admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:25:59 +00:00
parent 9179ee6ed3
commit 57f9429e74
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 4023 additions and 4023 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

228
2004/0xxx/CVE-2004-0575.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0575",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an \"unchecked buffer\" and improper length validation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041013 EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=ntbugtraq&m=109767342326300&w=2"
},
{
"name" : "MS04-034",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-034"
},
{
"name" : "VU#649374",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/649374"
},
{
"name" : "P-010",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/p-010.shtml"
},
{
"name" : "http://www.eeye.com/html/research/advisories/AD20041012A.html",
"refsource" : "MISC",
"url" : "http://www.eeye.com/html/research/advisories/AD20041012A.html"
},
{
"name" : "oval:org.mitre.oval:def:1053",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1053"
},
{
"name" : "oval:org.mitre.oval:def:3913",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3913"
},
{
"name" : "oval:org.mitre.oval:def:4276",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4276"
},
{
"name" : "oval:org.mitre.oval:def:6397",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6397"
},
{
"name" : "1011637",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1011637"
},
{
"name" : "win-compressed-folders-bo(17624)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17624"
},
{
"name" : "win-ms04034-patch(17659)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17659"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an \"unchecked buffer\" and improper length validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1011637",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011637"
},
{
"name": "oval:org.mitre.oval:def:3913",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3913"
},
{
"name": "20041013 EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq&m=109767342326300&w=2"
},
{
"name": "MS04-034",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-034"
},
{
"name": "P-010",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-010.shtml"
},
{
"name": "http://www.eeye.com/html/research/advisories/AD20041012A.html",
"refsource": "MISC",
"url": "http://www.eeye.com/html/research/advisories/AD20041012A.html"
},
{
"name": "oval:org.mitre.oval:def:4276",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4276"
},
{
"name": "oval:org.mitre.oval:def:1053",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1053"
},
{
"name": "VU#649374",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/649374"
},
{
"name": "win-compressed-folders-bo(17624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17624"
},
{
"name": "win-ms04034-patch(17659)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17659"
},
{
"name": "oval:org.mitre.oval:def:6397",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6397"
}
]
}
}

268
2004/0xxx/CVE-2004-0835.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0835",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mysql.org/doc/refman/4.1/en/news-4-0-19.html",
"refsource" : "CONFIRM",
"url" : "http://www.mysql.org/doc/refman/4.1/en/news-4-0-19.html"
},
{
"name" : "http://www.mysql.org/doc/refman/4.1/en/news-4-1-2.html",
"refsource" : "CONFIRM",
"url" : "http://www.mysql.org/doc/refman/4.1/en/news-4-1-2.html"
},
{
"name" : "CLA-2004:892",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892"
},
{
"name" : "DSA-562",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-562"
},
{
"name" : "GLSA-200410-22",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml"
},
{
"name" : "RHSA-2004:597",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-597.html"
},
{
"name" : "RHSA-2004:611",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-611.html"
},
{
"name" : "101864",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1"
},
{
"name" : "2004-0054",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2004/0054/"
},
{
"name" : "http://bugs.mysql.com/bug.php?id=3270",
"refsource" : "MISC",
"url" : "http://bugs.mysql.com/bug.php?id=3270"
},
{
"name" : "http://lists.mysql.com/internals/13073",
"refsource" : "MISC",
"url" : "http://lists.mysql.com/internals/13073"
},
{
"name" : "P-018",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/p-018.shtml"
},
{
"name" : "12783",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12783/"
},
{
"name" : "1011606",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1011606"
},
{
"name" : "11357",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11357"
},
{
"name" : "mysql-alter-restriction-bypass(17666)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17666"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.mysql.com/bug.php?id=3270",
"refsource": "MISC",
"url": "http://bugs.mysql.com/bug.php?id=3270"
},
{
"name": "http://www.mysql.org/doc/refman/4.1/en/news-4-1-2.html",
"refsource": "CONFIRM",
"url": "http://www.mysql.org/doc/refman/4.1/en/news-4-1-2.html"
},
{
"name": "RHSA-2004:611",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-611.html"
},
{
"name": "12783",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12783/"
},
{
"name": "DSA-562",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-562"
},
{
"name": "101864",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1"
},
{
"name": "11357",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11357"
},
{
"name": "CLA-2004:892",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892"
},
{
"name": "http://www.mysql.org/doc/refman/4.1/en/news-4-0-19.html",
"refsource": "CONFIRM",
"url": "http://www.mysql.org/doc/refman/4.1/en/news-4-0-19.html"
},
{
"name": "mysql-alter-restriction-bypass(17666)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17666"
},
{
"name": "RHSA-2004:597",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-597.html"
},
{
"name": "P-018",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-018.shtml"
},
{
"name": "GLSA-200410-22",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml"
},
{
"name": "2004-0054",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2004/0054/"
},
{
"name": "http://lists.mysql.com/internals/13073",
"refsource": "MISC",
"url": "http://lists.mysql.com/internals/13073"
},
{
"name": "1011606",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011606"
}
]
}
}

