admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:07:36 +00:00
parent 068a3da734
commit 4976a27b84
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
60 changed files with 4268 additions and 4268 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
2004/0xxx/CVE-2004-0622.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0622",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0622",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login (aka Loginwindow.app), Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive information by reading memory."
"lang": "eng",
"value": "Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login (aka Loginwindow.app), Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive information by reading memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20040625 Mac OS X stores login/Keychain/FileVault passwords on disk",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108819559925981&w=2"
"name": "20040625 Mac OS X stores login/Keychain/FileVault passwords on disk",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108819559925981&w=2"
},
{
"name" : "20080228 Loginwindow.app and Mac OS X",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/488930/100/100/threaded"
"name": "20080228 Loginwindow.app and Mac OS X",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488930/100/100/threaded"
},
{
"name" : "20080229 Re: Loginwindow.app and Mac OS X",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/488948/100/100/threaded"
"name": "macos-memory-view-passwords(16557)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16557"
},
{
"name" : "http://citp.princeton.edu/pub/coldboot.pdf",
"refsource" : "MISC",
"url" : "http://citp.princeton.edu/pub/coldboot.pdf"
"name": "20080229 Re: Loginwindow.app and Mac OS X",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488948/100/100/threaded"
},
{
"name" : "macos-memory-view-passwords(16557)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16557"
"name": "http://citp.princeton.edu/pub/coldboot.pdf",
"refsource": "MISC",
"url": "http://citp.princeton.edu/pub/coldboot.pdf"
}
]
}

80
2004/0xxx/CVE-2004-0936.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0936",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0936",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system."
"lang": "eng",
"value": "RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20041018 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true"
"name": "antivirus-zip-protection-bypass(17761)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17761"
},
{
"name" : "VU#968818",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/968818"
"name": "VU#968818",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/968818"
},
{
"name" : "11448",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11448"
"name": "11448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11448"
},
{
"name" : "antivirus-zip-protection-bypass(17761)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17761"
"name": "20041018 Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=153&type=vulnerabilities&flashstatus=true"
}
]
}

62
2004/0xxx/CVE-2004-0984.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0984",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0984",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges."
"lang": "eng",
"value": "Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://packages.debian.org/changelogs/pool/main/m/mailutils/mailutils_0.6-2/changelog",
"refsource" : "CONFIRM",
"url" : "http://packages.debian.org/changelogs/pool/main/m/mailutils/mailutils_0.6-2/changelog"
"name": "http://packages.debian.org/changelogs/pool/main/m/mailutils/mailutils_0.6-2/changelog",
"refsource": "CONFIRM",
"url": "http://packages.debian.org/changelogs/pool/main/m/mailutils/mailutils_0.6-2/changelog"
}
]
}

22
2004/0xxx/CVE-2004-0995.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0995",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2004-0995",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none."
}
]
}

86
2004/1xxx/CVE-2004-1085.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1085",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1085",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows local users to exit applications via the force-quit key combination, even when the system is running in kiosk mode."
"lang": "eng",
"value": "Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows local users to exit applications via the force-quit key combination, even when the system is running in kiosk mode."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "APPLE-SA-2004-12-02",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html"
"name": "11802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11802"
},
{
"name" : "P-049",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/p-049.shtml"
"name": "13362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13362/"
},
{
"name" : "11802",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11802"
"name": "APPLE-SA-2004-12-02",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html"
},
{
"name" : "13362",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13362/"
"name": "macos-hitoolbox-kiosk-dos(18352)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18352"
},
{
"name" : "macos-hitoolbox-kiosk-dos(18352)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18352"
"name": "P-049",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-049.shtml"
}
]
}

80
2004/1xxx/CVE-2004-1575.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1575",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1575",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document."
"lang": "eng",
"value": "The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20041002 Security advisory - Xerces-C++ 2.5.0: Attribute blowup",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109674050017645&w=2"
"name": "20041002 Security advisory - Xerces-C++ 2.5.0: Attribute blowup",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109674050017645&w=2"
},
{
"name" : "11312",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11312"
"name": "12715",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12715"
},
{
"name" : "12715",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12715"
"name": "xercescplusplus-xml-parser-dos(17575)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17575"
},
{
"name" : "xercescplusplus-xml-parser-dos(17575)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17575"
"name": "11312",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11312"
}
]
}

98
2004/1xxx/CVE-2004-1721.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1721",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1721",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The (1) function.php or (2) function.view.php scripts in Merak Mail Server 5.2.7 allow remote attackers to read arbitrary PHP files via a direct HTTP request to port 32000."
"lang": "eng",
"value": "The (1) function.php or (2) function.view.php scripts in Merak Mail Server 5.2.7 allow remote attackers to read arbitrary PHP files via a direct HTTP request to port 32000."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20040817 Vulnerabilities in Merak Webmail Server",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109279057326044&w=2"
"name": "http://packetstormsecurity.nl/0408-exploits/merak527.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.nl/0408-exploits/merak527.txt"
},
{
"name" : "http://packetstormsecurity.nl/0408-exploits/merak527.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.nl/0408-exploits/merak527.txt"
"name": "9045",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9045"
},
{
"name" : "10966",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10966"
"name": "10966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10966"
},
{
"name" : "9045",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/9045"
"name": "1010969",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010969"
},
{
"name" : "1010969",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1010969"
"name": "20040817 Vulnerabilities in Merak Webmail Server",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109279057326044&w=2"
},
{
"name" : "12269",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12269"
"name": "merak-view-php-files(17029)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17029"
},
{
"name" : "merak-view-php-files(17029)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17029"
"name": "12269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12269"
}
]
}

110
2004/1xxx/CVE-2004-1811.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1811",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1811",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The SSL HTTP Server in HP Web-enabled Management Software 5.0 through 5.92, with anonymous access enabled, allows remote attackers to compromise the trusted certificates by uploading their own certificates."
"lang": "eng",
"value": "The SSL HTTP Server in HP Web-enabled Management Software 5.0 through 5.92, with anonymous access enabled, allows remote attackers to compromise the trusted certificates by uploading their own certificates."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20040314 Multiple Immunity Advisories",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107936784030214&w=2"
"name": "20040314 Multiple Immunity Advisories",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107936784030214&w=2"
},
{
"name" : "http://www.immunitysec.com/downloads/hp_http.sxw.pdf",
"refsource" : "MISC",
"url" : "http://www.immunitysec.com/downloads/hp_http.sxw.pdf"
"name": "9859",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9859"
},
{
"name" : "20040315 Immunity Advisory: Compaq Web Management vulnerability",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0057.html"
"name": "hp-http-certificate-upload(15466)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15466"
},
{
"name" : "SSRT4679",
"refsource" : "COMPAQ",
"url" : "http://www.securityfocus.com/advisories/6448"
"name": "11126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11126"
},
{
"name" : "HPSBMA01003",
"refsource" : "HP",
"url" : "http://www.tru64.org/stories.php?story=04/03/12/0204078"
"name": "SSRT4679",
"refsource": "COMPAQ",
"url": "http://www.securityfocus.com/advisories/6448"
},
{
"name" : "O-100",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/o-100.shtml"
"name": "http://www.immunitysec.com/downloads/hp_http.sxw.pdf",
"refsource": "MISC",
"url": "http://www.immunitysec.com/downloads/hp_http.sxw.pdf"
},
{
"name" : "9859",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9859"
"name": "HPSBMA01003",
"refsource": "HP",
"url": "http://www.tru64.org/stories.php?story=04/03/12/0204078"
},
{
"name" : "11126",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11126"
"name": "20040315 Immunity Advisory: Compaq Web Management vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0057.html"
},
{
"name" : "hp-http-certificate-upload(15466)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15466"
"name": "O-100",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-100.shtml"
}
]
}

