admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:45:36 +00:00
parent 77191301d1
commit 45e99b62eb
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 3815 additions and 3815 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
2003/0xxx/CVE-2003-0018.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0018", "ID": "CVE-2003-0018",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://linux.bkbits.net:8080/linux-2.4/cset@3e2f193drGJDBg9SG6JwaDQwCBnAMQ", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://linux.bkbits.net:8080/linux-2.4/cset@3e2f193drGJDBg9SG6JwaDQwCBnAMQ" "lang": "eng",
}, "value": "Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption."
{ }
"name" : "DSA-358", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2003/dsa-358" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-423", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2004/dsa-423" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDKSA-2003:014", ]
"refsource" : "MANDRAKE", }
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:014" ]
}, },
{ "references": {
"name" : "RHSA-2003:025", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-025.html" "name": "DSA-423",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2004/dsa-423"
"name" : "6763", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6763" "name": "RHSA-2003:025",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2003-025.html"
"name" : "linux-odirect-information-leak(11249)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/11249.php" "name": "linux-odirect-information-leak(11249)",
} "refsource": "XF",
] "url": "http://www.iss.net/security_center/static/11249.php"
} },
{
"name": "MDKSA-2003:014",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:014"
},
{
"name": "6763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6763"
},
{
"name": "http://linux.bkbits.net:8080/linux-2.4/cset@3e2f193drGJDBg9SG6JwaDQwCBnAMQ",
"refsource": "CONFIRM",
"url": "http://linux.bkbits.net:8080/linux-2.4/cset@3e2f193drGJDBg9SG6JwaDQwCBnAMQ"
},
{
"name": "DSA-358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-358"
}
]
}
} }

148
2003/1xxx/CVE-2003-1409.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1409", "ID": "CVE-2003-1409",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030204 TOPo 1.43 and prior - Path Disclosure (in.php, out.php)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0049.html" "lang": "eng",
}, "value": "TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message."
{ }
"name" : "6768", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/6768" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "8008", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/8008" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "topo-path-disclosure(11248)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11248" ]
} },
] "references": {
} "reference_data": [
{
"name": "6768",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6768"
},
{
"name": "topo-path-disclosure(11248)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11248"
},
{
"name": "8008",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8008"
},
{
"name": "20030204 TOPo 1.43 and prior - Path Disclosure (in.php, out.php)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0049.html"
}
]
}
} }

138
2004/0xxx/CVE-2004-0192.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0192", "ID": "CVE-2004-0192",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040227 Symantec Gateway Security Management Service Cross Site Scripting", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=107790684732458&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page."
{ }
"name" : "9755", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/9755" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "symantecgateway-error-xss(15330)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15330" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "9755",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9755"
},
{
"name": "symantecgateway-error-xss(15330)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15330"
},
{
"name": "20040227 Symantec Gateway Security Management Service Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107790684732458&w=2"
}
]
}
} }

138
2004/0xxx/CVE-2004-0315.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0315", "ID": "CVE-2004-0315",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long GET request on port 1080."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040223 Remote Buffer Overflow in Avirt Voice 4.0", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=107756584609841&w=2" "lang": "eng",
}, "value": "Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long GET request on port 1080."
{ }
"name" : "avirt-voice-get-bo(15288)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15288" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "9721", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/9721" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "20040223 Remote Buffer Overflow in Avirt Voice 4.0",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107756584609841&w=2"
},
{
"name": "9721",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9721"
},
{
"name": "avirt-voice-get-bo(15288)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15288"
}
]
}
} }

158
2004/1xxx/CVE-2004-1739.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1739", "ID": "CVE-2004-1739",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Bird Chat 1.61 allows remote attackers to cause a denial of service (crash) via invalid users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040823 DoS in Bird Chat 1.61", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109327938924287&w=2" "lang": "eng",
}, "value": "Bird Chat 1.61 allows remote attackers to cause a denial of service (crash) via invalid users."
{ }
"name" : "http://www.autistici.org/fdonato/advisory/BirdChat1.61-adv.txt", ]
"refsource" : "MISC", },
"url" : "http://www.autistici.org/fdonato/advisory/BirdChat1.61-adv.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "11010", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11010" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "12365", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/12365" ]
}, },
{ "references": {
"name" : "bird-chat-dos(17080)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17080" "name": "11010",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/11010"
} },
{
"name": "20040823 DoS in Bird Chat 1.61",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109327938924287&w=2"
},
{
"name": "12365",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12365"
},
{
"name": "bird-chat-dos(17080)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17080"
},
{
"name": "http://www.autistici.org/fdonato/advisory/BirdChat1.61-adv.txt",
"refsource": "MISC",
"url": "http://www.autistici.org/fdonato/advisory/BirdChat1.61-adv.txt"
}
]
}
} }

168
2004/2xxx/CVE-2004-2050.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2050", "ID": "CVE-2004-2050",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow local users to gain privileges by pressing CTRL-SHIFT-ALT-DEL and entering the \"maertsJ\" password, which is hard-coded into lshell."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040724 eSeSIX Thintune thin client multiple vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109068491801021&w=2" "lang": "eng",
}, "value": "eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow local users to gain privileges by pressing CTRL-SHIFT-ALT-DEL and entering the \"maertsJ\" password, which is hard-coded into lshell."
{ }
"name" : "10794", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/10794" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "8248", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/8248" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1010770", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1010770" ]
}, },
{ "references": {
"name" : "12154", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12154" "name": "8248",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/8248"
"name" : "thintune-password-gain-privileges(16808)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16808" "name": "10794",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/10794"
} },
{
"name": "12154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12154"
},
{
"name": "1010770",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010770"
},
{
"name": "20040724 eSeSIX Thintune thin client multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109068491801021&w=2"
},
{
"name": "thintune-password-gain-privileges(16808)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16808"
}
]
}
} }