148
2004/0xxx/CVE-2004-0992.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0992",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the -a option (daemon mode) in Proxytunnel before 1.2.3 allows remote attackers to execute arbitrary code via format string specifiers in an invalid proxy answer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "GLSA-200411-07",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200411-07.xml"
},
{
"name" : "http://proxytunnel.sourceforge.net/news.html",
"refsource" : "CONFIRM",
"url" : "http://proxytunnel.sourceforge.net/news.html"
},
{
"name" : "11592",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11592"
},
{
"name" : "proxytunnel-message-format-string(17945)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17945"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the -a option (daemon mode) in Proxytunnel before 1.2.3 allows remote attackers to execute arbitrary code via format string specifiers in an invalid proxy answer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11592"
},
{
"name": "proxytunnel-message-format-string(17945)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17945"
},
{
"name": "GLSA-200411-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200411-07.xml"
},
{
"name": "http://proxytunnel.sourceforge.net/news.html",
"refsource": "CONFIRM",
"url": "http://proxytunnel.sourceforge.net/news.html"
}
]
}
}

128
2004/1xxx/CVE-2004-1255.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1255",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the expandtabs function in 2fax 3.04 allows remote attackers to execute arbitrary code via a text file that is converted to TIFF."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tigger.uic.edu/~jlongs2/holes/2fax.txt",
"refsource" : "MISC",
"url" : "http://tigger.uic.edu/~jlongs2/holes/2fax.txt"
},
{
"name" : "2fax-bpcx-bo(10901)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10901"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the expandtabs function in 2fax 3.04 allows remote attackers to execute arbitrary code via a text file that is converted to TIFF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tigger.uic.edu/~jlongs2/holes/2fax.txt",
"refsource": "MISC",
"url": "http://tigger.uic.edu/~jlongs2/holes/2fax.txt"
},
{
"name": "2fax-bpcx-bo(10901)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10901"
}
]
}
}

128
2004/1xxx/CVE-2004-1271.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1271",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows remote attackers to execute arbitrary code via a crafted DXF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tigger.uic.edu/~jlongs2/holes/dxfscope.txt",
"refsource" : "MISC",
"url" : "http://tigger.uic.edu/~jlongs2/holes/dxfscope.txt"
},
{
"name" : "dxfscope-dxfin-bo(18558)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18558"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows remote attackers to execute arbitrary code via a crafted DXF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dxfscope-dxfin-bo(18558)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18558"
},
{
"name": "http://tigger.uic.edu/~jlongs2/holes/dxfscope.txt",
"refsource": "MISC",
"url": "http://tigger.uic.edu/~jlongs2/holes/dxfscope.txt"
}
]
}
}

178
2004/1xxx/CVE-2004-1368.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1368",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041223 Oracle ISQLPlus file access vulnerability (#NISR2122004E)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110382264415387&w=2"
},
{
"name" : "http://www.ngssoftware.com/advisories/oracle23122004E.txt",
"refsource" : "MISC",
"url" : "http://www.ngssoftware.com/advisories/oracle23122004E.txt"
},
{
"name" : "101782",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"name" : "TA04-245A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name" : "VU#435974",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/435974"
},
{
"name" : "10871",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10871"
},
{
"name" : "oracle-isqlplus-file-access(18656)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18656"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-isqlplus-file-access(18656)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18656"
},
{
"name": "20041223 Oracle ISQLPlus file access vulnerability (#NISR2122004E)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110382264415387&w=2"
},
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004E.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004E.txt"
},
{
"name": "VU#435974",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/435974"
},
{
"name": "TA04-245A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "101782",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
]
}
}

148
2004/1xxx/CVE-2004-1510.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1510",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebCalendar allows remote attackers to gain privileges by modifying critical parameters to (1) view_entry.php or (2) upcoming.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041109 Multiple Vulnerabilities in WebCalendar",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110011618724455&w=2"
},
{
"name" : "11651",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11651"
},
{
"name" : "13164",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13164"
},
{
"name" : "webcalendar-scripts-gain-access(18030)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18030"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebCalendar allows remote attackers to gain privileges by modifying critical parameters to (1) view_entry.php or (2) upcoming.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041109 Multiple Vulnerabilities in WebCalendar",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110011618724455&w=2"
},
{
"name": "webcalendar-scripts-gain-access(18030)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18030"
},
{
"name": "11651",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11651"
},
{
"name": "13164",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13164"
}
]
}
}

128
2004/1xxx/CVE-2004-1591.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1591",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web interface for Micronet Wireless Broadband Router SP916BM running firmware before 1.9 08/04/2004 resets the password to the default password when the router is shut off, which could allow remote attackers to gain access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041012 Micronet wireless broadband router SP916BM admin password reset when power off",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109759963126161&w=2"
},
{
"name" : "micronet-router-password-reset(17697)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17697"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface for Micronet Wireless Broadband Router SP916BM running firmware before 1.9 08/04/2004 resets the password to the default password when the router is shut off, which could allow remote attackers to gain access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "micronet-router-password-reset(17697)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17697"
},
{
"name": "20041012 Micronet wireless broadband router SP916BM admin password reset when power off",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109759963126161&w=2"
}
]
}
}

