admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:23:18 +00:00
parent 94aefe4864
commit 502dbeb06b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 3780 additions and 3780 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2003/1xxx/CVE-2003-1161.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1161", "ID": "CVE-2003-1161",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4 function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[linux-kernel] 20031105 BK2CVS problem", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.ussg.iu.edu/hypermail/linux/kernel/0311.0/0621.html" "lang": "eng",
}, "value": "exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4 function."
{ }
"name" : "[linux-kernel] 20031105 Re: BK2CVS problem", ]
"refsource" : "MLIST", },
"url" : "http://www.ussg.iu.edu/hypermail/linux/kernel/0311.0/0627.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[linux-kernel] 20031105 Re: BK2CVS problem", "description": [
"refsource" : "MLIST", {
"url" : "http://www.ussg.iu.edu/hypermail/linux/kernel/0311.0/0630.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "8987", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/8987" ]
} },
] "references": {
} "reference_data": [
} {
"name": "[linux-kernel] 20031105 BK2CVS problem",
"refsource": "MLIST",
"url": "http://www.ussg.iu.edu/hypermail/linux/kernel/0311.0/0621.html"
},
{
"name": "8987",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8987"
},
{
"name": "[linux-kernel] 20031105 Re: BK2CVS problem",
"refsource": "MLIST",
"url": "http://www.ussg.iu.edu/hypermail/linux/kernel/0311.0/0630.html"
},
{
"name": "[linux-kernel] 20031105 Re: BK2CVS problem",
"refsource": "MLIST",
"url": "http://www.ussg.iu.edu/hypermail/linux/kernel/0311.0/0627.html"
}
]
}
}

140
2004/0xxx/CVE-2004-0251.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0251", "ID": "CVE-2004-0251",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote attackers to execute arbitrary script as other users via the query parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040204 rxgoogle.cgi XSS Vulnerability.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=107594183924958&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote attackers to execute arbitrary script as other users via the query parameter."
{ }
"name" : "rxgoogle-query-xss(15043)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15043" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "9575", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/9575" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20040204 rxgoogle.cgi XSS Vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107594183924958&w=2"
},
{
"name": "rxgoogle-query-xss(15043)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15043"
},
{
"name": "9575",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9575"
}
]
}
}

340
2004/0xxx/CVE-2004-0426.json
View File

@ -1,172 +1,172 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0426", "ID": "CVE-2004-0426",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://rsync.samba.org/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://rsync.samba.org/" "lang": "eng",
}, "value": "rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path."
{ }
"name" : "DSA-499", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2004/dsa-499" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-200407-10", "description": [
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200407-10.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDKSA-2004:042", ]
"refsource" : "MANDRAKE", }
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:042" ]
}, },
{ "references": {
"name" : "RHSA-2004:192", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-192.html" "name": "GLSA-200407-10",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200407-10.xml"
"name" : "SSA:2004-124-01", },
"refsource" : "SLACKWARE", {
"url" : "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.403462" "name": "oval:org.mitre.oval:def:967",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A967"
"name" : "TSL-2004-0024", },
"refsource" : "TRUSTIX", {
"url" : "http://www.trustix.net/errata/misc/2004/TSL-2004-0024-rsync.asc.txt" "name": "11523",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11523"
"name" : "20040521 [OpenPKG-SA-2004.025] OpenPKG Security Advisory (rsync)", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=108515912212018&w=2" "name": "20040521 [OpenPKG-SA-2004.025] OpenPKG Security Advisory (rsync)",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=108515912212018&w=2"
"name" : "O-134", },
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/o-134.shtml" "name": "rsync-write-files(16014)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16014"
"name" : "O-212", },
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/o-212.shtml" "name": "11688",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11688"
"name" : "10247", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10247" "name": "11669",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11669"
"name" : "oval:org.mitre.oval:def:9495", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9495" "name": "O-134",
}, "refsource": "CIAC",
{ "url": "http://www.ciac.org/ciac/bulletins/o-134.shtml"
"name" : "11514", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11514" "name": "RHSA-2004:192",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2004-192.html"
"name" : "11515", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11515" "name": "12054",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/12054"
"name" : "11523", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11523" "name": "11514",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11514"
"name" : "11537", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11537" "name": "11993",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11993"
"name" : "11583", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11583" "name": "http://rsync.samba.org/",
}, "refsource": "CONFIRM",
{ "url": "http://rsync.samba.org/"
"name" : "11669", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11669" "name": "SSA:2004-124-01",
}, "refsource": "SLACKWARE",
{ "url": "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.403462"
"name" : "11688", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11688" "name": "MDKSA-2004:042",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:042"
"name" : "11993", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11993" "name": "oval:org.mitre.oval:def:9495",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9495"
"name" : "12054", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12054" "name": "11537",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11537"
"name" : "oval:org.mitre.oval:def:967", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A967" "name": "DSA-499",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2004/dsa-499"
"name" : "rsync-write-files(16014)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16014" "name": "11583",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/11583"
} },
} {
"name": "O-212",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-212.shtml"
},
{
"name": "10247",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10247"
},
{
"name": "TSL-2004-0024",
"refsource": "TRUSTIX",
"url": "http://www.trustix.net/errata/misc/2004/TSL-2004-0024-rsync.asc.txt"
},
{
"name": "11515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11515"
}
]
}
}

200
2004/0xxx/CVE-2004-0844.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0844", "ID": "CVE-2004-0844",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the \"Address Bar Spoofing on Double Byte Character Set Systems Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041128 Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110178042025729&w=2" "lang": "eng",
}, "value": "Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the \"Address Bar Spoofing on Double Byte Character Set Systems Vulnerability.\""
{ }
"name" : "20041128 Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038", ]
"refsource" : "NTBUGTRAQ", },
"url" : "http://marc.info/?l=ntbugtraq&m=110174346717733&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS04-038", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "TA04-293A", ]
"refsource" : "CERT", }
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-293A.html" ]
}, },
{ "references": {
"name" : "VU#431576", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/431576" "name": "ie-dbcs-obtain-information(17652)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17652"
"name" : "oval:org.mitre.oval:def:2448", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2448" "name": "oval:org.mitre.oval:def:2448",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2448"
"name" : "oval:org.mitre.oval:def:8127", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8127" "name": "oval:org.mitre.oval:def:8127",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8127"
"name" : "ie-dbcs-obtain-information(17652)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17652" "name": "MS04-038",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
"name" : "ie-ms04038-patch(17651)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651" "name": "TA04-293A",
} "refsource": "CERT",
] "url": "http://www.us-cert.gov/cas/techalerts/TA04-293A.html"
} },
} {
"name": "ie-ms04038-patch(17651)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17651"
},
{
"name": "20041128 Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq&m=110174346717733&w=2"
},
{
"name": "20041128 Address Bar Spoofing on Double Byte Character Set Locale Vulnerability (CAN-2004-0844) Patched in MS04-038",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110178042025729&w=2"
},
{
"name": "VU#431576",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/431576"
}
]
}
}