98
2004/1xxx/CVE-2004-1838.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1838",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1838",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in xweb 1.0 allows remote attackers to download arbitrary files via a .. (dot dot) in the URL."
"lang": "eng",
"value": "Directory traversal vulnerability in xweb 1.0 allows remote attackers to download arbitrary files via a .. (dot dot) in the URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20040322 directory traversal in xweb 1.0",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107997946623770&w=2"
"name": "20040322 directory traversal in xweb 1.0",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107997946623770&w=2"
},
{
"name" : "http://www.autistici.org/fdonato/advisory/xweb1.0-adv.txt",
"refsource" : "MISC",
"url" : "http://www.autistici.org/fdonato/advisory/xweb1.0-adv.txt"
"name": "http://www.autistici.org/fdonato/advisory/xweb1.0-adv.txt",
"refsource": "MISC",
"url": "http://www.autistici.org/fdonato/advisory/xweb1.0-adv.txt"
},
{
"name" : "9937",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9937"
"name": "4460",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4460"
},
{
"name" : "4460",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4460"
"name": "11186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11186"
},
{
"name" : "1009514",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1009514"
"name": "9937",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9937"
},
{
"name" : "11186",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11186"
"name": "1009514",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009514"
},
{
"name" : "xweb-dotdot-directory-traversal(15567)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15567"
"name": "xweb-dotdot-directory-traversal(15567)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15567"
}
]
}

110
2004/2xxx/CVE-2004-2042.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2042",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2042",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php."
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108588043007224&w=2"
"name": "6532",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6532"
},
{
"name" : "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=108586723116427&w=2"
"name": "6531",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6531"
},
{
"name" : "http://www.waraxe.us/index.php?modname=sa&id=31",
"refsource" : "MISC",
"url" : "http://www.waraxe.us/index.php?modname=sa&id=31"
"name": "http://www.waraxe.us/index.php?modname=sa&id=31",
"refsource": "MISC",
"url": "http://www.waraxe.us/index.php?modname=sa&id=31"
},
{
"name" : "10436",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10436"
"name": "10436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10436"
},
{
"name" : "6531",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/6531"
"name": "e107-content-news-sql-injection(16283)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16283"
},
{
"name" : "6532",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/6532"
"name": "11740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11740"
},
{
"name" : "6533",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/6533"
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108588043007224&w=2"
},
{
"name" : "11740",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11740"
"name": "20040529 [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615]",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=108586723116427&w=2"
},
{
"name" : "e107-content-news-sql-injection(16283)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16283"
"name": "6533",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6533"
}
]
}

86
2004/2xxx/CVE-2004-2409.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2409",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2409",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 through 2.0.1, when running in update mode (\"-t update\"), might allow attackers to execute arbitrary code."
"lang": "eng",
"value": "Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 through 2.0.1, when running in update mode (\"-t update\"), might allow attackers to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "11635",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11635"
"name": "1012142",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012142"
},
{
"name" : "11525",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/11525"
"name": "samhain-update-bo(18000)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18000"
},
{
"name" : "1012142",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1012142"
"name": "13130",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13130"
},
{
"name" : "13130",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13130"
"name": "11635",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11635"
},
{
"name" : "samhain-update-bo(18000)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18000"
"name": "11525",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11525"
}
]
}

80
2004/2xxx/CVE-2004-2578.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2578",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2578",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords."
"lang": "eng",
"value": "phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://web.archive.org/web/20040920024328/http://www.phpgroupware.org/",
"refsource" : "CONFIRM",
"url" : "http://web.archive.org/web/20040920024328/http://www.phpgroupware.org/"
"name": "10895",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10895"
},
{
"name" : "10895",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10895"
"name": "8354",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8354"
},
{
"name" : "8354",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/8354"
"name": "http://web.archive.org/web/20040920024328/http://www.phpgroupware.org/",
"refsource": "CONFIRM",
"url": "http://web.archive.org/web/20040920024328/http://www.phpgroupware.org/"
},
{
"name" : "phpgroupware-plaintext-password(16970)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16970"
"name": "phpgroupware-plaintext-password(16970)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16970"
}
]
}

68
2004/2xxx/CVE-2004-2681.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2681",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2681",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely long time, which might make it easier for remote attackers to hijack a session."
"lang": "eng",
"value": "PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely long time, which might make it easier for remote attackers to hijack a session."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.matrixssl.org/archives/000076.html",
"refsource" : "CONFIRM",
"url" : "http://www.matrixssl.org/archives/000076.html"
"name": "matrixssl-sessionkey-session-hijacking(40483)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40483"
},
{
"name" : "matrixssl-sessionkey-session-hijacking(40483)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40483"
"name": "http://www.matrixssl.org/archives/000076.html",
"refsource": "CONFIRM",
"url": "http://www.matrixssl.org/archives/000076.html"
}
]
}

86
2008/2xxx/CVE-2008-2180.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2180",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2180",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in cpLinks 1.03, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) admin_username parameter (aka the username field) to admin/index.php and the (2) search_text and (3) search_category parameters to search.php. NOTE: some of these details are obtained from third party information."
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in cpLinks 1.03, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) admin_username parameter (aka the username field) to admin/index.php and the (2) search_text and (3) search_category parameters to search.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "5538",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5538"
"name": "cplinks-index-search-sql-injection(42170)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42170"
},
{
"name" : "29035",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29035"
"name": "5538",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5538"
},
{
"name" : "ADV-2008-1431",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1431/references"
"name": "30024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30024"
},
{
"name" : "30024",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30024"
"name": "29035",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29035"
},
{
"name" : "cplinks-index-search-sql-injection(42170)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42170"
"name": "ADV-2008-1431",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1431/references"
}
]
}