158
2008/2xxx/CVE-2008-2443.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2443",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in dpage.php in The Real Estate Script allows remote attackers to execute arbitrary SQL commands via the docID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5610",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5610"
},
{
"name" : "29200",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29200"
},
{
"name" : "ADV-2008-1524",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1524/references"
},
{
"name" : "30244",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30244"
},
{
"name" : "therealestatescript-docid-sql-injection(42399)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42399"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in dpage.php in The Real Estate Script allows remote attackers to execute arbitrary SQL commands via the docID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29200"
},
{
"name": "therealestatescript-docid-sql-injection(42399)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42399"
},
{
"name": "5610",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5610"
},
{
"name": "30244",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30244"
},
{
"name": "ADV-2008-1524",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1524/references"
}
]
}
}

148
2008/2xxx/CVE-2008-2784.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2784",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.spamdyke.org/documentation/Changelog.txt",
"refsource" : "CONFIRM",
"url" : "http://www.spamdyke.org/documentation/Changelog.txt"
},
{
"name" : "30408",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30408"
},
{
"name" : "ADV-2008-1684",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1684/references"
},
{
"name" : "spamdyke-smtpfilter-security-bypass(42658)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42658"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT commands and a second DATA command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1684",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1684/references"
},
{
"name": "30408",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30408"
},
{
"name": "spamdyke-smtpfilter-security-bypass(42658)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42658"
},
{
"name": "http://www.spamdyke.org/documentation/Changelog.txt",
"refsource": "CONFIRM",
"url": "http://www.spamdyke.org/documentation/Changelog.txt"
}
]
}
}

158
2008/3xxx/CVE-2008-3151.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3151",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080707 PHP-NUKE SQL Module's Name 4ndvddb",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/494013/100/0/threaded"
},
{
"name" : "30120",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30120"
},
{
"name" : "30976",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30976"
},
{
"name" : "3986",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3986"
},
{
"name" : "4ndvddb-modules-sql-injection(43626)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43626"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30120"
},
{
"name": "4ndvddb-modules-sql-injection(43626)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43626"
},
{
"name": "20080707 PHP-NUKE SQL Module's Name 4ndvddb",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494013/100/0/threaded"
},
{
"name": "3986",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3986"
},
{
"name": "30976",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30976"
}
]
}
}

148
2008/3xxx/CVE-2008-3418.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3418",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in browse.php in TriO 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6141",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6141"
},
{
"name" : "31244",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31244"
},
{
"name" : "4077",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4077"
},
{
"name" : "trio-browse-sql-injection(44033)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44033"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in browse.php in TriO 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4077",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4077"
},
{
"name": "31244",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31244"
},
{
"name": "trio-browse-sql-injection(44033)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44033"
},
{
"name": "6141",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6141"
}
]
}
}

148
2008/3xxx/CVE-2008-3421.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3421",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ceaseless.ws/bb-csrf/",
"refsource" : "MISC",
"url" : "http://ceaseless.ws/bb-csrf/"
},
{
"name" : "1020559",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020559"
},
{
"name" : "31177",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31177"
},
{
"name" : "blackboard-unspecified-csrf(43986)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43986"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020559",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020559"
},
{
"name": "http://ceaseless.ws/bb-csrf/",
"refsource": "MISC",
"url": "http://ceaseless.ws/bb-csrf/"
},
{
"name": "blackboard-unspecified-csrf(43986)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43986"
},
{
"name": "31177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31177"
}
]
}
}

148
2008/3xxx/CVE-2008-3953.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3953",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in keyword_search_action.php in Vastal I-Tech Shaadi Zone 1.0.9 allows remote attackers to execute arbitrary SQL commands via the tage parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6385",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6385"
},
{
"name" : "31039",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31039"
},
{
"name" : "4232",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4232"
},
{
"name" : "shaadizone-keywordsearch-sql-injection(44947)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44947"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in keyword_search_action.php in Vastal I-Tech Shaadi Zone 1.0.9 allows remote attackers to execute arbitrary SQL commands via the tage parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6385",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6385"
},
{
"name": "4232",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4232"
},
{
"name": "31039",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31039"
},
{
"name": "shaadizone-keywordsearch-sql-injection(44947)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44947"
}
]
}
}

158
2008/3xxx/CVE-2008-3997.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3997",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle OLAP component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect availability, related to SYS.DBMS_XSOQ_ODBO."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2008-3997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html"
},
{
"name" : "33177",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33177"
},
{
"name" : "ADV-2009-0115",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0115"
},
{
"name" : "1021561",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021561"
},
{
"name" : "33525",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33525"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle OLAP component in Oracle Database 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect availability, related to SYS.DBMS_XSOQ_ODBO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33525"
},
{
"name": "1021561",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021561"
},
{
"name": "ADV-2009-0115",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0115"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html"
},
{
"name": "33177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33177"
}
]
}
}