150
2004/1xxx/CVE-2004-1509.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1509", "ID": "CVE-2004-1509",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "validate.php in WebCalendar allows remote attackers to gain sensitive information via an invalid encoded_login parameter, which reveals the full path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041109 Multiple Vulnerabilities in WebCalendar", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110011618724455&w=2" "lang": "eng",
}, "value": "validate.php in WebCalendar allows remote attackers to gain sensitive information via an invalid encoded_login parameter, which reveals the full path in an error message."
{ }
"name" : "11651", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/11651" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "13164", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/13164" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "webcalendar-encodedlogin-path-disclosure(18029)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18029" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20041109 Multiple Vulnerabilities in WebCalendar",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110011618724455&w=2"
},
{
"name": "webcalendar-encodedlogin-path-disclosure(18029)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18029"
},
{
"name": "11651",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11651"
},
{
"name": "13164",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13164"
}
]
}
}

150
2004/1xxx/CVE-2004-1794.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1794", "ID": "CVE-2004-1794",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows remote attackers to inject arbitrary web script or HTML via the NICKNAME tag in a vCard."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040101 Possible XSS vuln in VCard4J", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0006.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows remote attackers to inject arbitrary web script or HTML via the NICKNAME tag in a vCard."
{ }
"name" : "9343", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/9343" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1008582", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1008582" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "vcard4j-nickname-xss(14120)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14120" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20040101 Possible XSS vuln in VCard4J",
"refsource": "BUGTRAQ",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0006.html"
},
{
"name": "9343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9343"
},
{
"name": "vcard4j-nickname-xss(14120)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14120"
},
{
"name": "1008582",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1008582"
}
]
}
}

150
2004/2xxx/CVE-2004-2133.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2133", "ID": "CVE-2004-2133",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writable directories such as /usr/src/packages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040129 Security Announcement: untrusted ELF library path in some cvsup binary RPMs", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=107539776002450&w=2" "lang": "eng",
}, "value": "Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writable directories such as /usr/src/packages."
{ }
"name" : "20040129 Security Announcement: untrusted ELF library path in some cvsup binary RPMs", ]
"refsource" : "VULNWATCH", },
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0025.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "9523", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/9523" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "cvsup-rpath-gain-privileges(14994)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14994" ]
} },
] "references": {
} "reference_data": [
} {
"name": "cvsup-rpath-gain-privileges(14994)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14994"
},
{
"name": "20040129 Security Announcement: untrusted ELF library path in some cvsup binary RPMs",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0025.html"
},
{
"name": "9523",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9523"
},
{
"name": "20040129 Security Announcement: untrusted ELF library path in some cvsup binary RPMs",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107539776002450&w=2"
}
]
}
}

150
2004/2xxx/CVE-2004-2458.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2458", "ID": "CVE-2004-2458",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch" "lang": "eng",
}, "value": "Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories."
{ }
"name" : "10087", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/10087" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "11334", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11334" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "open-webmail-directory-creation(15822)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15822" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch",
"refsource": "CONFIRM",
"url": "http://openwebmail.org/openwebmail/download/cert/patches/SA-04:02/openwebmail.pl.patch"
},
{
"name": "10087",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10087"
},
{
"name": "open-webmail-directory-creation(15822)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15822"
},
{
"name": "11334",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11334"
}
]
}
}

170
2004/2xxx/CVE-2004-2748.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2748", "ID": "CVE-2004-2748",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040120 WebTrends Reporting Center Path Disclosure vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/350419/30/21610/threaded" "lang": "eng",
}, "value": "viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message."
{ }
"name" : "9460", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/9460" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3680", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/3680" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1008799", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1008799" ]
}, },
{ "references": {
"name" : "10689", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/10689" "name": "20040120 WebTrends Reporting Center Path Disclosure vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/350419/30/21610/threaded"
"name" : "3354", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3354" "name": "10689",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/10689"
} },
} {
"name": "1008799",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1008799"
},
{
"name": "3680",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3680"
},
{
"name": "3354",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3354"
},
{
"name": "9460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9460"
}
]
}
}

190
2008/2xxx/CVE-2008-2005.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2005", "ID": "CVE-2008-2005",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length value in a Registration packet to TCP port 5413, which causes a memory allocation failure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080505 CORE-2008-0129 - Wonderware SuiteLink Denial of Service vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/491623/100/0/threaded" "lang": "eng",
}, "value": "The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length value in a Registration packet to TCP port 5413, which causes a memory allocation failure."
{ }
"name" : "6474", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/6474" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.coresecurity.com/?action=item&id=2187", "description": [
"refsource" : "MISC", {
"url" : "http://www.coresecurity.com/?action=item&id=2187" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#596268", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/596268" ]
}, },
{ "references": {
"name" : "28974", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28974" "name": "VU#596268",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/596268"
"name" : "1019966", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019966" "name": "http://www.coresecurity.com/?action=item&id=2187",
}, "refsource": "MISC",
{ "url": "http://www.coresecurity.com/?action=item&id=2187"
"name" : "30063", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30063" "name": "suitelinkservice-slssvc-dos(42221)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42221"
"name" : "suitelinkservice-slssvc-dos(42221)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42221" "name": "28974",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/28974"
} },
} {
"name": "6474",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6474"
},
{
"name": "1019966",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019966"
},
{
"name": "20080505 CORE-2008-0129 - Wonderware SuiteLink Denial of Service vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491623/100/0/threaded"
},
{
"name": "30063",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30063"
}
]
}
}

140
2008/2xxx/CVE-2008-2491.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2491", "ID": "CVE-2008-2491",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in adv_cat.php in AbleSpace 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080525 Ablespace 1.0 'cat_id' Parameter SQL Injection Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/492576/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in adv_cat.php in AbleSpace 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter."
{ }
"name" : "29369", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29369" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ablespace-advcat-sql-injection(42635)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42635" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "ablespace-advcat-sql-injection(42635)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42635"
},
{
"name": "29369",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29369"
},
{
"name": "20080525 Ablespace 1.0 'cat_id' Parameter SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492576/100/0/threaded"
}
]
}
}