80
2008/2xxx/CVE-2008-2531.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2531",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2531",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the search script in Build A Niche Store (BANS) 3.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the search script in Build A Niche Store (BANS) 3.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://holisticinfosec.org/content/view/64/45/",
"refsource" : "MISC",
"url" : "http://holisticinfosec.org/content/view/64/45/"
"name": "bans-search-xss(42373)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42373"
},
{
"name" : "29187",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29187"
"name": "http://holisticinfosec.org/content/view/64/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/64/45/"
},
{
"name" : "30153",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30153"
"name": "30153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30153"
},
{
"name" : "bans-search-xss(42373)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42373"
"name": "29187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29187"
}
]
}

80
2008/2xxx/CVE-2008-2693.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2693",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2693",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the BITIFF.BITiffCtrl.1 ActiveX control in BITiff.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via a long first argument to the SetByteOrder method."
"lang": "eng",
"value": "Stack-based buffer overflow in the BITIFF.BITiffCtrl.1 ActiveX control in BITiff.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via a long first argument to the SetByteOrder method."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "5746",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5746"
"name": "30548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30548"
},
{
"name" : "5747",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5747"
"name": "5747",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5747"
},
{
"name" : "30548",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30548"
"name": "5746",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5746"
},
{
"name" : "barcode-bitiff-bo(42897)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42897"
"name": "barcode-bitiff-bo(42897)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42897"
}
]
}

116
2008/2xxx/CVE-2008-2717.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2717",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2717",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions."
"lang": "eng",
"value": "TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/493270/100/0/threaded"
"name": "29657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29657"
},
{
"name" : "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/",
"refsource" : "CONFIRM",
"url" : "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"
"name": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/",
"refsource": "CONFIRM",
"url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"
},
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
"name": "30619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30619"
},
{
"name" : "DSA-1596",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1596"
"name": "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"
},
{
"name" : "29657",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29657"
"name": "typo3-filename-file-upload(42988)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"
},
{
"name" : "ADV-2008-1802",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1802"
"name": "DSA-1596",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1596"
},
{
"name" : "30619",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30619"
"name": "ADV-2008-1802",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1802"
},
{
"name" : "30660",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30660"
"name": "30660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30660"
},
{
"name" : "3945",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3945"
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
},
{
"name" : "typo3-filename-file-upload(42988)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"
"name": "3945",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3945"
}
]
}

314
2008/2xxx/CVE-2008-2725.json
View File

@ -1,271 +1,271 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2725",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-2725",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the \"REALLOC_N\" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change."
"lang": "eng",
"value": "Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the \"REALLOC_N\" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080626 rPSA-2008-0206-1 ruby",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/493688/100/0/threaded"
"name": "SUSE-SR:2008:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name" : "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/",
"refsource" : "MISC",
"url" : "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/"
"name": "http://support.apple.com/kb/HT2163",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT2163"
},
{
"name" : "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities",
"refsource" : "MISC",
"url" : "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities"
"name": "31090",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31090"
},
{
"name" : "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/",
"refsource" : "MISC",
"url" : "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/"
"name": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities",
"refsource": "MISC",
"url": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2727",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2727"
"name": "MDVSA-2008:141",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141"
},
{
"name" : "http://www.ruby-forum.com/topic/157034",
"refsource" : "MISC",
"url" : "http://www.ruby-forum.com/topic/157034"
"name": "30875",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30875"
},
{
"name" : "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html",
"refsource" : "MISC",
"url" : "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html"
"name": "ADV-2008-1981",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1981/references"
},
{
"name" : "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html",
"refsource" : "MISC",
"url" : "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html"
"name": "ADV-2008-1907",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1907/references"
},
{
"name" : "[fedora-security-commits] 20080620 fedora-security/audit f10, 1.7, 1.8 f8, 1.225, 1.226 f9, 1.215, 1.216",
"refsource" : "MLIST",
"url" : "http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html"
"name": "oval:org.mitre.oval:def:9606",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9606"
},
{
"name" : "http://support.apple.com/kb/HT2163",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT2163"
"name": "DSA-1618",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1618"
},
{
"name" : "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/",
"refsource" : "CONFIRM",
"url" : "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2727",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2727"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657"
"name": "31687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31687"
},
{
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206"
"name": "30894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30894"
},
{
"name" : "https://issues.rpath.com/browse/RPL-2626",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-2626"
"name": "ruby-rbarysplice-code-execution(43350)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43350"
},
{
"name" : "APPLE-SA-2008-06-30",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
"name": "31062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31062"
},
{
"name" : "DSA-1612",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1612"
"name": "31256",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31256"
},
{
"name" : "DSA-1618",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1618"
"name": "20080626 rPSA-2008-0206-1 ruby",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493688/100/0/threaded"
},
{
"name" : "FEDORA-2008-5649",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html"
"name": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/",
"refsource": "MISC",
"url": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/"
},
{
"name" : "GLSA-200812-17",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200812-17.xml"
"name": "SSA:2008-179-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562"
},
{
"name" : "MDVSA-2008:140",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140"
"name": "APPLE-SA-2008-06-30",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
},
{
"name" : "MDVSA-2008:141",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141"
"name": "1020347",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020347"
},
{
"name" : "MDVSA-2008:142",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142"
"name": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html",
"refsource": "MISC",
"url": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html"
},
{
"name" : "RHSA-2008:0561",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0561.html"
"name": "[fedora-security-commits] 20080620 fedora-security/audit f10, 1.7, 1.8 f8, 1.225, 1.226 f9, 1.215, 1.216",
"refsource": "MLIST",
"url": "http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html"
},
{
"name" : "SSA:2008-179-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562"
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206"
},
{
"name" : "SUSE-SR:2008:017",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
"name": "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657"
},
{
"name" : "USN-621-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-621-1"
"name": "FEDORA-2008-5649",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html"
},
{
"name" : "29903",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29903"
"name": "MDVSA-2008:140",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140"
},
{
"name" : "oval:org.mitre.oval:def:9606",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9606"
"name": "30802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30802"
},
{
"name" : "ADV-2008-1907",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1907/references"
"name": "30831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30831"
},
{
"name" : "ADV-2008-1981",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1981/references"
"name": "RHSA-2008:0561",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html"
},
{
"name" : "1020347",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020347"
"name": "https://issues.rpath.com/browse/RPL-2626",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2626"
},
{
"name" : "30831",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30831"
"name": "DSA-1612",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1612"
},
{
"name" : "30802",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30802"
"name": "GLSA-200812-17",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
},
{
"name" : "31062",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31062"
"name": "33178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33178"
},
{
"name" : "31090",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31090"
"name": "29903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29903"
},
{
"name" : "31181",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31181"
"name": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html",
"refsource": "MISC",
"url": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html"
},
{
"name" : "31256",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31256"
"name": "30867",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30867"
},
{
"name" : "31687",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31687"
"name": "MDVSA-2008:142",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142"
},
{
"name" : "30867",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30867"
"name": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/",
"refsource": "CONFIRM",
"url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"
},
{
"name" : "30875",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30875"
"name": "http://www.ruby-forum.com/topic/157034",
"refsource": "MISC",
"url": "http://www.ruby-forum.com/topic/157034"
},
{
"name" : "30894",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30894"
"name": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/",
"refsource": "MISC",
"url": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/"
},
{
"name" : "33178",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33178"
"name": "USN-621-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-621-1"
},
{
"name" : "ruby-rbarysplice-code-execution(43350)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43350"
"name": "31181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31181"
}
]
}