498
2008/4xxx/CVE-2008-4101.json
View File

@ -1,252 +1,252 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4101",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a \";\" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) \"Ctrl-]\" (control close-square-bracket) or (3) \"g]\" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080822 Vim: Arbitrary Code Execution in Commands: K, Control-], g]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/495662"
},
{
"name" : "20080825 RE: Arbitrary Code Execution in Commands: K, Control-], g]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/495703"
},
{
"name" : "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
},
{
"name" : "[oss-security] 20080911 Re: [oss-list] CVE request (vim)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/09/11/4"
},
{
"name" : "[oss-security] 20080911 [oss-list] CVE request (vim)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/09/11/3"
},
{
"name" : "[oss-security] 20080915 Re: [oss-list] CVE request (vim)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/09/16/5"
},
{
"name" : "[oss-security] 20080915 Re: [oss-list] CVE request (vim)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/09/16/6"
},
{
"name" : "[vim-dev] 20080903 Patch 7.2.010",
"refsource" : "MLIST",
"url" : "http://ftp.vim.org/pub/vim/patches/7.2/7.2.010"
},
{
"name" : "[vim_dev] 20080824 Bug with v_K and potentially K command",
"refsource" : "MLIST",
"url" : "http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33"
},
{
"name" : "http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2",
"refsource" : "MISC",
"url" : "http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2"
},
{
"name" : "http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2",
"refsource" : "MISC",
"url" : "http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2"
},
{
"name" : "http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e",
"refsource" : "MISC",
"url" : "http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e"
},
{
"name" : "http://www.rdancer.org/vulnerablevim-K.html",
"refsource" : "MISC",
"url" : "http://www.rdancer.org/vulnerablevim-K.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=461927",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=461927"
},
{
"name" : "http://support.apple.com/kb/HT3216",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3216"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0004.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
},
{
"name" : "http://support.apple.com/kb/HT4077",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4077"
},
{
"name" : "APPLE-SA-2008-10-09",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name" : "APPLE-SA-2010-03-29-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name" : "MDVSA-2008:236",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"name" : "RHSA-2008:0617",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
},
{
"name" : "RHSA-2008:0580",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"name" : "RHSA-2008:0618",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0618.html"
},
{
"name" : "USN-712-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-712-1"
},
{
"name" : "31681",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31681"
},
{
"name" : "30795",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30795"
},
{
"name" : "oval:org.mitre.oval:def:10894",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894"
},
{
"name" : "oval:org.mitre.oval:def:5812",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812"
},
{
"name" : "31592",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31592"
},
{
"name" : "32858",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32858"
},
{
"name" : "32864",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32864"
},
{
"name" : "ADV-2008-2780",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name" : "ADV-2009-0033",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0033"
},
{
"name" : "32222",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32222"
},
{
"name" : "33410",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33410"
},
{
"name" : "ADV-2009-0904",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0904"
},
{
"name" : "vim-normal-command-execution(44626)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44626"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a \";\" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) \"Ctrl-]\" (control close-square-bracket) or (3) \"g]\" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0004.html"
},
{
"name": "[vim-dev] 20080903 Patch 7.2.010",
"refsource": "MLIST",
"url": "http://ftp.vim.org/pub/vim/patches/7.2/7.2.010"
},
{
"name": "RHSA-2008:0618",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0618.html"
},
{
"name": "[oss-security] 20080915 Re: [oss-list] CVE request (vim)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/16/5"
},
{
"name": "31592",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31592"
},
{
"name": "20080825 RE: Arbitrary Code Execution in Commands: K, Control-], g]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495703"
},
{
"name": "USN-712-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-712-1"
},
{
"name": "[oss-security] 20080911 Re: [oss-list] CVE request (vim)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/11/4"
},
{
"name": "oval:org.mitre.oval:def:10894",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10894"
},
{
"name": "31681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "[oss-security] 20080915 Re: [oss-list] CVE request (vim)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/16/6"
},
{
"name": "32858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32858"
},
{
"name": "33410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33410"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "RHSA-2008:0580",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0580.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-001.htm"
},
{
"name": "vim-normal-command-execution(44626)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44626"
},
{
"name": "ADV-2009-0904",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0904"
},
{
"name": "ADV-2009-0033",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0033"
},
{
"name": "20090401 VMSA-2009-0004 ESX Service Console updates for openssl, bind, and vim",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded"
},
{
"name": "http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2",
"refsource": "MISC",
"url": "http://groups.google.com/group/vim_dev/attach/dd32ad3a84f36bb2/K-arbitrary-command-execution.patch?part=2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=461927",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=461927"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-457.htm"
},
{
"name": "32222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32222"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "30795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30795"
},
{
"name": "oval:org.mitre.oval:def:5812",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5812"
},
{
"name": "http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2",
"refsource": "MISC",
"url": "http://groups.google.com/group/vim_dev/attach/9290f26f9bc11b33/K-arbitrary-command-execution.patch.v3?part=2"
},
{
"name": "[oss-security] 20080911 [oss-list] CVE request (vim)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/11/3"
},
{
"name": "20080822 Vim: Arbitrary Code Execution in Commands: K, Control-], g]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495662"
},
{
"name": "MDVSA-2008:236",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:236"
},
{
"name": "ADV-2008-2780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "32864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32864"
},
{
"name": "[vim_dev] 20080824 Bug with v_K and potentially K command",
"refsource": "MLIST",
"url": "http://groups.google.com/group/vim_dev/msg/9290f26f9bc11b33"
},
{
"name": "http://www.rdancer.org/vulnerablevim-K.html",
"refsource": "MISC",
"url": "http://www.rdancer.org/vulnerablevim-K.html"
},
{
"name": "APPLE-SA-2008-10-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT3216",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e",
"refsource": "MISC",
"url": "http://groups.google.com/group/vim_dev/browse_thread/thread/1434d0812b5c817e/6ad2d5b50a96668e"
},
{
"name": "RHSA-2008:0617",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0617.html"
}
]
}
}