188
2004/2xxx/CVE-2004-2570.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2570", "ID": "CVE-2004-2570",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary files from the client's local filesystem or display a false URL to the user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040805 Opera: Location, Location, Location", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0131.html" "lang": "eng",
}, "value": "Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary files from the client's local filesystem or display a false URL to the user."
{ }
"name" : "http://www.greymagic.com/security/advisories/gm008-op/", ]
"refsource" : "MISC", },
"url" : "http://www.greymagic.com/security/advisories/gm008-op/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.opera.com/docs/changelogs/windows/754/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.opera.com/docs/changelogs/windows/754/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-200408-05", ]
"refsource" : "GENTOO", }
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200408-05.xml" ]
}, },
{ "references": {
"name" : "10873", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10873" "name": "http://www.greymagic.com/security/advisories/gm008-op/",
}, "refsource": "MISC",
{ "url": "http://www.greymagic.com/security/advisories/gm008-op/"
"name" : "8331", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/8331" "name": "12233",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/12233"
"name" : "12233", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12233" "name": "opera-location-method-overwrite(16904)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16904"
"name" : "opera-location-method-overwrite(16904)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16904" "name": "http://www.opera.com/docs/changelogs/windows/754/",
} "refsource": "CONFIRM",
] "url": "http://www.opera.com/docs/changelogs/windows/754/"
} },
{
"name": "GLSA-200408-05",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-05.xml"
},
{
"name": "10873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10873"
},
{
"name": "8331",
"refsource": "OSVDB",
"url": "http://osvdb.org/8331"
},
{
"name": "20040805 Opera: Location, Location, Location",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0131.html"
}
]
}
} }

168
2004/2xxx/CVE-2004-2687.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2687", "ID": "CVE-2004-2687",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050310 XCode 1.5 and distcc 2.x Exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2005-03/0183.html" "lang": "eng",
}, "value": "distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks."
{ }
"name" : "[distcc] 20040826 Exploit in distcc ( got compromised ;( )", ]
"refsource" : "MLIST", },
"url" : "http://lists.samba.org/archive/distcc/2004q3/002550.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[distcc] 20040826 Exploit in distcc ( got compromised ;( )", "description": [
"refsource" : "MLIST", {
"url" : "http://lists.samba.org/archive/distcc/2004q3/002562.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.metasploit.org/projects/Framework/exploits.html#distcc_exec", ]
"refsource" : "MISC", }
"url" : "http://www.metasploit.org/projects/Framework/exploits.html#distcc_exec" ]
}, },
{ "references": {
"name" : "http://distcc.samba.org/security.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://distcc.samba.org/security.html" "name": "20050310 XCode 1.5 and distcc 2.x Exploit",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2005-03/0183.html"
"name" : "13378", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/13378" "name": "13378",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/13378"
} },
{
"name": "[distcc] 20040826 Exploit in distcc ( got compromised ;( )",
"refsource": "MLIST",
"url": "http://lists.samba.org/archive/distcc/2004q3/002562.html"
},
{
"name": "http://www.metasploit.org/projects/Framework/exploits.html#distcc_exec",
"refsource": "MISC",
"url": "http://www.metasploit.org/projects/Framework/exploits.html#distcc_exec"
},
{
"name": "http://distcc.samba.org/security.html",
"refsource": "CONFIRM",
"url": "http://distcc.samba.org/security.html"
},
{
"name": "[distcc] 20040826 Exploit in distcc ( got compromised ;( )",
"refsource": "MLIST",
"url": "http://lists.samba.org/archive/distcc/2004q3/002550.html"
}
]
}
} }

178
2008/2xxx/CVE-2008-2036.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2036", "ID": "CVE-2008-2036",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in dream4 Koobi Pro 6.25 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter in a poll action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080415 Koobi Pro 6.25 poll Remote SQL Injection Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/490889/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in dream4 Koobi Pro 6.25 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter in a poll action."
{ }
"name" : "5448", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/5448" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "28779", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28779" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-1242", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/1242/references" ]
}, },
{ "references": {
"name" : "29789", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29789" "name": "koobipro-pollid-sql-injection(41817)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41817"
"name" : "3843", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3843" "name": "ADV-2008-1242",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1242/references"
"name" : "koobipro-pollid-sql-injection(41817)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41817" "name": "28779",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/28779"
} },
{
"name": "20080415 Koobi Pro 6.25 poll Remote SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490889/100/0/threaded"
},
{
"name": "3843",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3843"
},
{
"name": "29789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29789"
},
{
"name": "5448",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5448"
}
]
}
} }

178
2008/2xxx/CVE-2008-2331.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2331", "ID": "CVE-2008-2331",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2008-09-15", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" "lang": "eng",
}, "value": "Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator."
{ }
"name" : "TA08-260A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31189", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31189" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-2584", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/2584" ]
}, },
{ "references": {
"name" : "1020875", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1020875" "name": "31189",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/31189"
"name" : "31882", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31882" "name": "APPLE-SA-2008-09-15",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
"name" : "macos-finder-weak-security(45165)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45165" "name": "TA08-260A",
} "refsource": "CERT",
] "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
} },
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "1020875",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020875"
},
{
"name": "31882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31882"
},
{
"name": "macos-finder-weak-security(45165)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45165"
}
]
}
} }