104
2008/3xxx/CVE-2008-3552.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3552",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3552",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP1, and possibly later devices, allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka \"ISSUES 11-15.\" NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a company led by a well-known researcher, it is being assigned a CVE identifier for tracking purposes."
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP1, and possibly later devices, allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka \"ISSUES 11-15.\" NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a company led by a well-known researcher, it is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080807 [SE-2008-01] J2ME Security Vulnerabilities 2008",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/495224/100/0/threaded"
"name": "http://www.security-explorations.com/n2vendors.htm",
"refsource": "MISC",
"url": "http://www.security-explorations.com/n2vendors.htm"
},
{
"name" : "http://www.security-explorations.com/n2press.htm",
"refsource" : "MISC",
"url" : "http://www.security-explorations.com/n2press.htm"
"name": "20080807 [SE-2008-01] J2ME Security Vulnerabilities 2008",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495224/100/0/threaded"
},
{
"name" : "http://www.security-explorations.com/n2srp.htm",
"refsource" : "MISC",
"url" : "http://www.security-explorations.com/n2srp.htm"
"name": "http://www.security-explorations.com/n2srp.htm",
"refsource": "MISC",
"url": "http://www.security-explorations.com/n2srp.htm"
},
{
"name" : "http://www.security-explorations.com/n2vendors.htm",
"refsource" : "MISC",
"url" : "http://www.security-explorations.com/n2vendors.htm"
"name": "30592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30592"
},
{
"name" : "http://www.security-explorations.com/report_toc.pdf",
"refsource" : "MISC",
"url" : "http://www.security-explorations.com/report_toc.pdf"
"name": "nokia-unspecified-code-execution(44438)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44438"
},
{
"name" : "30591",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30591"
"name": "30591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30591"
},
{
"name" : "30592",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30592"
"name": "http://www.security-explorations.com/report_toc.pdf",
"refsource": "MISC",
"url": "http://www.security-explorations.com/report_toc.pdf"
},
{
"name" : "nokia-unspecified-code-execution(44438)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44438"
"name": "http://www.security-explorations.com/n2press.htm",
"refsource": "MISC",
"url": "http://www.security-explorations.com/n2press.htm"
}
]
}

92
2008/3xxx/CVE-2008-3606.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3606",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3606",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third party information."
"lang": "eng",
"value": "Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080808 [AJECT] WinGate Email Server (IMAP) vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/495264/100/0/threaded"
"name": "30606",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30606"
},
{
"name" : "30606",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30606"
"name": "1020644",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020644"
},
{
"name" : "1020644",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020644"
"name": "31442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31442"
},
{
"name" : "31442",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31442"
"name": "4146",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4146"
},
{
"name" : "4146",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4146"
"name": "20080808 [AJECT] WinGate Email Server (IMAP) vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495264/100/0/threaded"
},
{
"name" : "wingate-imapserver-bo(44370)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44370"
"name": "wingate-imapserver-bo(44370)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44370"
}
]
}

74
2008/3xxx/CVE-2008-3945.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3945",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3945",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action."
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "6336",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6336"
"name": "31653",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31653"
},
{
"name" : "31653",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31653"
"name": "6336",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6336"
},
{
"name" : "4225",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4225"
"name": "4225",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4225"
}
]
}

68
2008/6xxx/CVE-2008-6125.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6125",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6125",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors."
"lang": "eng",
"value": "Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://moodle.org/mod/forum/discuss.php?d=87971",
"refsource" : "CONFIRM",
"url" : "http://moodle.org/mod/forum/discuss.php?d=87971"
"name": "http://moodle.org/mod/forum/discuss.php?d=87971",
"refsource": "CONFIRM",
"url": "http://moodle.org/mod/forum/discuss.php?d=87971"
},
{
"name" : "DSA-1691",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1691"
"name": "DSA-1691",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1691"
}
]
}

74
2008/6xxx/CVE-2008-6266.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6266",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6266",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in links.php in Appalachian State University phpWebSite allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action."
"lang": "eng",
"value": "SQL injection vulnerability in links.php in Appalachian State University phpWebSite allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20081031 phpWebSite links.php Sql Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/497960/100/0/threaded"
"name": "32011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32011"
},
{
"name" : "32011",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32011"
"name": "phpwebsite-links-sql-injection(46298)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46298"
},
{
"name" : "phpwebsite-links-sql-injection(46298)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46298"
"name": "20081031 phpWebSite links.php Sql Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497960/100/0/threaded"
}
]
}

104
2008/6xxx/CVE-2008-6569.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6569",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6569",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page."
"lang": "eng",
"value": "Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.lac.co.jp/info/advisory/98.html",
"refsource" : "MISC",
"url" : "http://www.lac.co.jp/info/advisory/98.html"
"name": "JVNDB-2008-000034",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000034.html"
},
{
"name" : "http://cybozu.co.jp/products/dl/notice/detail/0021.html",
"refsource" : "CONFIRM",
"url" : "http://cybozu.co.jp/products/dl/notice/detail/0021.html"
"name": "29981",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29981"
},
{
"name" : "JVN#18700809",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN18700809/index.html"
"name": "http://www.lac.co.jp/info/advisory/98.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/info/advisory/98.html"
},
{
"name" : "JVNDB-2008-000034",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000034.html"
"name": "garoon-unspecified-session-hijacking(43427)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43427"
},
{
"name" : "29981",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29981"
"name": "http://cybozu.co.jp/products/dl/notice/detail/0021.html",
"refsource": "CONFIRM",
"url": "http://cybozu.co.jp/products/dl/notice/detail/0021.html"
},
{
"name" : "46564",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/46564"
"name": "JVN#18700809",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN18700809/index.html"
},
{
"name" : "30871",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30871"
"name": "30871",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30871"
},
{
"name" : "garoon-unspecified-session-hijacking(43427)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43427"
"name": "46564",
"refsource": "OSVDB",
"url": "http://osvdb.org/46564"
}
]
}