198
2008/4xxx/CVE-2008-4473.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4473",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081015 Multiple Flash Authoring Heap Overflows - Malformed SWF Files",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/497397/100/0/threaded"
},
{
"name" : "http://security-assessment.com/files/advisories/2008-10-16_Multiple_Flash_Authoring_Heap_Overflows.pdf",
"refsource" : "MISC",
"url" : "http://security-assessment.com/files/advisories/2008-10-16_Multiple_Flash_Authoring_Heap_Overflows.pdf"
},
{
"name" : "http://www.adobe.com/support/security/advisories/apsa08-09.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/advisories/apsa08-09.html"
},
{
"name" : "31769",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31769"
},
{
"name" : "ADV-2008-2837",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2837"
},
{
"name" : "1021060",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1021060"
},
{
"name" : "32246",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32246"
},
{
"name" : "4429",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4429"
},
{
"name" : "adobe-flash-cs3-bo(45914)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45914"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "adobe-flash-cs3-bo(45914)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45914"
},
{
"name": "1021060",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021060"
},
{
"name": "31769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31769"
},
{
"name": "20081015 Multiple Flash Authoring Heap Overflows - Malformed SWF Files",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497397/100/0/threaded"
},
{
"name": "http://www.adobe.com/support/security/advisories/apsa08-09.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/advisories/apsa08-09.html"
},
{
"name": "ADV-2008-2837",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2837"
},
{
"name": "http://security-assessment.com/files/advisories/2008-10-16_Multiple_Flash_Authoring_Heap_Overflows.pdf",
"refsource": "MISC",
"url": "http://security-assessment.com/files/advisories/2008-10-16_Multiple_Flash_Authoring_Heap_Overflows.pdf"
},
{
"name": "32246",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32246"
},
{
"name": "4429",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4429"
}
]
}
}

148
2008/4xxx/CVE-2008-4531.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4531",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries. NOTE: this might be the same issue as CVE-2008-4338."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/315919",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/315919"
},
{
"name" : "31554",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31554"
},
{
"name" : "32106",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32106"
},
{
"name" : "brilliantgallery-unspecified-sql-injection(45637)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45637"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries. NOTE: this might be the same issue as CVE-2008-4338."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32106"
},
{
"name": "brilliantgallery-unspecified-sql-injection(45637)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45637"
},
{
"name": "http://drupal.org/node/315919",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/315919"
},
{
"name": "31554",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31554"
}
]
}
}

148
2008/6xxx/CVE-2008-6103.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6103",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in index.php in A4Desk Event Calendar, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the v parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0809-exploits/a4deskphp-rfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0809-exploits/a4deskphp-rfi.txt"
},
{
"name" : "31507",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31507"
},
{
"name" : "32083",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32083"
},
{
"name" : "a4deskeventcalendar-index-file-include(45553)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45553"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in A4Desk Event Calendar, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the v parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "a4deskeventcalendar-index-file-include(45553)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45553"
},
{
"name": "32083",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32083"
},
{
"name": "31507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31507"
},
{
"name": "http://packetstormsecurity.org/0809-exploits/a4deskphp-rfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0809-exploits/a4deskphp-rfi.txt"
}
]
}
}

138
2008/6xxx/CVE-2008-6518.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6518",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in the profile feature in VidiScript allows registered remote authenticated users to execute arbitrary code by uploading a PHP file as an Avatar, then accessing the avatar via a direct request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6259",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6259"
},
{
"name" : "30721",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30721"
},
{
"name" : "vidiscript-avatar-file-upload(44525)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44525"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in the profile feature in VidiScript allows registered remote authenticated users to execute arbitrary code by uploading a PHP file as an Avatar, then accessing the avatar via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6259",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6259"
},
{
"name": "30721",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30721"
},
{
"name": "vidiscript-avatar-file-upload(44525)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44525"
}
]
}
}

168
2008/6xxx/CVE-2008-6920.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6920",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in auth.php in phpEmployment 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension during a regnew action, then accessing it via a direct request to the file in photoes/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7563",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7563"
},
{
"name" : "33000",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33000"
},
{
"name" : "50981",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/50981"
},
{
"name" : "33268",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33268"
},
{
"name" : "ADV-2008-3508",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3508"
},
{
"name" : "phpemployment-auth-file-upload(47592)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47592"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in auth.php in phpEmployment 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension during a regnew action, then accessing it via a direct request to the file in photoes/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpemployment-auth-file-upload(47592)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47592"
},
{
"name": "ADV-2008-3508",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3508"
},
{
"name": "33268",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33268"
},
{
"name": "33000",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33000"
},
{
"name": "50981",
"refsource": "OSVDB",
"url": "http://osvdb.org/50981"
},
{
"name": "7563",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7563"
}
]
}
}