708
2008/2xxx/CVE-2008-2785.json
View File

@ -1,357 +1,357 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2785", "ID": "CVE-2008-2785",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080717 ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/494504/100/0/threaded" "lang": "eng",
}, "value": "Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349."
{ }
"name" : "20080729 rPSA-2008-0238-1 firefox", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/494860/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30", "description": [
"refsource" : "MISC", {
"url" : "http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation/", ]
"refsource" : "MISC", }
"url" : "http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation/" ]
}, },
{ "references": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-044/", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-044/" "name": "31154",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31154"
"name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-34.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-34.html" "name": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5031400",
}, "refsource": "CONFIRM",
{ "url": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5031400"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=440230", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=440230" "name": "oval:org.mitre.oval:def:9900",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9900"
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238", },
"refsource" : "CONFIRM", {
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238" "name": "DSA-1697",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2009/dsa-1697"
"name" : "https://issues.rpath.com/browse/RPL-2683", },
"refsource" : "CONFIRM", {
"url" : "https://issues.rpath.com/browse/RPL-2683" "name": "RHSA-2008:0597",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0597.html"
"name" : "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5031400", },
"refsource" : "CONFIRM", {
"url" : "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5031400" "name": "31403",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31403"
"name" : "DSA-1614", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1614" "name": "31270",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31270"
"name" : "DSA-1615", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1615" "name": "SSA:2008-198-02",
}, "refsource": "SLACKWARE",
{ "url": "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.380767"
"name" : "DSA-1621", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1621" "name": "http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation/",
}, "refsource": "MISC",
{ "url": "http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation/"
"name" : "DSA-1697", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2009/dsa-1697" "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-044/",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-044/"
"name" : "FEDORA-2008-6517", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00667.html" "name": "31121",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31121"
"name" : "FEDORA-2008-6519", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00672.html" "name": "FEDORA-2008-6517",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00667.html"
"name" : "FEDORA-2008-6706", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=440230",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=440230"
"name" : "FEDORA-2008-6737", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html" "name": "ADV-2009-0977",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/0977"
"name" : "GLSA-200808-03", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200808-03.xml" "name": "31145",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31145"
"name" : "MDVSA-2008:148", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:148" "name": "31122",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31122"
"name" : "MDVSA-2008:155", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155" "name": "31377",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31377"
"name" : "RHSA-2008:0597", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0597.html" "name": "RHSA-2008:0616",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
"name" : "RHSA-2008:0598", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0598.html" "name": "29802",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/29802"
"name" : "RHSA-2008:0599", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0599.html" "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238",
}, "refsource": "CONFIRM",
{ "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0238"
"name" : "RHSA-2008:0616", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2008-0616.html" "name": "MDVSA-2008:155",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155"
"name" : "SSA:2008-198-01", },
"refsource" : "SLACKWARE", {
"url" : "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.380974" "name": "GLSA-200808-03",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
"name" : "SSA:2008-198-02", },
"refsource" : "SLACKWARE", {
"url" : "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.380767" "name": "20080729 rPSA-2008-0238-1 firefox",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/494860/100/0/threaded"
"name" : "SSA:2008-210-05", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484" "name": "USN-626-2",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-626-2"
"name" : "256408", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" "name": "RHSA-2008:0598",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0598.html"
"name" : "USN-623-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-623-1" "name": "31157",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31157"
"name" : "USN-629-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-629-1" "name": "33433",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33433"
"name" : "USN-626-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-626-1" "name": "DSA-1614",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1614"
"name" : "USN-626-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-626-2" "name": "31253",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31253"
"name" : "29802", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29802" "name": "FEDORA-2008-6737",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html"
"name" : "oval:org.mitre.oval:def:9900", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9900" "name": "31183",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31183"
"name" : "34501", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34501" "name": "USN-629-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-629-1"
"name" : "ADV-2008-1873", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1873" "name": "RHSA-2008:0599",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0599.html"
"name" : "1020336", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020336" "name": "256408",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
"name" : "30761", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30761" "name": "http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30",
}, "refsource": "MISC",
{ "url": "http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30"
"name" : "31122", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31122" "name": "https://issues.rpath.com/browse/RPL-2683",
}, "refsource": "CONFIRM",
{ "url": "https://issues.rpath.com/browse/RPL-2683"
"name" : "31121", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31121" "name": "31261",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31261"
"name" : "31129", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31129" "name": "31144",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31144"
"name" : "31157", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31157" "name": "30761",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30761"
"name" : "31144", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31144" "name": "SSA:2008-210-05",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484"
"name" : "31145", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31145" "name": "USN-623-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-623-1"
"name" : "31154", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31154" "name": "SSA:2008-198-01",
}, "refsource": "SLACKWARE",
{ "url": "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.380974"
"name" : "31176", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31176" "name": "DSA-1615",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1615"
"name" : "31183", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31183" "name": "31176",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31176"
"name" : "31195", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31195" "name": "20080717 ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/494504/100/0/threaded"
"name" : "31220", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31220" "name": "FEDORA-2008-6706",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html"
"name" : "31270", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31270" "name": "FEDORA-2008-6519",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00672.html"
"name" : "31261", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31261" "name": "31220",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31220"
"name" : "31253", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31253" "name": "31195",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31195"
"name" : "31306", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31306" "name": "31129",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31129"
"name" : "31377", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31377" "name": "1020336",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1020336"
"name" : "31286", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31286" "name": "firefox-unspecified-code-execution(43167)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43167"
"name" : "31403", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31403" "name": "USN-626-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-626-1"
"name" : "33433", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33433" "name": "MDVSA-2008:148",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:148"
"name" : "ADV-2009-0977", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0977" "name": "DSA-1621",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1621"
"name" : "firefox-unspecified-code-execution(43167)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43167" "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-34.html",
} "refsource": "CONFIRM",
] "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-34.html"
} },
{
"name": "31306",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31306"
},
{
"name": "31286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31286"
},
{
"name": "34501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34501"
},
{
"name": "ADV-2008-1873",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1873"
}
]
}
} }

138
2008/2xxx/CVE-2008-2854.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2854", "ID": "CVE-2008-2854",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Orlando CMS 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[preloc] parameter to (1) modules/core/logger/init.php and (2) AJAX/newscat.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5864", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5864" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in Orlando CMS 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[preloc] parameter to (1) modules/core/logger/init.php and (2) AJAX/newscat.php."
{ }
"name" : "29820", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29820" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "orlando-init-newscat-file-include(43181)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43181" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "29820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29820"
},
{
"name": "orlando-init-newscat-file-include(43181)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43181"
},
{
"name": "5864",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5864"
}
]
}
} }