74
2008/6xxx/CVE-2008-6595.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6595",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6595",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the pmk_rssnewsexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
"lang": "eng",
"value": "SQL injection vulnerability in the pmk_rssnewsexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080416-2/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080416-2/"
"name": "45093",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/45093"
},
{
"name" : "45093",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/45093"
"name": "pmkrssnewsexport-unspecified-sql-injection(49830)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49830"
},
{
"name" : "pmkrssnewsexport-unspecified-sql-injection(49830)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49830"
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080416-2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080416-2/"
}
]
}

80
2012/5xxx/CVE-2012-5316.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5316",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5316",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam & Virus Firewall 600 Firmware 4.0.1.009 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) Troubleshooting in the Trace route Device module or (2) LDAP Username in the LDAP Configuration module."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam & Virus Firewall 600 Firmware 4.0.1.009 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) Troubleshooting in the Trace route Device module or (2) LDAP Username in the LDAP Configuration module."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20120120 [Suspected Spam] Barracuda Spam/Virus WAF 600 - Multiple Web Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0130.html"
"name": "51599",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51599"
},
{
"name" : "http://www.vulnerability-lab.com/get_content.php?id=28",
"refsource" : "MISC",
"url" : "http://www.vulnerability-lab.com/get_content.php?id=28"
"name": "barracudaspam-multiple-xss(72579)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72579"
},
{
"name" : "51599",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51599"
"name": "20120120 [Suspected Spam] Barracuda Spam/Virus WAF 600 - Multiple Web Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0130.html"
},
{
"name" : "barracudaspam-multiple-xss(72579)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72579"
"name": "http://www.vulnerability-lab.com/get_content.php?id=28",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=28"
}
]
}

80
2012/5xxx/CVE-2012-5458.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5458",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5458",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application."
"lang": "eng",
"value": "VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2012-0015.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2012-0015.html"
"name": "workstation-player-priv-esc(79924)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79924"
},
{
"name" : "56469",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56469"
"name": "87118",
"refsource": "OSVDB",
"url": "http://osvdb.org/87118"
},
{
"name" : "87118",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/87118"
"name": "56469",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56469"
},
{
"name" : "workstation-player-priv-esc(79924)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79924"
"name": "http://www.vmware.com/security/advisories/VMSA-2012-0015.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0015.html"
}
]
}

22
2012/5xxx/CVE-2012-5464.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5464",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5464",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

92
2013/2xxx/CVE-2013-2347.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2347",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-2347",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885."
"lang": "eng",
"value": "The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "32164",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/32164"
"name": "32164",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32164"
},
{
"name" : "http://ddilabs.blogspot.com/2014/02/fun-with-hp-data-protector-execbar.html",
"refsource" : "MISC",
"url" : "http://ddilabs.blogspot.com/2014/02/fun-with-hp-data-protector-execbar.html"
"name": "http://ddilabs.blogspot.com/2014/02/fun-with-hp-data-protector-execbar.html",
"refsource": "MISC",
"url": "http://ddilabs.blogspot.com/2014/02/fun-with-hp-data-protector-execbar.html"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-14-008/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-14-008/"
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-008/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-008/"
},
{
"name" : "HPSBMU02895",
"refsource" : "HP",
"url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422"
"name": "HPSBMU02895",
"refsource": "HP",
"url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422"
},
{
"name" : "SSRT101220",
"refsource" : "HP",
"url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422"
"name": "SSRT101220",
"refsource": "HP",
"url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422"
},
{
"name" : "SSRT101253",
"refsource" : "HP",
"url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422"
"name": "SSRT101253",
"refsource": "HP",
"url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03822422"
}
]
}

92
2017/11xxx/CVE-2017-11122.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11122",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11122",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading."
"lang": "eng",
"value": "On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://packetstormsecurity.com/files/144461/Broadcom-ICMPv6-Information-Leak.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/144461/Broadcom-ICMPv6-Information-Leak.html"
"name": "http://packetstormsecurity.com/files/144461/Broadcom-ICMPv6-Information-Leak.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/144461/Broadcom-ICMPv6-Information-Leak.html"
},
{
"name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1300",
"refsource" : "MISC",
"url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1300"
"name": "https://support.apple.com/en-us/HT208113",
"refsource": "CONFIRM",
"url": "https://support.apple.com/en-us/HT208113"
},
{
"name" : "https://support.apple.com/en-us/HT208112",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/en-us/HT208112"
"name": "https://support.apple.com/en-us/HT208112",
"refsource": "CONFIRM",
"url": "https://support.apple.com/en-us/HT208112"
},
{
"name" : "https://support.apple.com/en-us/HT208113",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/en-us/HT208113"
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1300",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1300"
},
{
"name" : "https://support.apple.com/HT208112",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208112"
"name": "https://support.apple.com/HT208113",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208113"
},
{
"name" : "https://support.apple.com/HT208113",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208113"
"name": "https://support.apple.com/HT208112",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208112"
}
]
}

82
2017/11xxx/CVE-2017-11241.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00",
"ID" : "CVE-2017-11241",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-11241",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Acrobat Reader",
"version" : {
"version_data" : [
"product_name": "Acrobat Reader",
"version": {
"version_data": [
{
"version_value" : "2017.009.20058 and earlier"
"version_value": "2017.009.20058 and earlier"
},
{
"version_value" : "2017.008.30051 and earlier"
"version_value": "2017.008.30051 and earlier"
},
{
"version_value" : "2015.006.30306 and earlier"
"version_value": "2015.006.30306 and earlier"
},
{
"version_value" : "11.0.20 and earlier"
"version_value": "11.0.20 and earlier"
}
]
}
}
]
},
"vendor_name" : "Adobe Systems Incorporated"
"vendor_name": "Adobe Systems Incorporated"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to polygons. Successful exploitation could lead to arbitrary code execution."
"lang": "eng",
"value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to polygons. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Heap Overflow"
"lang": "eng",
"value": "Heap Overflow"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
"name": "100180",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100180"
},
{
"name" : "100180",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100180"
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
},
{
"name" : "1039098",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039098"
"name": "1039098",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039098"
}
]
}