138
2008/6xxx/CVE-2008-6964.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6964",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows remote attackers to execute arbitrary SQL commands via the password field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7123",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7123"
},
{
"name" : "32309",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32309"
},
{
"name" : "x7chat-login-sql-injection(46640)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46640"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows remote attackers to execute arbitrary SQL commands via the password field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7123",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7123"
},
{
"name": "x7chat-login-sql-injection(46640)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46640"
},
{
"name": "32309",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32309"
}
]
}
}

148
2008/7xxx/CVE-2008-7040.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7040",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080216 WordPress SQL Injection(wp-content-simple-forum)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/488279"
},
{
"name" : "27854",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27854"
},
{
"name" : "52210",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/52210"
},
{
"name" : "simpleforum-sfprofile-sql-injection(41578)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41578"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080216 WordPress SQL Injection(wp-content-simple-forum)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488279"
},
{
"name": "52210",
"refsource": "OSVDB",
"url": "http://osvdb.org/52210"
},
{
"name": "simpleforum-sfprofile-sql-injection(41578)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41578"
},
{
"name": "27854",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27854"
}
]
}
}

138
2008/7xxx/CVE-2008-7203.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7203",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Valve Software Half-Life Counter-Strike 1.6 allows remote attackers to cause a denial of service (crash) via multiple crafted login packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4856",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4856"
},
{
"name" : "27159",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27159"
},
{
"name" : "counterstrike-unspecified-dos(39535)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39535"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Valve Software Half-Life Counter-Strike 1.6 allows remote attackers to cause a denial of service (crash) via multiple crafted login packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4856",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4856"
},
{
"name": "27159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27159"
},
{
"name": "counterstrike-unspecified-dos(39535)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39535"
}
]
}
}

368
2013/2xxx/CVE-2013-2443.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2443",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect \"checking order\" within the AccessControlContext class."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-2443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/0344da726f70",
"refsource" : "MISC",
"url" : "http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/0344da726f70"
},
{
"name" : "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/f6dce3552285",
"refsource" : "MISC",
"url" : "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/f6dce3552285"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=975137",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=975137"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644197",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
},
{
"name" : "http://advisories.mageia.org/MGASA-2013-0185.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2013-0185.html"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "HPSBUX02907",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=137545505800971&w=2"
},
{
"name" : "MDVSA-2013:183",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183"
},
{
"name" : "RHSA-2013:0963",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0963.html"
},
{
"name" : "RHSA-2013:1081",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1081.html"
},
{
"name" : "RHSA-2013:1455",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name" : "RHSA-2013:1456",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name" : "RHSA-2013:1059",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1059.html"
},
{
"name" : "RHSA-2014:0414",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"name" : "SUSE-SU-2013:1305",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
},
{
"name" : "SUSE-SU-2013:1293",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html"
},
{
"name" : "SUSE-SU-2013:1255",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
},
{
"name" : "SUSE-SU-2013:1257",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
},
{
"name" : "SUSE-SU-2013:1263",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html"
},
{
"name" : "TA13-169A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-169A"
},
{
"name" : "60646",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/60646"
},
{
"name" : "oval:org.mitre.oval:def:17230",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17230"
},
{
"name" : "oval:org.mitre.oval:def:19299",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19299"
},
{
"name" : "54154",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54154"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality via unknown vectors related to Libraries, a different vulnerability than CVE-2013-2452 and CVE-2013-2455. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is due to an incorrect \"checking order\" within the AccessControlContext class."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60646",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60646"
},
{
"name": "RHSA-2014:0414",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2014:0414"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "oval:org.mitre.oval:def:17230",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17230"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html"
},
{
"name": "SUSE-SU-2013:1257",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
},
{
"name": "HPSBUX02907",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=137545505800971&w=2"
},
{
"name": "54154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54154"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "SUSE-SU-2013:1263",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html"
},
{
"name": "RHSA-2013:1059",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
},
{
"name": "SUSE-SU-2013:1293",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html"
},
{
"name": "RHSA-2013:1081",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1081.html"
},
{
"name": "TA13-169A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-169A"
},
{
"name": "http://advisories.mageia.org/MGASA-2013-0185.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2013-0185.html"
},
{
"name": "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/f6dce3552285",
"refsource": "MISC",
"url": "http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/f6dce3552285"
},
{
"name": "RHSA-2013:0963",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0963.html"
},
{
"name": "SUSE-SU-2013:1255",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
},
{
"name": "RHSA-2013:1456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/0344da726f70",
"refsource": "MISC",
"url": "http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/0344da726f70"
},
{
"name": "MDVSA-2013:183",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:183"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336"
},
{
"name": "SUSE-SU-2013:1305",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=975137",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=975137"
},
{
"name": "oval:org.mitre.oval:def:19299",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19299"
}
]
}
}

32
2013/2xxx/CVE-2013-2539.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2539",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2539",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