158
2008/2xxx/CVE-2008-2869.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2869", "ID": "CVE-2008-2869",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in out.php in E-topbiz Link ADS 1 allows remote attackers to execute arbitrary SQL commands via the linkid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5930", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5930" "lang": "eng",
}, "value": "SQL injection vulnerability in out.php in E-topbiz Link ADS 1 allows remote attackers to execute arbitrary SQL commands via the linkid parameter."
{ }
"name" : "29923", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29923" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-1921", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1921/references" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "30798", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/30798" ]
}, },
{ "references": {
"name" : "linkads1-out-sql-injection(43343)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43343" "name": "30798",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/30798"
} },
{
"name": "ADV-2008-1921",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1921/references"
},
{
"name": "linkads1-out-sql-injection(43343)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43343"
},
{
"name": "5930",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5930"
},
{
"name": "29923",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29923"
}
]
}
} }

148
2008/2xxx/CVE-2008-2996.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2996", "ID": "CVE-2008-2996",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in index.php in Gravity Board X (GBX) 2.0 Beta, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchquery parameter in a getsearch action, and the (2) board_id parameter in a viewboard action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5791", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5791" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in index.php in Gravity Board X (GBX) 2.0 Beta, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchquery parameter in a getsearch action, and the (2) board_id parameter in a viewboard action."
{ }
"name" : "29685", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29685" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3970", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3970" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "gbx-index-sql-injection(43022)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43022" ]
} },
] "references": {
} "reference_data": [
{
"name": "gbx-index-sql-injection(43022)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43022"
},
{
"name": "29685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29685"
},
{
"name": "5791",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5791"
},
{
"name": "3970",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3970"
}
]
}
} }

138
2008/6xxx/CVE-2008-6190.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6190", "ID": "CVE-2008-6190",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in EEBCMS 0.95 allows remote attackers to inject arbitrary web script or HTML via the content parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/0810-exploits/eebcms-xss.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/0810-exploits/eebcms-xss.txt" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in EEBCMS 0.95 allows remote attackers to inject arbitrary web script or HTML via the content parameter."
{ }
"name" : "31732", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31732" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "eebcms-index-xss(45828)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45828" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "31732",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31732"
},
{
"name": "eebcms-index-xss(45828)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45828"
},
{
"name": "http://packetstormsecurity.org/0810-exploits/eebcms-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0810-exploits/eebcms-xss.txt"
}
]
}
} }

158
2008/6xxx/CVE-2008-6233.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6233", "ID": "CVE-2008-6233",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Five Dollar Scripts Drinks script allows remote attackers to execute arbitrary SQL commands via the recid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7007", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7007" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in Five Dollar Scripts Drinks script allows remote attackers to execute arbitrary SQL commands via the recid parameter."
{ }
"name" : "32137", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32137" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-3025", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/3025" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "32579", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/32579" ]
}, },
{ "references": {
"name" : "drinks-recid-sql-injection(46379)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46379" "name": "32579",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/32579"
} },
{
"name": "ADV-2008-3025",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3025"
},
{
"name": "32137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32137"
},
{
"name": "drinks-recid-sql-injection(46379)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46379"
},
{
"name": "7007",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7007"
}
]
}
} }

158
2008/6xxx/CVE-2008-6782.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6782", "ID": "CVE-2008-6782",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Hosting Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6905", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6905" "lang": "eng",
}, "value": "SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Hosting Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action."
{ }
"name" : "32021", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32021" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "49551", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/49551" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "32558", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/32558" ]
}, },
{ "references": {
"name" : "sfs-directoryphp-sql-injection(46251)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46251" "name": "6905",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/6905"
} },
{
"name": "32021",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32021"
},
{
"name": "32558",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32558"
},
{
"name": "49551",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/49551"
},
{
"name": "sfs-directoryphp-sql-injection(46251)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46251"
}
]
}
} }

168
2008/6xxx/CVE-2008-6992.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6992", "ID": "CVE-2008-6992",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as \"x=y=z\", which is successfully parsed by MySQL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.mysql.com/bug.php?id=39337", "description_data": [
"refsource" : "MISC", {
"url" : "http://bugs.mysql.com/bug.php?id=39337" "lang": "eng",
}, "value": "GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as \"x=y=z\", which is successfully parsed by MySQL."
{ }
"name" : "http://sla.ckers.org/forum/read.php?16,24367", ]
"refsource" : "MISC", },
"url" : "http://sla.ckers.org/forum/read.php?16,24367" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.greensql.net/node/89", "description": [
"refsource" : "MISC", {
"url" : "http://www.greensql.net/node/89" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.greensql.net/node/98", ]
"refsource" : "MISC", }
"url" : "http://www.greensql.net/node/98" ]
}, },
{ "references": {
"name" : "http://www.greensql.net/security", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.greensql.net/security" "name": "http://sla.ckers.org/forum/read.php?16,24367",
}, "refsource": "MISC",
{ "url": "http://sla.ckers.org/forum/read.php?16,24367"
"name" : "48910", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/48910" "name": "http://www.greensql.net/security",
} "refsource": "CONFIRM",
] "url": "http://www.greensql.net/security"
} },
{
"name": "http://bugs.mysql.com/bug.php?id=39337",
"refsource": "MISC",
"url": "http://bugs.mysql.com/bug.php?id=39337"
},
{
"name": "48910",
"refsource": "OSVDB",
"url": "http://osvdb.org/48910"
},
{
"name": "http://www.greensql.net/node/89",
"refsource": "MISC",
"url": "http://www.greensql.net/node/89"
},
{
"name": "http://www.greensql.net/node/98",
"refsource": "MISC",
"url": "http://www.greensql.net/node/98"
}
]
}
} }

32
2012/1xxx/CVE-2012-1373.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1373", "ID": "CVE-2012-1373",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2012/1xxx/CVE-2012-1525.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1525", "ID": "CVE-2012-1525",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html" "lang": "eng",
}, "value": "Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors."
{ }
"name" : "GLSA-201308-03", ]
"refsource" : "GENTOO", },
"url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:16422", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16422" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:16422",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16422"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-16.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-16.html"
},
{
"name": "GLSA-201308-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-03.xml"
}
]
}
} }