160
2008/2xxx/CVE-2008-2554.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2554", "ID": "CVE-2008-2554",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp and (2) cat parameter to template_archives_cat.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080601 BP Blog 6.0 (id) Remote Blind SQL Injection Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/492902/100/0/threaded" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp and (2) cat parameter to template_archives_cat.asp."
{ }
"name" : "5705", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/5705" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "29460", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29460" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3925", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/3925" ]
}, },
{ "references": {
"name" : "bpblog-id-cat-sql-injection(42894)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42894" "name": "bpblog-id-cat-sql-injection(42894)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42894"
} },
} {
"name": "20080601 BP Blog 6.0 (id) Remote Blind SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492902/100/0/threaded"
},
{
"name": "5705",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5705"
},
{
"name": "29460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29460"
},
{
"name": "3925",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3925"
}
]
}
}

140
2008/2xxx/CVE-2008-2555.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2555", "ID": "CVE-2008-2555",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in EasyWay CMS allows remote attackers to execute arbitrary SQL commands via the mid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5706", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5706" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in EasyWay CMS allows remote attackers to execute arbitrary SQL commands via the mid parameter."
{ }
"name" : "30494", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/30494" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "easyway-index-sql-injection(42787)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42787" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "easyway-index-sql-injection(42787)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42787"
},
{
"name": "30494",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30494"
},
{
"name": "5706",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5706"
}
]
}
}

180
2008/2xxx/CVE-2008-2733.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2008-2733", "ID": "CVE-2008-2733",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote attackers to cause a denial of service (device reload) via a crafted authentication attempt, aka Bug ID CSCso69942."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080903 Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA", "description_data": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml" "lang": "eng",
}, "value": "Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 before 7.2(4)2, 8.0 before 8.0(3)14, and 8.1 before 8.1(1)4, when configured as a client VPN endpoint, do not properly process IPSec client authentication, which allows remote attackers to cause a denial of service (device reload) via a crafted authentication attempt, aka Bug ID CSCso69942."
{ }
"name" : "20080903 Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30998", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30998" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1020810", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1020810" ]
}, },
{ "references": {
"name" : "1020811", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020811" "name": "20080903 Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA",
}, "refsource": "CISCO",
{ "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809f138a.shtml"
"name" : "31730", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31730" "name": "cisco-pix-asa-ipsecclientauth-dos(44867)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44867"
"name" : "cisco-pix-asa-ipsecclientauth-dos(44867)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44867" "name": "1020811",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1020811"
} },
} {
"name": "20080903 Cisco Applied Mitigation Bulletin: Identifying and Mitigating Exploitation of the Remote Access VPN and SIP Vulnerabilities in Cisco PIX and Cisco ASA",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20080903-asa"
},
{
"name": "1020810",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020810"
},
{
"name": "31730",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31730"
},
{
"name": "30998",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30998"
}
]
}
}

180
2008/6xxx/CVE-2008-6101.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6101", "ID": "CVE-2008-6101",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in click.php in Adult Banner Exchange Website allows remote attackers to execute arbitrary SQL commands via the targetid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6909", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6909" "lang": "eng",
}, "value": "SQL injection vulnerability in click.php in Adult Banner Exchange Website allows remote attackers to execute arbitrary SQL commands via the targetid parameter."
{ }
"name" : "9387", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/9387" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstorm.linuxsecurity.com/0809-exploits/abe-sql.txt", "description": [
"refsource" : "MISC", {
"url" : "http://packetstorm.linuxsecurity.com/0809-exploits/abe-sql.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "31510", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/31510" ]
}, },
{ "references": {
"name" : "32067", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32067" "name": "abew-click-sql-injection(45573)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45573"
"name" : "abew-click-sql-injection(45573)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45573" "name": "9387",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/9387"
"name" : "bes-click-sql-injection(52328)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52328" "name": "31510",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/31510"
} },
} {
"name": "6909",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6909"
},
{
"name": "32067",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32067"
},
{
"name": "http://packetstorm.linuxsecurity.com/0809-exploits/abe-sql.txt",
"refsource": "MISC",
"url": "http://packetstorm.linuxsecurity.com/0809-exploits/abe-sql.txt"
},
{
"name": "bes-click-sql-injection(52328)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52328"
}
]
}
}

160
2008/6xxx/CVE-2008-6329.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6329", "ID": "CVE-2008-6329",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Employee/login.asp in Pre ASP Job Board allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters, as reachable from Employee/emp_login.asp. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7164", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7164" "lang": "eng",
}, "value": "SQL injection vulnerability in Employee/login.asp in Pre ASP Job Board allows remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters, as reachable from Employee/emp_login.asp. NOTE: some of these details are obtained from third party information."
{ }
"name" : "32366", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32366" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "32785", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32785" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-3218", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/3218" ]
}, },
{ "references": {
"name" : "preaspjobboard-emplogin-sql-injection(46736)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46736" "name": "32785",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/32785"
} },
} {
"name": "32366",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32366"
},
{
"name": "7164",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7164"
},
{
"name": "preaspjobboard-emplogin-sql-injection(46736)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46736"
},
{
"name": "ADV-2008-3218",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3218"
}
]
}
}

140
2008/6xxx/CVE-2008-6609.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6609", "ID": "CVE-2008-6609",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in phpcksec.php in Stefan Ott phpcksec 0.2 allows remote attackers to inject arbitrary web script or HTML via the path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/0812-exploits/phpcksec-xssdisclose.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/0812-exploits/phpcksec-xssdisclose.txt" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in phpcksec.php in Stefan Ott phpcksec 0.2 allows remote attackers to inject arbitrary web script or HTML via the path parameter."
{ }
"name" : "32890", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32890" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "phpcksec-phpcksec-xss(47425)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47425" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/0812-exploits/phpcksec-xssdisclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0812-exploits/phpcksec-xssdisclose.txt"
},
{
"name": "phpcksec-phpcksec-xss(47425)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47425"
},
{
"name": "32890",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32890"
}
]
}
}

190
2012/1xxx/CVE-2012-1499.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1499", "ID": "CVE-2012-1499",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka \"out-of heap-based buffer write.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://openjpeg.googlecode.com/svn/branches/openjpeg-1.5/NEWS", "description_data": [
"refsource" : "MISC", {
"url" : "http://openjpeg.googlecode.com/svn/branches/openjpeg-1.5/NEWS" "lang": "eng",
}, "value": "The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka \"out-of heap-based buffer write.\""
{ }
"name" : "http://technet.microsoft.com/en-us/security/msvr/msvr12-004", ]
"refsource" : "MISC", },
"url" : "http://technet.microsoft.com/en-us/security/msvr/msvr12-004" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=805912", "description": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=805912" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://code.google.com/p/openjpeg/source/detail?r=1330", ]
"refsource" : "CONFIRM", }
"url" : "http://code.google.com/p/openjpeg/source/detail?r=1330" ]
}, },
{ "references": {
"name" : "FEDORA-2012-9602", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083105.html" "name": "http://technet.microsoft.com/en-us/security/msvr/msvr12-004",
}, "refsource": "MISC",
{ "url": "http://technet.microsoft.com/en-us/security/msvr/msvr12-004"
"name" : "FEDORA-2012-9628", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082923.html" "name": "FEDORA-2012-9602",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083105.html"
"name" : "GLSA-201206-06", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201206-06.xml" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=805912",
}, "refsource": "MISC",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=805912"
"name" : "52654", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52654" "name": "52654",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/52654"
} },
} {
"name": "http://code.google.com/p/openjpeg/source/detail?r=1330",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/openjpeg/source/detail?r=1330"
},
{
"name": "GLSA-201206-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-06.xml"
},
{
"name": "FEDORA-2012-9628",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082923.html"
},
{
"name": "http://openjpeg.googlecode.com/svn/branches/openjpeg-1.5/NEWS",
"refsource": "MISC",
"url": "http://openjpeg.googlecode.com/svn/branches/openjpeg-1.5/NEWS"
}
]
}
}