238
2013/2xxx/CVE-2013-2924.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2924",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2013-2924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.icu-project.org/trac/ticket/10318",
"refsource" : "CONFIRM",
"url" : "http://bugs.icu-project.org/trac/ticket/10318"
},
{
"name" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=275803",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=275803"
},
{
"name" : "https://src.chromium.org/viewvc/chrome?revision=219151&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/chrome?revision=219151&view=revision"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name" : "DSA-2785",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2785"
},
{
"name" : "DSA-2786",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2786"
},
{
"name" : "openSUSE-SU-2013:1556",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html"
},
{
"name" : "openSUSE-SU-2013:1861",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html"
},
{
"name" : "openSUSE-SU-2014:0065",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"
},
{
"name" : "JVN#85336306",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN85336306/index.html"
},
{
"name" : "64758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64758"
},
{
"name" : "oval:org.mitre.oval:def:19017",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19017"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=275803",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=275803"
},
{
"name": "http://bugs.icu-project.org/trac/ticket/10318",
"refsource": "CONFIRM",
"url": "http://bugs.icu-project.org/trac/ticket/10318"
},
{
"name": "openSUSE-SU-2014:0065",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"
},
{
"name": "DSA-2785",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2785"
},
{
"name": "openSUSE-SU-2013:1556",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html"
},
{
"name": "JVN#85336306",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85336306/index.html"
},
{
"name": "oval:org.mitre.oval:def:19017",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19017"
},
{
"name": "DSA-2786",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2786"
},
{
"name": "openSUSE-SU-2013:1861",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "https://src.chromium.org/viewvc/chrome?revision=219151&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/chrome?revision=219151&view=revision"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
}
]
}
}

128
2013/6xxx/CVE-2013-6373.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6373",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20",
"refsource" : "MISC",
"url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20"
},
{
"name" : "https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin",
"refsource" : "CONFIRM",
"url" : "https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20",
"refsource": "MISC",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-11-20"
},
{
"name": "https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin",
"refsource": "CONFIRM",
"url": "https://wiki.jenkins-ci.org/display/JENKINS/Exclusion-Plugin"
}
]
}
}

158
2017/11xxx/CVE-2017-11258.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00",
"ID" : "CVE-2017-11258",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Acrobat Reader",
"version" : {
"version_data" : [
{
"version_value" : "2017.009.20058 and earlier"
},
{
"version_value" : "2017.008.30051 and earlier"
},
{
"version_value" : "2015.006.30306 and earlier"
},
{
"version_value" : "11.0.20 and earlier"
}
]
}
}
]
},
"vendor_name" : "Adobe Systems Incorporated"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded GIF image. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-11258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acrobat Reader",
"version": {
"version_data": [
{
"version_value": "2017.009.20058 and earlier"
},
{
"version_value": "2017.008.30051 and earlier"
},
{
"version_value": "2015.006.30306 and earlier"
},
{
"version_value": "11.0.20 and earlier"
}
]
}
}
]
},
"vendor_name": "Adobe Systems Incorporated"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
},
{
"name" : "100184",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100184"
},
{
"name" : "1039098",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039098"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded GIF image. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100184"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
},
{
"name": "1039098",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039098"
}
]
}
}

32
2017/11xxx/CVE-2017-11493.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11493",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-11493",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}

140
2017/11xxx/CVE-2017-11814.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-10-10T00:00:00",
"ID" : "CVE-2017-11814",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows Kernel",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11785."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-10-10T00:00:00",
"ID": "CVE-2017-11814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows Kernel",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11814",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11814"
},
{
"name" : "101093",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101093"
},
{
"name" : "1039526",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039526"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11785."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039526",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039526"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11814",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11814"
},
{
"name": "101093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101093"
}
]
}
}

32
2017/14xxx/CVE-2017-14776.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14776",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-14776",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

188
2017/15xxx/CVE-2017-15097.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "anemec@redhat.com",
"ID" : "CVE-2017-15097",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "postgresql init script",
"version" : {
"version_data" : [
{
"version_value" : "all"
}
]
}
}
]
},
"vendor_name" : "Red Hat"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "6.5/CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-59"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-15097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "postgresql init script",
"version": {
"version_data": [
{
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097"
},
{
"name" : "RHSA-2017:3402",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3402"
},
{
"name" : "RHSA-2017:3403",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3403"
},
{
"name" : "RHSA-2017:3404",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3404"
},
{
"name" : "RHSA-2017:3405",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3405"
},
{
"name" : "1039983",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039983"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:3402",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3402"
},
{
"name": "RHSA-2017:3403",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3403"
},
{
"name": "RHSA-2017:3405",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3405"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097"
},
{
"name": "1039983",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039983"
},
{
"name": "RHSA-2017:3404",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3404"
}
]
}
}

32
2017/15xxx/CVE-2017-15149.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15149",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15149",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2017/15xxx/CVE-2017-15233.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15233",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15233",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/15xxx/CVE-2017-15312.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2017-12-01T00:00:00",
"ID" : "CVE-2017-15312",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SmartCare",
"version" : {
"version_data" : [
{
"version_value" : "V200R003C10"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious scripts in the affected device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XSS"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-12-01T00:00:00",
"ID": "CVE-2017-15312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SmartCare",
"version": {
"version_data": [
{
"version_value": "V200R003C10"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171201-01-smartcare-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171201-01-smartcare-en"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious scripts in the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171201-01-smartcare-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-notices/huawei-sn-20171201-01-smartcare-en"
}
]
}
}

118
2017/15xxx/CVE-2017-15802.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15802",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000087.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15802",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15802"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77310000!LdrpResCompareResourceNames+0x0000000000000087.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15802",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15802"
}
]
}
}