138
2012/1xxx/CVE-2012-1881.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2012-1881", "ID": "CVE-2012-1881",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka \"OnRowsInserted Event Remote Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS12-037", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037" "lang": "eng",
}, "value": "Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka \"OnRowsInserted Event Remote Code Execution Vulnerability.\""
{ }
"name" : "TA12-164A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-164A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:15378", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15378" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "TA12-164A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
},
{
"name": "MS12-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037"
},
{
"name": "oval:org.mitre.oval:def:15378",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15378"
}
]
}
} }

118
2012/5xxx/CVE-2012-5158.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5158", "ID": "CVE-2012-5158",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://puppetlabs.com/security/cve/cve-2012-5158", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://puppetlabs.com/security/cve/cve-2012-5158" "lang": "eng",
} "value": "Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://puppetlabs.com/security/cve/cve-2012-5158",
"refsource": "CONFIRM",
"url": "http://puppetlabs.com/security/cve/cve-2012-5158"
}
]
}
} }

138
2012/5xxx/CVE-2012-5272.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2012-5272", "ID": "CVE-2012-5272",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-22.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-22.html" "lang": "eng",
}, "value": "Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22."
{ }
"name" : "openSUSE-SU-2013:0370", ]
"refsource" : "SUSE", },
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00034.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "86049", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/86049" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:0370",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00034.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-22.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-22.html"
},
{
"name": "86049",
"refsource": "OSVDB",
"url": "http://osvdb.org/86049"
}
]
}
} }

128
2017/11xxx/CVE-2017-11171.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11171", "ID": "CVE-2017-11171",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each failed authentication attempt will leak a file descriptor in gnome-session. When the maximum number of file descriptors is exhausted in the gnome-session process, it will enter an infinite loop trying to communicate without success, consuming 100% of the CPU. The graphical session associated with the gnome-session process will stop working correctly, because communication with gnome-session is no longer possible."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1025068", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1025068" "lang": "eng",
}, "value": "Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each failed authentication attempt will leak a file descriptor in gnome-session. When the maximum number of file descriptors is exhausted in the gnome-session process, it will enter an infinite loop trying to communicate without success, consuming 100% of the CPU. The graphical session associated with the gnome-session process will stop working correctly, because communication with gnome-session is no longer possible."
{ }
"name" : "https://github.com/GNOME/gnome-session/commit/b0dc999e0b45355314616321dbb6cb71e729fc9d", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/GNOME/gnome-session/commit/b0dc999e0b45355314616321dbb6cb71e729fc9d" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1025068",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1025068"
},
{
"name": "https://github.com/GNOME/gnome-session/commit/b0dc999e0b45355314616321dbb6cb71e729fc9d",
"refsource": "CONFIRM",
"url": "https://github.com/GNOME/gnome-session/commit/b0dc999e0b45355314616321dbb6cb71e729fc9d"
}
]
}
} }

158
2017/11xxx/CVE-2017-11228.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00", "DATE_PUBLIC": "2017-08-08T00:00:00",
"ID" : "CVE-2017-11228", "ID": "CVE-2017-11228",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Acrobat Reader", "product_name": "Acrobat Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2017.009.20058 and earlier" "version_value": "2017.009.20058 and earlier"
}, },
{ {
"version_value" : "2017.008.30051 and earlier" "version_value": "2017.008.30051 and earlier"
}, },
{ {
"version_value" : "2015.006.30306 and earlier" "version_value": "2015.006.30306 and earlier"
}, },
{ {
"version_value" : "11.0.20 and earlier" "version_value": "11.0.20 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Adobe Systems Incorporated" "vendor_name": "Adobe Systems Incorporated"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" "lang": "eng",
}, "value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution."
{ }
"name" : "100179", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100179" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039098", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039098" "lang": "eng",
} "value": "Memory Corruption"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
},
{
"name": "1039098",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039098"
},
{
"name": "100179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100179"
}
]
}
} }

118
2017/11xxx/CVE-2017-11347.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11347", "ID": "CVE-2017-11347",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/imp0wd3r/MetInfo_Vuln/blob/master/README.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/imp0wd3r/MetInfo_Vuln/blob/master/README.md" "lang": "eng",
} "value": "Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/imp0wd3r/MetInfo_Vuln/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/imp0wd3r/MetInfo_Vuln/blob/master/README.md"
}
]
}
} }

128
2017/11xxx/CVE-2017-11548.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11548", "ID": "CVE-2017-11548",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42400", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42400/" "lang": "eng",
}, "value": "The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file."
{ }
"name" : "http://seclists.org/fulldisclosure/2017/Jul/84", ]
"refsource" : "MISC", },
"url" : "http://seclists.org/fulldisclosure/2017/Jul/84" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Jul/84",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Jul/84"
},
{
"name": "42400",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42400/"
}
]
}
} }

32
2017/11xxx/CVE-2017-11945.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11945", "ID": "CVE-2017-11945",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2017/15xxx/CVE-2017-15024.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15024", "ID": "CVE-2017-15024",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/", "description_data": [
"refsource" : "MISC", {
"url" : "https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/" "lang": "eng",
}, "value": "find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file."
{ }
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22187", ]
"refsource" : "MISC", },
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22187" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52a93b95ec0771c97e26f0bb28630a271a667bd2", "description": [
"refsource" : "MISC", {
"url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52a93b95ec0771c97e26f0bb28630a271a667bd2" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22187",
"refsource": "MISC",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22187"
},
{
"name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52a93b95ec0771c97e26f0bb28630a271a667bd2",
"refsource": "MISC",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52a93b95ec0771c97e26f0bb28630a271a667bd2"
}
]
}
} }