150
2012/5xxx/CVE-2012-5003.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5003", "ID": "CVE-2012-5003",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not properly verify the authenticity of updates, which allows user-assisted remote attackers to execute arbitrary code via a crafted (1) SiteUrl or (2) RedirectUrl parameter that points to a Trojan Horse client.zip update file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120125 NX Web Companion Spoofing Arbitrary Code Execution Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0161.html" "lang": "eng",
}, "value": "nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not properly verify the authenticity of updates, which allows user-assisted remote attackers to execute arbitrary code via a crafted (1) SiteUrl or (2) RedirectUrl parameter that points to a Trojan Horse client.zip update file."
{ }
"name" : "20120125 NX Web Companion Spoofing Arbitrary Code Execution Vulnerability", ]
"refsource" : "FULLDISC", },
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0466.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "47685", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47685" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "nxweb-applet-code-execution(72712)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72712" ]
} },
] "references": {
} "reference_data": [
} {
"name": "47685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47685"
},
{
"name": "nxweb-applet-code-execution(72712)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72712"
},
{
"name": "20120125 NX Web Companion Spoofing Arbitrary Code Execution Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0466.html"
},
{
"name": "20120125 NX Web Companion Spoofing Arbitrary Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0161.html"
}
]
}
}

150
2012/5xxx/CVE-2012-5173.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2012-5173", "ID": "CVE-2012-5173",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Session fixation vulnerability in BIGACE before 2.7.8 allows remote attackers to hijack web sessions via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.bigace.de/news/bigace-2.7.8.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.bigace.de/news/bigace-2.7.8.html" "lang": "eng",
}, "value": "Session fixation vulnerability in BIGACE before 2.7.8 allows remote attackers to hijack web sessions via unspecified vectors."
{ }
"name" : "JVN#60931933", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN60931933/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVNDB-2012-000104", "description": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000104" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "51355", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/51355" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.bigace.de/news/bigace-2.7.8.html",
"refsource": "CONFIRM",
"url": "http://www.bigace.de/news/bigace-2.7.8.html"
},
{
"name": "51355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51355"
},
{
"name": "JVN#60931933",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN60931933/index.html"
},
{
"name": "JVNDB-2012-000104",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000104"
}
]
}
}

150
2012/5xxx/CVE-2012-5538.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-5538", "ID": "CVE-2012-5538",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has \"Reference existing\" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/11/20/4" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has \"Reference existing\" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file."
{ }
"name" : "http://drupal.org/node/1789306", ]
"refsource" : "MISC", },
"url" : "http://drupal.org/node/1789306" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://drupal.org/node/1789300", "description": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/1789300" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://drupal.org/node/1789302", ]
"refsource" : "CONFIRM", }
"url" : "http://drupal.org/node/1789302" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://drupal.org/node/1789300",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1789300"
},
{
"name": "http://drupal.org/node/1789306",
"refsource": "MISC",
"url": "http://drupal.org/node/1789306"
},
{
"name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
},
{
"name": "http://drupal.org/node/1789302",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1789302"
}
]
}
}

34
2012/5xxx/CVE-2012-5640.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5640", "ID": "CVE-2012-5640",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

132
2017/11xxx/CVE-2017-11067.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-10-02T00:00:00", "DATE_PUBLIC": "2017-10-02T00:00:00",
"ID" : "CVE-2017-11067", "ID": "CVE-2017-11067",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the Athdiag procfs entry does not have a proper address sanity check which may potentially lead to the use of an out-of-range pointer offset."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/pixel/2017-10-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/pixel/2017-10-01" "lang": "eng",
}, "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the Athdiag procfs entry does not have a proper address sanity check which may potentially lead to the use of an out-of-range pointer offset."
{ }
"name" : "101160", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101160" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2017-10-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2017-10-01"
},
{
"name": "101160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101160"
}
]
}
}

34
2017/11xxx/CVE-2017-11312.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11312", "ID": "CVE-2017-11312",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2017/11xxx/CVE-2017-11665.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11665", "ID": "CVE-2017-11665",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/FFmpeg/FFmpeg/commit/ffcc82219cef0928bed2d558b19ef6ea35634130", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/FFmpeg/FFmpeg/commit/ffcc82219cef0928bed2d558b19ef6ea35634130" "lang": "eng",
}, "value": "The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted stream."
{ }
"name" : "DSA-3957", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2017/dsa-3957" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "100017", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100017" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FFmpeg/FFmpeg/commit/ffcc82219cef0928bed2d558b19ef6ea35634130",
"refsource": "MISC",
"url": "https://github.com/FFmpeg/FFmpeg/commit/ffcc82219cef0928bed2d558b19ef6ea35634130"
},
{
"name": "DSA-3957",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3957"
},
{
"name": "100017",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100017"
}
]
}
}

34
2017/11xxx/CVE-2017-11701.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11701", "ID": "CVE-2017-11701",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

152
2017/11xxx/CVE-2017-11791.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-11-14T00:00:00", "DATE_PUBLIC": "2017-11-14T00:00:00",
"ID" : "CVE-2017-11791", "ID": "CVE-2017-11791",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ChakraCore, Microsoft Edge, Internet Explorer", "product_name": "ChakraCore, Microsoft Edge, Internet Explorer",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "ChakraCore, Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709." "version_value": "ChakraCore, Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-11834."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11791", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11791" "lang": "eng",
}, "value": "ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-11834."
{ }
"name" : "101715", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101715" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039796", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039796" "lang": "eng",
}, "value": "Information Disclosure"
{ }
"name" : "1039797", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1039797" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1039796",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039796"
},
{
"name": "101715",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101715"
},
{
"name": "1039797",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039797"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11791",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11791"
}
]
}
}