82
2017/11xxx/CVE-2017-11248.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00",
"ID" : "CVE-2017-11248",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-11248",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Acrobat Reader",
"version" : {
"version_data" : [
"product_name": "Acrobat Reader",
"version": {
"version_data": [
{
"version_value" : "2017.009.20058 and earlier"
"version_value": "2017.009.20058 and earlier"
},
{
"version_value" : "2017.008.30051 and earlier"
"version_value": "2017.008.30051 and earlier"
},
{
"version_value" : "2015.006.30306 and earlier"
"version_value": "2015.006.30306 and earlier"
},
{
"version_value" : "11.0.20 and earlier"
"version_value": "11.0.20 and earlier"
}
]
}
}
]
},
"vendor_name" : "Adobe Systems Incorporated"
"vendor_name": "Adobe Systems Incorporated"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to pixel block transfer. Successful exploitation could lead to arbitrary code execution."
"lang": "eng",
"value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to pixel block transfer. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Memory Corruption"
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
"name": "100184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100184"
},
{
"name" : "100184",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100184"
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
},
{
"name" : "1039098",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039098"
"name": "1039098",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039098"
}
]
}

22
2017/11xxx/CVE-2017-11490.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11490",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-11490",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}

82
2017/11xxx/CVE-2017-11809.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-10-10T00:00:00",
"ID" : "CVE-2017-11809",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-10-10T00:00:00",
"ID": "CVE-2017-11809",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "ChakraCore, Microsoft Edge",
"version" : {
"version_data" : [
"product_name": "ChakraCore, Microsoft Edge",
"version": {
"version_data": [
{
"version_value" : "ChakraCore, Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016."
"version_value": "ChakraCore, Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821."
"lang": "eng",
"value": "ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Remote Code Execution"
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "42999",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42999/"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11809",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11809"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11809",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11809"
"name": "101137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101137"
},
{
"name" : "101137",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101137"
"name": "42999",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42999/"
},
{
"name" : "1039532",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039532"
"name": "1039532",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039532"
}
]
}

86
2017/14xxx/CVE-2017-14032.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14032",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14032",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected."
"lang": "eng",
"value": "ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugs.debian.org/873557",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/873557"
"name": "DSA-3967",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3967"
},
{
"name" : "https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32",
"refsource" : "CONFIRM",
"url" : "https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32"
"name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02",
"refsource": "CONFIRM",
"url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02"
},
{
"name" : "https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc",
"refsource" : "CONFIRM",
"url" : "https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc"
"name": "https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32",
"refsource": "CONFIRM",
"url": "https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32"
},
{
"name" : "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02",
"refsource" : "CONFIRM",
"url" : "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02"
"name": "https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc",
"refsource": "CONFIRM",
"url": "https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc"
},
{
"name" : "DSA-3967",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3967"
"name": "https://bugs.debian.org/873557",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/873557"
}
]
}

188
2017/14xxx/CVE-2017-14496.json
View File

@ -1,166 +1,166 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14496",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14496",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request."
"lang": "eng",
"value": "Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "42946",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42946/"
"name": "1039474",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039474"
},
{
"name" : "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.",
"refsource" : "MLIST",
"url" : "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html"
"name": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq"
},
{
"name" : "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.",
"refsource" : "MLIST",
"url" : "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html"
"name": "DSA-3989",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3989"
},
{
"name" : "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html",
"refsource" : "MISC",
"url" : "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
"name": "https://access.redhat.com/security/vulnerabilities/3199382",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"name" : "http://thekelleys.org.uk/dnsmasq/CHANGELOG",
"refsource" : "CONFIRM",
"url" : "http://thekelleys.org.uk/dnsmasq/CHANGELOG"
"name": "101085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101085"
},
{
"name" : "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=897c113fda0886a28a986cc6ba17bb93bd6cb1c7",
"refsource" : "CONFIRM",
"url" : "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=897c113fda0886a28a986cc6ba17bb93bd6cb1c7"
"name": "USN-3430-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3430-1"
},
{
"name" : "https://source.android.com/security/bulletin/2017-10-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-10-01"
"name": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=897c113fda0886a28a986cc6ba17bb93bd6cb1c7",
"refsource": "CONFIRM",
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=897c113fda0886a28a986cc6ba17bb93bd6cb1c7"
},
{
"name" : "https://access.redhat.com/security/vulnerabilities/3199382",
"refsource" : "CONFIRM",
"url" : "https://access.redhat.com/security/vulnerabilities/3199382"
"name": "101977",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101977"
},
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
"name": "VU#973527",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/973527"
},
{
"name" : "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq",
"refsource" : "CONFIRM",
"url" : "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq"
"name": "GLSA-201710-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-27"
},
{
"name" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt",
"refsource" : "CONFIRM",
"url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt"
"name": "USN-3430-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3430-2"
},
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf"
"name": "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.",
"refsource": "MLIST",
"url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html"
},
{
"name" : "DSA-3989",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3989"
"name": "https://source.android.com/security/bulletin/2017-10-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-10-01"
},
{
"name" : "GLSA-201710-27",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-27"
"name": "42946",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42946/"
},
{
"name" : "RHSA-2017:2836",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2836"
"name": "RHSA-2017:2836",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2836"
},
{
"name" : "openSUSE-SU-2017:2633",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"name" : "USN-3430-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3430-1"
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt"
},
{
"name" : "USN-3430-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3430-2"
"name": "http://thekelleys.org.uk/dnsmasq/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://thekelleys.org.uk/dnsmasq/CHANGELOG"
},
{
"name" : "VU#973527",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/973527"
"name": "openSUSE-SU-2017:2633",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"name" : "101085",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101085"
"name": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html",
"refsource": "MISC",
"url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
},
{
"name" : "101977",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101977"
"name": "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.",
"refsource": "MLIST",
"url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html"
},
{
"name" : "1039474",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039474"
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf"
}
]
}

68
2017/14xxx/CVE-2017-14828.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2017-14828",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2017-14828",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value" : "8.3.1.21155"
"version_value": "8.3.1.21155"
}
]
}
}
]
},
"vendor_name" : "Foxit"
"vendor_name": "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the w method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5020."
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the w method of XFA Layout objects. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5020."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
"lang": "eng",
"value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-17-872",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-17-872"
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
"name": "https://zerodayinitiative.com/advisories/ZDI-17-872",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-872"
}
]
}

68
2017/15xxx/CVE-2017-15373.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15373",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15373",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area)."
"lang": "eng",
"value": "E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "42979",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42979/"
"name": "https://k33r0k.wordpress.com/2017/10/12/e-sic-sql-injection/",
"refsource": "MISC",
"url": "https://k33r0k.wordpress.com/2017/10/12/e-sic-sql-injection/"
},
{
"name" : "https://k33r0k.wordpress.com/2017/10/12/e-sic-sql-injection/",
"refsource" : "MISC",
"url" : "https://k33r0k.wordpress.com/2017/10/12/e-sic-sql-injection/"
"name": "42979",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42979/"
}
]
}