126
2017/15xxx/CVE-2017-15697.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"DATE_PUBLIC" : "2018-01-12T00:00:00", "DATE_PUBLIC": "2018-01-12T00:00:00",
"ID" : "CVE-2017-15697", "ID": "CVE-2017-15697",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache NiFi", "product_name": "Apache NiFi",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.0.0 - 1.4.0" "version_value": "1.0.0 - 1.4.0"
}, },
{ {
"version_value" : "0.1.0 - 0.7.x" "version_value": "0.1.0 - 0.7.x"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to properly handle these headers was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://nifi.apache.org/security.html#CVE-2017-15697", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://nifi.apache.org/security.html#CVE-2017-15697" "lang": "eng",
} "value": "A malicious X-ProxyContextPath or X-Forwarded-Context header containing external resources or embedded code could cause remote code execution. The fix to properly handle these headers was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nifi.apache.org/security.html#CVE-2017-15697",
"refsource": "CONFIRM",
"url": "https://nifi.apache.org/security.html#CVE-2017-15697"
}
]
}
} }

172
2017/3xxx/CVE-2017-3494.json
View File

@ -1,89 +1,89 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3494", "ID": "CVE-2017-3494",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "FLEXCUBE Universal Banking", "product_name": "FLEXCUBE Universal Banking",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "11.3.0" "version_value": "11.3.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "11.4.0" "version_value": "11.4.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.0.1" "version_value": "12.0.1"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.0.2" "version_value": "12.0.2"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.0.3" "version_value": "12.0.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Retail Teller). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2 and 12.0.3. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Retail Teller). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2 and 12.0.3. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)."
{ }
"name" : "97843", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97843" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038304", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038304" "lang": "eng",
} "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data."
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name": "1038304",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038304"
},
{
"name": "97843",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97843"
}
]
}
} }

178
2017/3xxx/CVE-2017-3599.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3599", "ID": "CVE-2017-3599",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41954", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41954/" "lang": "eng",
}, "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet."
{ }
"name" : "https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/", ]
"refsource" : "MISC", },
"url" : "https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2017:2886", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2017:2886" ]
}, },
{ "references": {
"name" : "RHSA-2017:2787", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2787" "name": "RHSA-2017:2787",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:2787"
"name" : "97754", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97754" "name": "1038287",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1038287"
"name" : "1038287", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038287" "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
} "refsource": "CONFIRM",
] "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
} },
{
"name": "41954",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41954/"
},
{
"name": "https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/",
"refsource": "MISC",
"url": "https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/"
},
{
"name": "RHSA-2017:2886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "97754",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97754"
}
]
}
} }

32
2017/3xxx/CVE-2017-3781.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-3781", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-3781",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

140
2017/7xxx/CVE-2017-7677.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"ID" : "CVE-2017-7677", "ID": "CVE-2017-7677",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache Ranger", "product_name": "Apache Ranger",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "0.5.x" "version_value": "0.5.x"
}, },
{ {
"version_value" : "0.6.x" "version_value": "0.6.x"
}, },
{ {
"version_value" : "0.7.0" "version_value": "0.7.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authorization"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger" "lang": "eng",
}, "value": "In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table."
{ }
"name" : "98961", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98961" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98961",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98961"
},
{
"name": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger",
"refsource": "CONFIRM",
"url": "https://cwiki.apache.org/confluence/display/RANGER/Vulnerabilities+found+in+Ranger"
}
]
}
} }

118
2017/8xxx/CVE-2017-8077.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8077", "ID": "CVE-2017-8077",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link/", "description_data": [
"refsource" : "MISC", {
"url" : "https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link/" "lang": "eng",
} "value": "On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a long string beginning with Ei2HNryt). This affects the 1.1.2 Build 20141017 Rel.50749 firmware."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link/",
"refsource": "MISC",
"url": "https://chmod750.com/2017/04/23/vulnerability-disclosure-tp-link/"
}
]
}
} }

148
2017/8xxx/CVE-2017-8312.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@checkpoint.com", "ASSIGNER": "cve@checkpoint.com",
"ID" : "CVE-2017-8312", "ID": "CVE-2017-8312",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "VLC", "product_name": "VLC",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All" "version_value": "All"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "VideoLAN" "vendor_name": "VideoLAN"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Allows attacker to read heap uninitialized data (potentially beyond allocated data - depends on heap implementation)."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.videolan.org/?p=vlc.git;a=blobdiff;f=modules/demux/subtitle.c;h=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3;hp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974;hb=611398fc8d32f3fe4331f60b220c52ba3557beaa;hpb=075bc7169b05b004fa0250e4a4ce5516b05487a9", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.videolan.org/?p=vlc.git;a=blobdiff;f=modules/demux/subtitle.c;h=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3;hp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974;hb=611398fc8d32f3fe4331f60b220c52ba3557beaa;hpb=075bc7169b05b004fa0250e4a4ce5516b05487a9" "lang": "eng",
}, "value": "Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a crafted subtitles file."
{ }
"name" : "DSA-3899", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2017/dsa-3899" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201707-10", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201707-10" "lang": "eng",
}, "value": "Allows attacker to read heap uninitialized data (potentially beyond allocated data - depends on heap implementation)."
{ }
"name" : "98631", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/98631" ]
} },
] "references": {
} "reference_data": [
{
"name": "GLSA-201707-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98631",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98631"
},
{
"name": "DSA-3899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3899"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=blobdiff;f=modules/demux/subtitle.c;h=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3;hp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974;hb=611398fc8d32f3fe4331f60b220c52ba3557beaa;hpb=075bc7169b05b004fa0250e4a4ce5516b05487a9",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=blobdiff;f=modules/demux/subtitle.c;h=5e4fcdb7f25b2819f5441156c7c0ea2a7d112ca3;hp=2a75fbfb7c3f56b24b2e4498bbb8fe0aa2575974;hb=611398fc8d32f3fe4331f60b220c52ba3557beaa;hpb=075bc7169b05b004fa0250e4a4ce5516b05487a9"
}
]
}
} }