142
2017/11xxx/CVE-2017-11927.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-12-12T00:00:00", "DATE_PUBLIC": "2017-12-12T00:00:00",
"ID" : "CVE-2017-11927", "ID": "CVE-2017-11927",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Windows", "product_name": "Microsoft Windows",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709" "version_value": "Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines the zone of a request, aka \"Microsoft Windows Information Disclosure Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11927", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11927" "lang": "eng",
}, "value": "Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines the zone of a request, aka \"Microsoft Windows Information Disclosure Vulnerability\"."
{ }
"name" : "102095", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102095" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039997", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039997" "lang": "eng",
} "value": "Information Disclosure"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "102095",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102095"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11927",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11927"
},
{
"name": "1039997",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039997"
}
]
}
}

34
2017/15xxx/CVE-2017-15146.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15146", "ID": "CVE-2017-15146",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2017/15xxx/CVE-2017-15198.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15198", "ID": "CVE-2017-15198",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://openwall.com/lists/oss-security/2017/10/04/9", "description_data": [
"refsource" : "MISC", {
"url" : "http://openwall.com/lists/oss-security/2017/10/04/9" "lang": "eng",
}, "value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit a category of a private project of another user."
{ }
"name" : "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0", ]
"refsource" : "MISC", },
"url" : "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://kanboard.net/news/version-1.0.47", ]
"refsource" : "MISC", }
"url" : "https://kanboard.net/news/version-1.0.47" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
]
}
}

122
2017/15xxx/CVE-2017-15714.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"DATE_PUBLIC" : "2018-01-03T00:00:00", "DATE_PUBLIC": "2018-01-03T00:00:00",
"ID" : "CVE-2017-15714", "ID": "CVE-2017-15714",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache OFBiz", "product_name": "Apache OFBiz",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "16.11.01 to 16.11.03" "version_value": "16.11.01 to 16.11.03"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code \"__format=%27;alert(%27xss%27)\" to the URL an alert window would execute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Arbitrary Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[user] 20180103 [SECURITY] CVE-2017-15714 Apache OFBiz BIRT code vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "https://s.apache.org/UO3W" "lang": "eng",
} "value": "The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code \"__format=%27;alert(%27xss%27)\" to the URL an alert window would execute."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[user] 20180103 [SECURITY] CVE-2017-15714 Apache OFBiz BIRT code vulnerability",
"refsource": "MLIST",
"url": "https://s.apache.org/UO3W"
}
]
}
}

140
2017/3xxx/CVE-2017-3032.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-3032", "ID": "CVE-2017-3032",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", "product_name": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." "version_value": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 code-stream parser."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" "lang": "eng",
}, "value": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 code-stream parser."
{ }
"name" : "97554", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97554" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038228", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038228" "lang": "eng",
} "value": "Information Disclosure"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "97554",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97554"
},
{
"name": "1038228",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038228"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html"
}
]
}
}

248
2017/3xxx/CVE-2017-3140.json
View File

@ -1,126 +1,126 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security-officer@isc.org", "ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC" : "2017-06-14T00:00:00.000Z", "DATE_PUBLIC": "2017-06-14T00:00:00.000Z",
"ID" : "CVE-2017-3140", "ID": "CVE-2017-3140",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : " An error processing RPZ rules can cause named to loop endlessly after handling a query" "TITLE": " An error processing RPZ rules can cause named to loop endlessly after handling a query"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "BIND 9", "product_name": "BIND 9",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1" "version_value": "9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "ISC" "vendor_name": "ISC"
} }
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "ISC would like to thank Oli Schacher of Switch for bringing this defect to our attention."
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "LOW",
"baseScore" : 3.7,
"baseSeverity" : "LOW",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "A server is potentially vulnerable to degradation of service if\n\n the server is configured to use RPZ,\n the server uses NSDNAME or NSIP policy rules, and\n an attacker can cause the server to process a specific query\n\nSuccessful exploitation of this condition will cause named to enter a state where it continues to loop while processing the query without ever reaching an end state. While in this state, named repeatedly queries the same sets of authoritative nameservers and this behavior will usually persist indefinitely beyond the normal client query processing timeout. By triggering this condition multiple times, an attacker could cause a deliberate and substantial degradation in service.\n\nOperators of servers that meet the above conditions 1. and 2. may also accidentally encounter this defect during normal operation. It is for this reason that the decision was made to issue this advisory despite its low CVSS score."
}
] ]
} }
] },
}, "credit": [
"references" : { {
"reference_data" : [ "lang": "eng",
{ "value": "ISC would like to thank Oli Schacher of Switch for bringing this defect to our attention."
"name" : "https://kb.isc.org/docs/aa-01495", }
"refsource" : "CONFIRM", ],
"url" : "https://kb.isc.org/docs/aa-01495" "data_format": "MITRE",
}, "data_type": "CVE",
{ "data_version": "4.0",
"name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us", "description": {
"refsource" : "CONFIRM", "description_data": [
"url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us" {
}, "lang": "eng",
{ "value": "If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1."
"name" : "https://security.netapp.com/advisory/ntap-20180926-0001/", }
"refsource" : "CONFIRM", ]
"url" : "https://security.netapp.com/advisory/ntap-20180926-0001/" },
}, "impact": {
{ "cvss": {
"name" : "GLSA-201708-01", "attackComplexity": "HIGH",
"refsource" : "GENTOO", "attackVector": "NETWORK",
"url" : "https://security.gentoo.org/glsa/201708-01" "availabilityImpact": "LOW",
}, "baseScore": 3.7,
{ "baseSeverity": "LOW",
"name" : "99088", "confidentialityImpact": "NONE",
"refsource" : "BID", "integrityImpact": "NONE",
"url" : "http://www.securityfocus.com/bid/99088" "privilegesRequired": "NONE",
}, "scope": "UNCHANGED",
{ "userInteraction": "NONE",
"name" : "1038692", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"refsource" : "SECTRACK", "version": "3.0"
"url" : "http://www.securitytracker.com/id/1038692" }
} },
] "problemtype": {
}, "problemtype_data": [
"solution" : [ {
{ "description": [
"lang" : "eng", {
"value" : "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.10-P1\n BIND 9 version 9.10.5-P1\n BIND 9 version 9.11.1-P1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.10-S2\n BIND 9 version 9.10.5-S2" "lang": "eng",
} "value": "A server is potentially vulnerable to degradation of service if\n\n the server is configured to use RPZ,\n the server uses NSDNAME or NSIP policy rules, and\n an attacker can cause the server to process a specific query\n\nSuccessful exploitation of this condition will cause named to enter a state where it continues to loop while processing the query without ever reaching an end state. While in this state, named repeatedly queries the same sets of authoritative nameservers and this behavior will usually persist indefinitely beyond the normal client query processing timeout. By triggering this condition multiple times, an attacker could cause a deliberate and substantial degradation in service.\n\nOperators of servers that meet the above conditions 1. and 2. may also accidentally encounter this defect during normal operation. It is for this reason that the decision was made to issue this advisory despite its low CVSS score."
], }
"source" : { ]
"discovery" : "UNKNOWN" }
}, ]
"work_around" : [ },
{ "references": {
"lang" : "eng", "reference_data": [
"value" : "Only the NSDNAME and NSIP RPZ rule types can cause this condition to occur. You can work around this vulnerability if you are able to express your desired policy while avoiding NSDNAME or NSIP rules, otherwise it is advised that you upgrade to a version which corrects the defect." {
} "name": "1038692",
] "refsource": "SECTRACK",
} "url": "http://www.securitytracker.com/id/1038692"
},
{
"name": "GLSA-201708-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201708-01"
},
{
"name": "99088",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99088"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180926-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180926-0001/"
},
{
"name": "https://kb.isc.org/docs/aa-01495",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01495"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.10-P1\n BIND 9 version 9.10.5-P1\n BIND 9 version 9.11.1-P1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.10-S2\n BIND 9 version 9.10.5-S2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "eng",
"value": "Only the NSDNAME and NSIP RPZ rule types can cause this condition to occur. You can work around this vulnerability if you are able to express your desired policy while avoiding NSDNAME or NSIP rules, otherwise it is advised that you upgrade to a version which corrects the defect."
}
]
}

