remote attackers to inject arbitrary web script or HTML via the appGet.cgi hook parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/ac5300_xss/ASUS%20GT-AC5300%20XSS.MD",
"refsource" : "MISC",
"url" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/ac5300_xss/ASUS%20GT-AC5300%20XSS.MD"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allows remote attackers to inject arbitrary web script or HTML via the appGet.cgi hook parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/ac5300_xss/ASUS%20GT-AC5300%20XSS.MD",
"refsource": "MISC",
"url": "https://github.com/PAGalaxyLab/VulInfo/blob/master/ASUS/ac5300_xss/ASUS%20GT-AC5300%20XSS.MD"
}
]
}
}

120
2018/17xxx/CVE-2018-17081.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17081",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/himanshurahi/e107_2.1.9_CSRF_POC",
"refsource" : "MISC",
"url" : "https://github.com/himanshurahi/e107_2.1.9_CSRF_POC"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/himanshurahi/e107_2.1.9_CSRF_POC",
"refsource": "MISC",
"url": "https://github.com/himanshurahi/e107_2.1.9_CSRF_POC"
}
]
}
}

132
2018/17xxx/CVE-2018-17461.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17461",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "68.0.3440.75"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out of bounds read"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-17461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "68.0.3440.75"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/874359",
"refsource" : "MISC",
"url" : "https://crbug.com/874359"
},
{
"name" : "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out of bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/874359",
"refsource": "MISC",
"url": "https://crbug.com/874359"
}
]
}
}

130
2018/17xxx/CVE-2018-17697.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-17697",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.2.0.9297"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of templates. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7170."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416: Use After Free"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-17697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.2.0.9297"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1215/",
"refsource" : "MISC",
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1215/"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of templates. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7170."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1215/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1215/"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}

34
2018/17xxx/CVE-2018-17993.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17993",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17993",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2018/9xxx/CVE-2018-9358.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2018-10-31T00:00:00",
"ID" : "CVE-2018-9358",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In gatts_process_attribute_req of gatt_sc.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-73172115."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-10-31T00:00:00",
"ID": "CVE-2018-9358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-06-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-06-01"
},
{
"name" : "104461",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104461"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In gatts_process_attribute_req of gatt_sc.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-73172115."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-06-01"
},
{
"name": "104461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104461"
}
]
}
}