140
2017/8xxx/CVE-2017-8584.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-07-11T00:00:00", "DATE_PUBLIC": "2017-07-11T00:00:00",
"ID" : "CVE-2017-8584", "ID": "CVE-2017-8584",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows 10 1607 and Windows Server 2016", "product_name": "Windows 10 1607 and Windows Server 2016",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Windows" "version_value": "Microsoft Windows"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows 10 1607 and Windows Server 2016 allow an attacker to execute code remotely via a specially crafted WiFi packet aka \"HoloLens Remote Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8584", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8584" "lang": "eng",
}, "value": "Windows 10 1607 and Windows Server 2016 allow an attacker to execute code remotely via a specially crafted WiFi packet aka \"HoloLens Remote Code Execution Vulnerability.\""
{ }
"name" : "99434", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99434" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038865", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038865" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "99434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99434"
},
{
"name": "1038865",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038865"
},
{
"name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8584",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8584"
}
]
}
} }

138
2017/8xxx/CVE-2017-8819.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@debian.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2017-8819", "ID": "CVE-2017-8819",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9", "product_name": "Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9" "version_value": "Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger this issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "broken protection mechanism"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516" "lang": "eng",
}, "value": "In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger this issue."
{ }
"name" : "https://bugs.torproject.org/24244", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.torproject.org/24244" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4054", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2017/dsa-4054" "lang": "eng",
} "value": "broken protection mechanism"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516",
"refsource": "CONFIRM",
"url": "https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516"
},
{
"name": "https://bugs.torproject.org/24244",
"refsource": "CONFIRM",
"url": "https://bugs.torproject.org/24244"
},
{
"name": "DSA-4054",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4054"
}
]
}
} }

168
2018/10xxx/CVE-2018-10428.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10428", "ID": "CVE-2018-10428",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20180518 [SYSS-2018-007] ILIAS e-Learning - Reflected Cross-Site-Scripting", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/542025/100/0/threaded" "lang": "eng",
}, "value": "ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting."
{ }
"name" : "http://packetstormsecurity.com/files/147726/ILIAS-5.3.2-5.2.14-5.1.25-Cross-Site-Scripting.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/147726/ILIAS-5.3.2-5.2.14-5.1.25-Cross-Site-Scripting.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-007.txt", "description": [
"refsource" : "MISC", {
"url" : "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-007.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.ilias.de/docu/ilias.php?ref_id=1719&from_page=116793&obj_id=116793&cmd=layout&cmdClass=illmpresentationgui&cmdNode=wc&baseClass=ilLMPresentationGUI", ]
"refsource" : "CONFIRM", }
"url" : "https://www.ilias.de/docu/ilias.php?ref_id=1719&from_page=116793&obj_id=116793&cmd=layout&cmdClass=illmpresentationgui&cmdNode=wc&baseClass=ilLMPresentationGUI" ]
}, },
{ "references": {
"name" : "https://www.ilias.de/docu/ilias.php?ref_id=1719&from_page=116805&obj_id=116799&cmd=layout&cmdClass=illmpresentationgui&cmdNode=wc&baseClass=ilLMPresentationGUI", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.ilias.de/docu/ilias.php?ref_id=1719&from_page=116805&obj_id=116799&cmd=layout&cmdClass=illmpresentationgui&cmdNode=wc&baseClass=ilLMPresentationGUI" "name": "20180518 [SYSS-2018-007] ILIAS e-Learning - Reflected Cross-Site-Scripting",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/542025/100/0/threaded"
"name" : "https://www.ilias.de/docu/ilias.php?ref_id=1719&obj_id=116792&from_page=116805&cmd=layout&cmdClass=illmpresentationgui&cmdNode=wc&baseClass=ilLMPresentationGUI", },
"refsource" : "CONFIRM", {
"url" : "https://www.ilias.de/docu/ilias.php?ref_id=1719&obj_id=116792&from_page=116805&cmd=layout&cmdClass=illmpresentationgui&cmdNode=wc&baseClass=ilLMPresentationGUI" "name": "http://packetstormsecurity.com/files/147726/ILIAS-5.3.2-5.2.14-5.1.25-Cross-Site-Scripting.html",
} "refsource": "MISC",
] "url": "http://packetstormsecurity.com/files/147726/ILIAS-5.3.2-5.2.14-5.1.25-Cross-Site-Scripting.html"
} },
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-007.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-007.txt"
},
{
"name": "https://www.ilias.de/docu/ilias.php?ref_id=1719&from_page=116805&obj_id=116799&cmd=layout&cmdClass=illmpresentationgui&cmdNode=wc&baseClass=ilLMPresentationGUI",
"refsource": "CONFIRM",
"url": "https://www.ilias.de/docu/ilias.php?ref_id=1719&from_page=116805&obj_id=116799&cmd=layout&cmdClass=illmpresentationgui&cmdNode=wc&baseClass=ilLMPresentationGUI"
},
{
"name": "https://www.ilias.de/docu/ilias.php?ref_id=1719&obj_id=116792&from_page=116805&cmd=layout&cmdClass=illmpresentationgui&cmdNode=wc&baseClass=ilLMPresentationGUI",
"refsource": "CONFIRM",
"url": "https://www.ilias.de/docu/ilias.php?ref_id=1719&obj_id=116792&from_page=116805&cmd=layout&cmdClass=illmpresentationgui&cmdNode=wc&baseClass=ilLMPresentationGUI"
},
{
"name": "https://www.ilias.de/docu/ilias.php?ref_id=1719&from_page=116793&obj_id=116793&cmd=layout&cmdClass=illmpresentationgui&cmdNode=wc&baseClass=ilLMPresentationGUI",
"refsource": "CONFIRM",
"url": "https://www.ilias.de/docu/ilias.php?ref_id=1719&from_page=116793&obj_id=116793&cmd=layout&cmdClass=illmpresentationgui&cmdNode=wc&baseClass=ilLMPresentationGUI"
}
]
}
} }

128
2018/10xxx/CVE-2018-10506.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@trendmicro.com", "ASSIGNER": "security@trendmicro.com",
"ID" : "CVE-2018-10506", "ID": "CVE-2018-10506",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Trend Micro OfficeScan", "product_name": "Trend Micro OfficeScan",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "11.0 SP1, XG" "version_value": "11.0 SP1, XG"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Trend Micro" "vendor_name": "Trend Micro"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within the processing of IOCTL 0x220004 by the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-Bounds Read Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-566/", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-566/" "lang": "eng",
}, "value": "A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within the processing of IOCTL 0x220004 by the TMWFP driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
{ }
"name" : "https://success.trendmicro.com/solution/1119961", ]
"refsource" : "CONFIRM", },
"url" : "https://success.trendmicro.com/solution/1119961" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Out-of-Bounds Read Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/1119961",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1119961"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-566/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-566/"
}
]
}
} }