150
2017/3xxx/CVE-2017-3221.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cert@cert.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2017-3221", "ID": "CVE-2017-3221",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "AmosConnect", "product_name": "AmosConnect",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.0, 8.0.1, 8.0.2, 8.2.0, 8.2.1, 8.2.2, 8.3.0, 8.3.1, 8.4.0, 8.4.0.1" "version_value": "8.0, 8.0.1, 8.0.2, 8.2.0, 8.2.1, 8.2.2, 8.3.0, 8.3.1, 8.4.0, 8.4.0.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Inmarsat" "vendor_name": "Inmarsat"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-89"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.inmarsat.com/news/inmarsat-response-to-ioactive-claims/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.inmarsat.com/news/inmarsat-response-to-ioactive-claims/" "lang": "eng",
}, "value": "Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords."
{ }
"name" : "https://twitter.com/mkolsek/status/923988845783322625", ]
"refsource" : "MISC", },
"url" : "https://twitter.com/mkolsek/status/923988845783322625" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#586501", "description": [
"refsource" : "CERT-VN", {
"url" : "https://www.kb.cert.org/vuls/id/586501" "lang": "eng",
}, "value": "CWE-89"
{ }
"name" : "99899", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/99899" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.inmarsat.com/news/inmarsat-response-to-ioactive-claims/",
"refsource": "MISC",
"url": "http://www.inmarsat.com/news/inmarsat-response-to-ioactive-claims/"
},
{
"name": "99899",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99899"
},
{
"name": "https://twitter.com/mkolsek/status/923988845783322625",
"refsource": "MISC",
"url": "https://twitter.com/mkolsek/status/923988845783322625"
},
{
"name": "VU#586501",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/586501"
}
]
}
}

34
2017/3xxx/CVE-2017-3778.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-3778", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-3778",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

150
2017/3xxx/CVE-2017-3813.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-3813", "ID": "CVE-2017-3813",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco AnyConnect Secure Mobility Client Software for Windows Versions prior to released versions 4.4.00243 and later and 4.3.05017 and later.", "product_name": "Cisco AnyConnect Secure Mobility Client Software for Windows Versions prior to released versions 4.4.00243 and later and 4.3.05017 and later.",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco AnyConnect Secure Mobility Client Software for Windows Versions prior to released versions 4.4.00243 and later and 4.3.05017 and later." "version_value": "Cisco AnyConnect Secure Mobility Client Software for Windows Versions prior to released versions 4.4.00243 and later and 4.3.05017 and later."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the access controls. An attacker could exploit this vulnerability by opening the Internet Explorer browser. An exploit could allow the attacker to use Internet Explorer with the privileges of the SYSTEM user. This may allow the attacker to execute privileged commands on the targeted system. This vulnerability affects versions prior to released versions 4.4.00243 and later and 4.3.05017 and later. Cisco Bug IDs: CSCvc43976."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-264"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41476", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41476/" "lang": "eng",
}, "value": "A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the access controls. An attacker could exploit this vulnerability by opening the Internet Explorer browser. An exploit could allow the attacker to use Internet Explorer with the privileges of the SYSTEM user. This may allow the attacker to execute privileged commands on the targeted system. This vulnerability affects versions prior to released versions 4.4.00243 and later and 4.3.05017 and later. Cisco Bug IDs: CSCvc43976."
{ }
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170208-anyconnect", ]
"refsource" : "CONFIRM", },
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170208-anyconnect" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96145", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96145" "lang": "eng",
}, "value": "CWE-264"
{ }
"name" : "1037796", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1037796" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170208-anyconnect",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170208-anyconnect"
},
{
"name": "41476",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41476/"
},
{
"name": "1037796",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037796"
},
{
"name": "96145",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96145"
}
]
}
}

140
2017/3xxx/CVE-2017-3853.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-3853", "ID": "CVE-2017-3853",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco IOx", "product_name": "Cisco IOx",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco IOx" "version_value": "Cisco IOx"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device. The vulnerability is due to insufficient bounds checking in the DMo process. An attacker could exploit this vulnerability by sending crafted packets that are forwarded to the DMo process for evaluation. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. This vulnerability affects the following Cisco 800 Series Industrial Integrated Services Routers: Cisco IR809 and Cisco IR829. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52330."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-119 Stack Overflow Vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-iox", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-iox" "lang": "eng",
}, "value": "A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device. The vulnerability is due to insufficient bounds checking in the DMo process. An attacker could exploit this vulnerability by sending crafted packets that are forwarded to the DMo process for evaluation. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. This vulnerability affects the following Cisco 800 Series Industrial Integrated Services Routers: Cisco IR809 and Cisco IR829. Cisco IOx Releases 1.0.0.0 and 1.1.0.0 are vulnerable. Cisco Bug IDs: CSCuy52330."
{ }
"name" : "97011", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97011" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038105", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038105" "lang": "eng",
} "value": "CWE-119 Stack Overflow Vulnerability"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-iox",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170322-iox"
},
{
"name": "1038105",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038105"
},
{
"name": "97011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97011"
}
]
}
}