92
2017/15xxx/CVE-2017-15392.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-15392",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-15392",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Google Chrome prior to 62.0.3202.62",
"version" : {
"version_data" : [
"product_name": "Google Chrome prior to 62.0.3202.62",
"version": {
"version_data": [
{
"version_value" : "Google Chrome prior to 62.0.3202.62"
"version_value": "Google Chrome prior to 62.0.3202.62"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration."
"lang": "eng",
"value": "Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Insufficient data validation"
"lang": "eng",
"value": "Insufficient data validation"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html",
"refsource" : "MISC",
"url" : "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html"
"name": "101482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101482"
},
{
"name" : "https://crbug.com/714401",
"refsource" : "MISC",
"url" : "https://crbug.com/714401"
"name": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4020",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4020"
"name": "https://crbug.com/714401",
"refsource": "MISC",
"url": "https://crbug.com/714401"
},
{
"name" : "GLSA-201710-24",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-24"
"name": "DSA-4020",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4020"
},
{
"name" : "RHSA-2017:2997",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2997"
"name": "RHSA-2017:2997",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2997"
},
{
"name" : "101482",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101482"
"name": "GLSA-201710-24",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-24"
}
]
}

86
2017/15xxx/CVE-2017-15409.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-15409",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-15409",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Google Chrome prior to 63.0.3239.84 unknown",
"version" : {
"version_data" : [
"product_name": "Google Chrome prior to 63.0.3239.84 unknown",
"version": {
"version_data": [
{
"version_value" : "Google Chrome prior to 63.0.3239.84 unknown"
"version_value": "Google Chrome prior to 63.0.3239.84 unknown"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
"lang": "eng",
"value": "Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Heap buffer overflow"
"lang": "eng",
"value": "Heap buffer overflow"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html",
"refsource" : "MISC",
"url" : "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html"
"name": "https://crbug.com/763972",
"refsource": "MISC",
"url": "https://crbug.com/763972"
},
{
"name" : "https://crbug.com/763972",
"refsource" : "MISC",
"url" : "https://crbug.com/763972"
"name": "RHSA-2017:3401",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3401"
},
{
"name" : "DSA-4064",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4064"
"name": "GLSA-201801-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201801-03"
},
{
"name" : "GLSA-201801-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201801-03"
"name": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html"
},
{
"name" : "RHSA-2017:3401",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3401"
"name": "DSA-4064",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4064"
}
]
}

96
2017/15xxx/CVE-2017-15698.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-01-31T00:00:00",
"ID" : "CVE-2017-15698",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-01-31T00:00:00",
"ID": "CVE-2017-15698",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Apache Tomcat Native",
"version" : {
"version_data" : [
"product_name": "Apache Tomcat Native",
"version": {
"version_data": [
{
"version_value" : "1.2.0 to 1.2.14"
"version_value": "1.2.0 to 1.2.14"
},
{
"version_value" : "1.1.23 to 1.1.34"
"version_value": "1.1.23 to 1.1.34"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability."
"lang": "eng",
"value": "When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Access Control Bypass"
"lang": "eng",
"value": "Access Control Bypass"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[announce] 20180131 [SECURITY] CVE-2017-15698 Apache Tomcat Native Connector - OCSP check omitted",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/6eb0a53e5827d97db1a05c736d01101fec21202a5b8fc77bb0eaaed8@%3Cannounce.tomcat.apache.org%3E"
"name": "DSA-4118",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4118"
},
{
"name" : "[debian-lts-announce] 20180211 [SECURITY] [DLA 1276-1] tomcat-native security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00011.html"
"name": "[debian-lts-announce] 20180211 [SECURITY] [DLA 1276-1] tomcat-native security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00011.html"
},
{
"name" : "DSA-4118",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4118"
"name": "RHSA-2018:0465",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0465"
},
{
"name" : "RHSA-2018:0465",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0465"
"name": "1040390",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040390"
},
{
"name" : "RHSA-2018:0466",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0466"
"name": "[announce] 20180131 [SECURITY] CVE-2017-15698 Apache Tomcat Native Connector - OCSP check omitted",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/6eb0a53e5827d97db1a05c736d01101fec21202a5b8fc77bb0eaaed8@%3Cannounce.tomcat.apache.org%3E"
},
{
"name" : "1040390",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040390"
"name": "RHSA-2018:0466",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0466"
}
]
}

74
2017/8xxx/CVE-2017-8080.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8080",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8080",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads."
"lang": "eng",
"value": "Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-24-894234898.html",
"refsource" : "CONFIRM",
"url" : "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-24-894234898.html"
"name": "98262",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98262"
},
{
"name" : "https://jira.atlassian.com/browse/HCPUB-2980",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/HCPUB-2980"
"name": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-24-894234898.html",
"refsource": "CONFIRM",
"url": "https://confluence.atlassian.com/hc/hipchat-server-security-advisory-2017-04-24-894234898.html"
},
{
"name" : "98262",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98262"
"name": "https://jira.atlassian.com/browse/HCPUB-2980",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/HCPUB-2980"
}
]
}

68
2017/8xxx/CVE-2017-8531.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-8531",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8531",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Graphics",
"version" : {
"version_data" : [
"product_name": "Graphics",
"version": {
"version_data": [
{
"version_value" : "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 Service Pack 3, and Microsoft Office 2010 Service Pack 2"
"version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 Service Pack 3, and Microsoft Office 2010 Service Pack 2"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 Service Pack 3, and Microsoft Office 2010 Service Pack 2 allows improper disclosure of memory contents, aka \"Graphics Uniscribe Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8532, and CVE-2017-8533."
"lang": "eng",
"value": "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 Service Pack 3, and Microsoft Office 2010 Service Pack 2 allows improper disclosure of memory contents, aka \"Graphics Uniscribe Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8532, and CVE-2017-8533."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Information Disclosure"
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8531",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8531"
"name": "98819",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98819"
},
{
"name" : "98819",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98819"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8531",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8531"
}
]
}

22
2017/8xxx/CVE-2017-8886.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8886",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8886",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2017/8xxx/CVE-2017-8919.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8919",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8919",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password information via unspecified vectors."
"lang": "eng",
"value": "NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://kb.netapp.com/support/s/article/ka51A0000008Spy/NTAP-20170718-0001",
"refsource" : "CONFIRM",
"url" : "https://kb.netapp.com/support/s/article/ka51A0000008Spy/NTAP-20170718-0001"
"name": "99957",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99957"
},
{
"name" : "99957",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99957"
"name": "https://kb.netapp.com/support/s/article/ka51A0000008Spy/NTAP-20170718-0001",
"refsource": "CONFIRM",
"url": "https://kb.netapp.com/support/s/article/ka51A0000008Spy/NTAP-20170718-0001"
}
]
}