32
2018/10xxx/CVE-2018-10833.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10833", "ID": "CVE-2018-10833",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/12xxx/CVE-2018-12131.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@intel.com", "ASSIGNER": "secure@intel.com",
"DATE_PUBLIC" : "2018-10-09T00:00:00", "DATE_PUBLIC": "2018-10-09T00:00:00",
"ID" : "CVE-2018-12131", "ID": "CVE-2018-12131",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Intel NVMe and Intel RSTe", "product_name": "Intel NVMe and Intel RSTe",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Various" "version_value": "Various"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Intel Corporation" "vendor_name": "Intel Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Permissions in the driver pack installers for Intel NVMe before version 4.0.0.1007 and Intel RSTe before version 4.7.0.2083 may allow an authenticated user to potentially escalate privilege via local access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Escalation of Privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00154.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00154.html" "lang": "eng",
} "value": "Permissions in the driver pack installers for Intel NVMe before version 4.0.0.1007 and Intel RSTe before version 4.7.0.2083 may allow an authenticated user to potentially escalate privilege via local access."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00154.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00154.html"
}
]
}
} }

118
2018/12xxx/CVE-2018-12580.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12580", "ID": "CVE-2018-12580",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['user_agent'] in the \"Login Sessions\" feature."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.dragonbyte-tech.com/threads/security-bulletin-low-vbsecurity-for-vbulletin-3-vbulletin-4-partial-xss.22534/", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.dragonbyte-tech.com/threads/security-bulletin-low-vbsecurity-for-vbulletin-3-vbulletin-4-partial-xss.22534/" "lang": "eng",
} "value": "library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['user_agent'] in the \"Login Sessions\" feature."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dragonbyte-tech.com/threads/security-bulletin-low-vbsecurity-for-vbulletin-3-vbulletin-4-partial-xss.22534/",
"refsource": "MISC",
"url": "https://www.dragonbyte-tech.com/threads/security-bulletin-low-vbsecurity-for-vbulletin-3-vbulletin-4-partial-xss.22534/"
}
]
}
} }

118
2018/12xxx/CVE-2018-12659.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12659", "ID": "CVE-2018-12659",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/slims/slims8_akasia/issues/103", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/slims/slims8_akasia/issues/103" "lang": "eng",
} "value": "SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/slims/slims8_akasia/issues/103",
"refsource": "MISC",
"url": "https://github.com/slims/slims8_akasia/issues/103"
}
]
}
} }

32
2018/12xxx/CVE-2018-12690.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12690", "ID": "CVE-2018-12690",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/13xxx/CVE-2018-13432.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13432", "ID": "CVE-2018-13432",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2018/13xxx/CVE-2018-13650.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13650", "ID": "CVE-2018-13650",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for BitmaxerToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for BitmaxerToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BitmaxerToken", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BitmaxerToken" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BitmaxerToken",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BitmaxerToken"
}
]
}
} }

128
2018/13xxx/CVE-2018-13680.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13680", "ID": "CVE-2018-13680",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for LexitToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for LexitToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/LexitToken", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/LexitToken" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/LexitToken",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/LexitToken"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
} }

128
2018/13xxx/CVE-2018-13744.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13744", "ID": "CVE-2018-13744",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Crowdnext", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Crowdnext" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Crowdnext",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Crowdnext"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
} }

32
2018/13xxx/CVE-2018-13883.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13883", "ID": "CVE-2018-13883",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/13xxx/CVE-2018-13956.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13956", "ID": "CVE-2018-13956",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2018/16xxx/CVE-2018-16602.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16602", "ID": "CVE-2018-16602",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/", "description_data": [
"refsource" : "MISC", {
"url" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/" "lang": "eng",
}, "value": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure."
{ }
"name" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/", ]
"refsource" : "MISC", },
"url" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md",
"refsource": "CONFIRM",
"url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"
},
{
"name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/",
"refsource": "MISC",
"url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/"
},
{
"name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/",
"refsource": "MISC",
"url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/"
}
]
}
} }

118
2018/17xxx/CVE-2018-17067.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17067", "ID": "CVE-2018-17067",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/PAGalaxyLab/VulInfo/tree/master/D-Link/DIR-816/stack_overflow_0", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/PAGalaxyLab/VulInfo/tree/master/D-Link/DIR-816/stack_overflow_0" "lang": "eng",
} "value": "An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/PAGalaxyLab/VulInfo/tree/master/D-Link/DIR-816/stack_overflow_0",
"refsource": "MISC",
"url": "https://github.com/PAGalaxyLab/VulInfo/tree/master/D-Link/DIR-816/stack_overflow_0"
}
]
}
} }

32
2018/17xxx/CVE-2018-17395.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17395", "ID": "CVE-2018-17395",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/17xxx/CVE-2018-17754.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17754", "ID": "CVE-2018-17754",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/17xxx/CVE-2018-17923.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-10-23T00:00:00", "DATE_PUBLIC": "2018-10-23T00:00:00",
"ID" : "CVE-2018-17923", "ID": "CVE-2018-17923",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "SAGA1-L8B", "product_name": "SAGA1-L8B",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All firmware versions prior to A0.10" "version_value": "All firmware versions prior to A0.10"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "GAIN Electronic Co. Ltd" "vendor_name": "GAIN Electronic Co. Ltd"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "IMPROPER AUTHENTICATION CWE-287"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02" "lang": "eng",
}, "value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it."
{ }
"name" : "105729", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105729" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "IMPROPER AUTHENTICATION CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
},
{
"name": "105729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105729"
}
]
}
} }