150
2017/8xxx/CVE-2017-8382.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8382", "ID": "CVE-2017-8382",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42005", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42005/" "lang": "eng",
}, "value": "admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts."
{ }
"name" : "http://en.0day.today/exploit/27771", ]
"refsource" : "MISC", },
"url" : "http://en.0day.today/exploit/27771" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/Admidio/admidio/issues/612", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/Admidio/admidio/issues/612" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/faizzaidi/Admidio-3.2.8-CSRF-POC-by-Provensec-llc", ]
"refsource" : "MISC", }
"url" : "https://github.com/faizzaidi/Admidio-3.2.8-CSRF-POC-by-Provensec-llc" ]
} },
] "references": {
} "reference_data": [
} {
"name": "42005",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42005/"
},
{
"name": "http://en.0day.today/exploit/27771",
"refsource": "MISC",
"url": "http://en.0day.today/exploit/27771"
},
{
"name": "https://github.com/faizzaidi/Admidio-3.2.8-CSRF-POC-by-Provensec-llc",
"refsource": "MISC",
"url": "https://github.com/faizzaidi/Admidio-3.2.8-CSRF-POC-by-Provensec-llc"
},
{
"name": "https://github.com/Admidio/admidio/issues/612",
"refsource": "MISC",
"url": "https://github.com/Admidio/admidio/issues/612"
}
]
}
}

140
2017/8xxx/CVE-2017-8460.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-8460", "ID": "CVE-2017-8460",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows PDF", "product_name": "Windows PDF",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" "version_value": "Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows information disclosure when a user opens a specially crafted PDF file, aka \"Windows PDF Information Disclosure Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8460", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8460" "lang": "eng",
}, "value": "Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows information disclosure when a user opens a specially crafted PDF file, aka \"Windows PDF Information Disclosure Vulnerability\"."
{ }
"name" : "98887", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98887" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038678", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038678" "lang": "eng",
} "value": "Information Disclosure"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "98887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98887"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8460",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8460"
},
{
"name": "1038678",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038678"
}
]
}
}

152
2017/8xxx/CVE-2017-8644.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00", "DATE_PUBLIC": "2017-08-08T00:00:00",
"ID" : "CVE-2017-8644", "ID": "CVE-2017-8644",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Edge", "product_name": "Microsoft Edge",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." "version_value": "Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8652 and CVE-2017-8662."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42459", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42459/" "lang": "eng",
}, "value": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8652 and CVE-2017-8662."
{ }
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8644", ]
"refsource" : "CONFIRM", },
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8644" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "100044", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100044" "lang": "eng",
}, "value": "Information Disclosure"
{ }
"name" : "1039101", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1039101" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8644",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8644"
},
{
"name": "42459",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42459/"
},
{
"name": "100044",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100044"
},
{
"name": "1039101",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039101"
}
]
}
}

152
2017/8xxx/CVE-2017-8683.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-09-12T00:00:00", "DATE_PUBLIC": "2017-09-12T00:00:00",
"ID" : "CVE-2017-8683", "ID": "CVE-2017-8683",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows graphics", "product_name": "Windows graphics",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an attacker to execute remote code by the way it handles embedded fonts, aka \"Win32k Graphics Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8682."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42746", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42746/" "lang": "eng",
}, "value": "Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an attacker to execute remote code by the way it handles embedded fonts, aka \"Win32k Graphics Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8682."
{ }
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8683", ]
"refsource" : "CONFIRM", },
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8683" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "100781", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100781" "lang": "eng",
}, "value": "Remote Code Execution"
{ }
"name" : "1039338", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1039338" ]
} },
] "references": {
} "reference_data": [
} {
"name": "42746",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42746/"
},
{
"name": "1039338",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039338"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8683",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8683"
},
{
"name": "100781",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100781"
}
]
}
}

120
2017/8xxx/CVE-2017-8763.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8763", "ID": "CVE-2017-8763",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in modules/Base/Box/check_for_new_version.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/Telaxus/EPESI/issues/182", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/Telaxus/EPESI/issues/182" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in modules/Base/Box/check_for_new_version.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Telaxus/EPESI/issues/182",
"refsource": "MISC",
"url": "https://github.com/Telaxus/EPESI/issues/182"
}
]
}
}

34
2018/10xxx/CVE-2018-10281.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10281", "ID": "CVE-2018-10281",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/12xxx/CVE-2018-12025.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12025", "ID": "CVE-2018-12025",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized transfer of digital assets because of a logic error. The developer messed up with the boolean judgment - if the input value is smaller than or equal to allowed value, the transfer session would stop execution by returning false. This makes no sense, because the transferFrom() function should require the transferring value to not exceed the allowed value in the first place. Suppose this function asks for the allowed value to be smaller than the input. Then, the attacker could easily ignore the allowance: after this condition, the `allowed[from][msg.sender] -= value;` would cause an underflow because the allowed part is smaller than the value. The attacker could transfer any amount of FuturXe tokens of any accounts to an appointed account (the `_to` address) because the allowed value is initialized to 0, and the attacker could bypass this restriction even without the victim's private key."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://medium.com/secbit-media/bugged-smart-contract-f-e-how-could-someone-mess-up-with-boolean-d2251defd6ff", "description_data": [
"refsource" : "MISC", {
"url" : "https://medium.com/secbit-media/bugged-smart-contract-f-e-how-could-someone-mess-up-with-boolean-d2251defd6ff" "lang": "eng",
} "value": "The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized transfer of digital assets because of a logic error. The developer messed up with the boolean judgment - if the input value is smaller than or equal to allowed value, the transfer session would stop execution by returning false. This makes no sense, because the transferFrom() function should require the transferring value to not exceed the allowed value in the first place. Suppose this function asks for the allowed value to be smaller than the input. Then, the attacker could easily ignore the allowance: after this condition, the `allowed[from][msg.sender] -= value;` would cause an underflow because the allowed part is smaller than the value. The attacker could transfer any amount of FuturXe tokens of any accounts to an appointed account (the `_to` address) because the allowed value is initialized to 0, and the attacker could bypass this restriction even without the victim's private key."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/secbit-media/bugged-smart-contract-f-e-how-could-someone-mess-up-with-boolean-d2251defd6ff",
"refsource": "MISC",
"url": "https://medium.com/secbit-media/bugged-smart-contract-f-e-how-could-someone-mess-up-with-boolean-d2251defd6ff"
}
]
}
}