64
2018/12xxx/CVE-2018-12160.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2018-09-11T00:00:00",
"ID" : "CVE-2018-12160",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-09-11T00:00:00",
"ID": "CVE-2018-12160",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Intel(R) Data Migration Software",
"version" : {
"version_data" : [
"product_name": "Intel(R) Data Migration Software",
"version": {
"version_data": [
{
"version_value" : "v3.1 and before."
"version_value": "v3.1 and before."
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access."
"lang": "eng",
"value": "DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Escalation of Privilege"
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html",
"refsource" : "CONFIRM",
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html"
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html"
}
]
}

22
2018/12xxx/CVE-2018-12949.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12949",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12949",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2018/13xxx/CVE-2018-13256.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13256",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13256",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or firstname parameter."
"lang": "eng",
"value": "PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or firstname parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "45125",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45125/"
"name": "45125",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45125/"
},
{
"name" : "https://gkaim.com/cve-2018-13256-vikas-chaudhary/",
"refsource" : "MISC",
"url" : "https://gkaim.com/cve-2018-13256-vikas-chaudhary/"
"name": "https://gkaim.com/cve-2018-13256-vikas-chaudhary/",
"refsource": "MISC",
"url": "https://gkaim.com/cve-2018-13256-vikas-chaudhary/"
}
]
}

68
2018/13xxx/CVE-2018-13440.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13440",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13440",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert."
"lang": "eng",
"value": "The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/mpruett/audiofile/issues/49",
"refsource" : "MISC",
"url" : "https://github.com/mpruett/audiofile/issues/49"
"name": "https://github.com/mpruett/audiofile/issues/49",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/issues/49"
},
{
"name" : "USN-3800-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3800-1/"
"name": "USN-3800-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3800-1/"
}
]
}

68
2018/13xxx/CVE-2018-13716.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13716",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13716",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for sexhdsolo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for sexhdsolo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/sexhdsolo",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/sexhdsolo"
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/sexhdsolo",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/sexhdsolo"
}
]
}

22
2018/13xxx/CVE-2018-13967.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13967",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13967",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

80
2018/16xxx/CVE-2018-16749.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16749",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16749",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file."
"lang": "eng",
"value": "In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20181003 [SECURITY] [DLA 1530-1] imagemagick security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00002.html"
"name": "https://github.com/ImageMagick/ImageMagick6/commit/1007b98f8795ad4bea6bc5f68a32d83e982fdae4",
"refsource": "MISC",
"url": "https://github.com/ImageMagick/ImageMagick6/commit/1007b98f8795ad4bea6bc5f68a32d83e982fdae4"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/1119",
"refsource" : "MISC",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/1119"
"name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1530-1] imagemagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00002.html"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick6/commit/1007b98f8795ad4bea6bc5f68a32d83e982fdae4",
"refsource" : "MISC",
"url" : "https://github.com/ImageMagick/ImageMagick6/commit/1007b98f8795ad4bea6bc5f68a32d83e982fdae4"
"name": "USN-3785-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3785-1/"
},
{
"name" : "USN-3785-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3785-1/"
"name": "https://github.com/ImageMagick/ImageMagick/issues/1119",
"refsource": "MISC",
"url": "https://github.com/ImageMagick/ImageMagick/issues/1119"
}
]
}

22
2018/16xxx/CVE-2018-16810.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16810",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16810",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

118
2018/16xxx/CVE-2018-16842.json
View File

@ -1,111 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2018-16842",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16842",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "curl:",
"version" : {
"version_data" : [
"product_name": "curl:",
"version": {
"version_data": [
{
"version_value" : "from 7.14.1 to 7.61.1"
"version_value": "from 7.14.1 to 7.61.1"
}
]
}
}
]
},
"vendor_name" : "The Curl Project"
"vendor_name": "The Curl Project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service."
"lang": "eng",
"value": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service."
}
]
},
"impact" : {
"cvss" : [
"impact": {
"cvss": [
[
{
"vectorString" : "4.4/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version" : "3.0"
"vectorString": "4.4/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-125"
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html"
"name": "GLSA-201903-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-03"
},
{
"name" : "https://curl.haxx.se/docs/CVE-2018-16842.html",
"refsource" : "MISC",
"url" : "https://curl.haxx.se/docs/CVE-2018-16842.html"
"name": "DSA-4331",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4331"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842"
"name": "[debian-lts-announce] 20181106 [SECURITY] [DLA 1568-1] curl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html"
},
{
"name" : "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211",
"refsource" : "CONFIRM",
"url" : "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211"
"name": "https://curl.haxx.se/docs/CVE-2018-16842.html",
"refsource": "MISC",
"url": "https://curl.haxx.se/docs/CVE-2018-16842.html"
},
{
"name" : "DSA-4331",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4331"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842"
},
{
"name" : "GLSA-201903-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201903-03"
"name": "1042014",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042014"
},
{
"name" : "USN-3805-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3805-1/"
"name": "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211",
"refsource": "CONFIRM",
"url": "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211"
},
{
"name" : "USN-3805-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3805-2/"
"name": "USN-3805-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3805-2/"
},
{
"name" : "1042014",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1042014"
"name": "USN-3805-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3805-1/"
}
]
}

62
2018/16xxx/CVE-2018-16962.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16962",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16962",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges."
"lang": "eng",
"value": "Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://answers.webroot.com/Webroot/ukp.aspx?pid=10&app=vw&vw=1&login=1&json=1&solutionid=2022",
"refsource" : "CONFIRM",
"url" : "http://answers.webroot.com/Webroot/ukp.aspx?pid=10&app=vw&vw=1&login=1&json=1&solutionid=2022"
"name": "http://answers.webroot.com/Webroot/ukp.aspx?pid=10&app=vw&vw=1&login=1&json=1&solutionid=2022",
"refsource": "CONFIRM",
"url": "http://answers.webroot.com/Webroot/ukp.aspx?pid=10&app=vw&vw=1&login=1&json=1&solutionid=2022"
}
]
}

22
2018/4xxx/CVE-2018-4272.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4272",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4272",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/4xxx/CVE-2018-4571.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4571",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4571",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/4xxx/CVE-2018-4621.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4621",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4621",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/4xxx/CVE-2018-4718.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4718",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4718",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

74
2018/4xxx/CVE-2018-4972.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-4972",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-4972",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions",
"version" : {
"version_data" : [
"product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions",
"version": {
"version_data": [
{
"version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions"
"version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Out-of-bounds read"
"lang": "eng",
"value": "Out-of-bounds read"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html",
"refsource" : "MISC",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"
},
{
"name" : "104175",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104175"
"name": "1040920",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040920"
},
{
"name" : "1040920",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040920"
"name": "104175",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104175"
}
]
}