34
2018/12xxx/CVE-2018-12226.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12226", "ID": "CVE-2018-12226",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/12xxx/CVE-2018-12625.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12625", "ID": "CVE-2018-12625",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2018/12xxx/CVE-2018-12980.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12980", "ID": "CVE-2018-12980",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45014", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45014/" "lang": "eng",
}, "value": "An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability allows an authenticated user to upload arbitrary files to the file system with the permissions of the web server."
{ }
"name" : "20180711 SEC Consult SA-20180711-0 :: Remote code execution via multiple attack vectors in WAGO e!DISPLAY 7300T", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2018/Jul/38" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://cert.vde.com/en-us/advisories/vde-2018-010", "description": [
"refsource" : "MISC", {
"url" : "https://cert.vde.com/en-us/advisories/vde-2018-010" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.sec-consult.com/en/blog/advisories/remote-code-execution-via-multiple-attack-vectors-in-wago-edisplay/", ]
"refsource" : "MISC", }
"url" : "https://www.sec-consult.com/en/blog/advisories/remote-code-execution-via-multiple-attack-vectors-in-wago-edisplay/" ]
}, },
{ "references": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-198-02", "reference_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-198-02" "name": "https://cert.vde.com/en-us/advisories/vde-2018-010",
}, "refsource": "MISC",
{ "url": "https://cert.vde.com/en-us/advisories/vde-2018-010"
"name" : "https://www.wago.com/medias/SA-WBM-2018-004.pdf?context=bWFzdGVyfHJvb3R8MjgyNzYwfGFwcGxpY2F0aW9uL3BkZnxoMWUvaDg4LzkzNjE3NTIxOTUxMDIucGRmfDU1NmJkYjEzNDY0ZGU4OWQ1OTMyMjUwNTlmZTI0MzgwNDQ1MDY1YzU3OWRmZDk1NzYzODAwMDI3ODg1NDJlZjU", },
"refsource" : "CONFIRM", {
"url" : "https://www.wago.com/medias/SA-WBM-2018-004.pdf?context=bWFzdGVyfHJvb3R8MjgyNzYwfGFwcGxpY2F0aW9uL3BkZnxoMWUvaDg4LzkzNjE3NTIxOTUxMDIucGRmfDU1NmJkYjEzNDY0ZGU4OWQ1OTMyMjUwNTlmZTI0MzgwNDQ1MDY1YzU3OWRmZDk1NzYzODAwMDI3ODg1NDJlZjU" "name": "https://www.sec-consult.com/en/blog/advisories/remote-code-execution-via-multiple-attack-vectors-in-wago-edisplay/",
} "refsource": "MISC",
] "url": "https://www.sec-consult.com/en/blog/advisories/remote-code-execution-via-multiple-attack-vectors-in-wago-edisplay/"
} },
} {
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-198-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-198-02"
},
{
"name": "https://www.wago.com/medias/SA-WBM-2018-004.pdf?context=bWFzdGVyfHJvb3R8MjgyNzYwfGFwcGxpY2F0aW9uL3BkZnxoMWUvaDg4LzkzNjE3NTIxOTUxMDIucGRmfDU1NmJkYjEzNDY0ZGU4OWQ1OTMyMjUwNTlmZTI0MzgwNDQ1MDY1YzU3OWRmZDk1NzYzODAwMDI3ODg1NDJlZjU",
"refsource": "CONFIRM",
"url": "https://www.wago.com/medias/SA-WBM-2018-004.pdf?context=bWFzdGVyfHJvb3R8MjgyNzYwfGFwcGxpY2F0aW9uL3BkZnxoMWUvaDg4LzkzNjE3NTIxOTUxMDIucGRmfDU1NmJkYjEzNDY0ZGU4OWQ1OTMyMjUwNTlmZTI0MzgwNDQ1MDY1YzU3OWRmZDk1NzYzODAwMDI3ODg1NDJlZjU"
},
{
"name": "45014",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45014/"
},
{
"name": "20180711 SEC Consult SA-20180711-0 :: Remote code execution via multiple attack vectors in WAGO e!DISPLAY 7300T",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jul/38"
}
]
}
}

130
2018/13xxx/CVE-2018-13205.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13205", "ID": "CVE-2018-13205",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sell function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md" "lang": "eng",
}, "value": "The sell function of a smart contract implementation for ohni_2 (OHNI), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Ohni", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Ohni" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Ohni",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Ohni"
}
]
}
}

130
2018/13xxx/CVE-2018-13505.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13505", "ID": "CVE-2018-13505",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for ecogreenhouse, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for ecogreenhouse, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ecogreenhouse", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ecogreenhouse" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ecogreenhouse",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ecogreenhouse"
}
]
}
}

130
2018/13xxx/CVE-2018-13571.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13571", "ID": "CVE-2018-13571",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for GoramCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for GoramCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GoramCoin", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GoramCoin" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GoramCoin",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GoramCoin"
}
]
}
}

130
2018/13xxx/CVE-2018-13772.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13772", "ID": "CVE-2018-13772",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for TheFlashToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for TheFlashToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TheFlashToken", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TheFlashToken" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TheFlashToken",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TheFlashToken"
}
]
}
}

120
2018/16xxx/CVE-2018-16287.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16287", "ID": "CVE-2018-16287",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html" "lang": "eng",
} "value": "LG SuperSign CMS allows file upload via signEzUI/playlist/edit/upload/..%2f URIs."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html",
"refsource": "MISC",
"url": "http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html"
}
]
}
}

130
2018/16xxx/CVE-2018-16480.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"ID" : "CVE-2018-16480", "ID": "CVE-2018-16480",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "public", "product_name": "public",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "<0.1.4" "version_value": "<0.1.4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site Scripting (XSS) - Generic (CWE-79)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://hackerone.com/reports/329950", "description_data": [
"refsource" : "MISC", {
"url" : "https://hackerone.com/reports/329950" "lang": "eng",
}, "value": "A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering."
{ }
"name" : "https://www.npmjs.com/package/public", ]
"refsource" : "MISC", },
"url" : "https://www.npmjs.com/package/public" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Generic (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/329950",
"refsource": "MISC",
"url": "https://hackerone.com/reports/329950"
},
{
"name": "https://www.npmjs.com/package/public",
"refsource": "MISC",
"url": "https://www.npmjs.com/package/public"
}
]
}
}

34
2018/17xxx/CVE-2018-17033.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17033", "ID": "CVE-2018-17033",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/17xxx/CVE-2018-17105.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17105", "ID": "CVE-2018-17105",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/17xxx/CVE-2018-17358.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17358", "ID": "CVE-2018-17358",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23686", "description_data": [
"refsource" : "MISC", {
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23686" "lang": "eng",
} "value": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23686",
"refsource": "MISC",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23686"
}
]
}
}

130
2018/17xxx/CVE-2018-17669.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-17669", "ID": "CVE-2018-17669",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Reader", "product_name": "Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.2.0.9297" "version_value": "9.2.0.9297"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the name property of a XFA object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6523."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416: Use After Free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1166/", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1166/" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the name property of a XFA object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6523."
{ }
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", ]
"refsource" : "CONFIRM", },
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1166/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1166/"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}