170
2017/9xxx/CVE-2017-9267.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@microfocus.com",
"DATE_PUBLIC" : "2017-10-02T00:00:00.000Z",
"ID" : "CVE-2017-9267",
"STATE" : "PUBLIC",
"TITLE" : "eDirectory LDAP peer certificate validation issue"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "eDirectory",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "9.0.3.1"
}
]
}
}
]
},
"vendor_name" : "Novell"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-757"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2017-10-02T00:00:00.000Z",
"ID": "CVE-2017-9267",
"STATE": "PUBLIC",
"TITLE": "eDirectory LDAP peer certificate validation issue"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "eDirectory",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "9.0.3.1"
}
]
}
}
]
},
"vendor_name": "Novell"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.novell.com/support/kb/doc.php?id=7016794",
"refsource" : "CONFIRM",
"url" : "https://www.novell.com/support/kb/doc.php?id=7016794"
}
]
},
"source" : {
"advisory" : "7016794",
"defect" : [
"977754"
],
"discovery" : "INTERNAL"
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictly enforcing cipher restrictions allowing weaker ciphers to be used during SSL BIND operations."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-757"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7016794",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7016794"
}
]
},
"source": {
"advisory": "7016794",
"defect": [
"977754"
],
"discovery": "INTERNAL"
}
}

128
2017/9xxx/CVE-2017-9340.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9340",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hackerone.com/reports/166581",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/166581"
},
{
"name" : "https://owncloud.org/security/advisory/?id=oc-sa-2017-006",
"refsource" : "CONFIRM",
"url" : "https://owncloud.org/security/advisory/?id=oc-sa-2017-006"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/166581",
"refsource": "MISC",
"url": "https://hackerone.com/reports/166581"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2017-006",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2017-006"
}
]
}
}

118
2017/9xxx/CVE-2017-9770.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9770",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse that can cause an out of bounds read operation to occur due to a field within the IOCTL data being used as a length."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://warroom.securestate.com/cve-2017-9770/",
"refsource" : "MISC",
"url" : "https://warroom.securestate.com/cve-2017-9770/"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse that can cause an out of bounds read operation to occur due to a field within the IOCTL data being used as a length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://warroom.securestate.com/cve-2017-9770/",
"refsource": "MISC",
"url": "https://warroom.securestate.com/cve-2017-9770/"
}
]
}
}

32
2018/0xxx/CVE-2018-0985.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0985",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-0985",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/12xxx/CVE-2018-12189.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2019-03-12T00:00:00",
"ID" : "CVE-2018-12189",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Intel(R) CSME, Server Platform Services, Trusted Execution Engine and Intel(R) Active Management Technology",
"version" : {
"version_data" : [
{
"version_value" : "Multiple versions."
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially modify data via local access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Escalation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2019-03-12T00:00:00",
"ID": "CVE-2018-12189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) CSME, Server Platform Services, Trusted Execution Engine and Intel(R) Active Management Technology",
"version": {
"version_data": [
{
"version_value": "Multiple versions."
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html",
"refsource" : "CONFIRM",
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially modify data via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html"
}
]
}
}

120
2018/12xxx/CVE-2018-12216.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2019-03-12T00:00:00",
"ID" : "CVE-2018-12216",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Intel(R) Graphics Driver for Windows",
"version" : {
"version_data" : [
{
"version_value" : "Multiple versions."
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access via local access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Escalation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2019-03-12T00:00:00",
"ID": "CVE-2018-12216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) Graphics Driver for Windows",
"version": {
"version_data": [
{
"version_value": "Multiple versions."
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html",
"refsource" : "CONFIRM",
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html"
}
]
}
}

32
2018/12xxx/CVE-2018-12444.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12444",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12444",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2018/12xxx/CVE-2018-12823.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-12823",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Digital Editions",
"version" : {
"version_data" : [
{
"version_value" : "4.5.8 and below versions"
}
]
}
}
]
},
"vendor_name" : "Adobe"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap overflow"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-12823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Digital Editions",
"version": {
"version_data": [
{
"version_value": "4.5.8 and below versions"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Digital Editions versions 4.5.8 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html"
}
]
}
}

32
2018/12xxx/CVE-2018-12935.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12935",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12935",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2018/13xxx/CVE-2018-13792.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13792",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.abbyydownloads.com/fc12/ReleaseNotes_FC12_R2_U6_1299.29_build_12.0.2.1420.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.abbyydownloads.com/fc12/ReleaseNotes_FC12_R2_U6_1299.29_build_12.0.2.1420.pdf"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the monitoring feature in the HTTP API in ABBYY FlexiCapture before 12 Release 2 allow an attacker to execute arbitrary SQL commands via the mask, sortOrder, filter, or Order parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.abbyydownloads.com/fc12/ReleaseNotes_FC12_R2_U6_1299.29_build_12.0.2.1420.pdf",
"refsource": "CONFIRM",
"url": "http://www.abbyydownloads.com/fc12/ReleaseNotes_FC12_R2_U6_1299.29_build_12.0.2.1420.pdf"
}
]
}
}

118
2018/16xxx/CVE-2018-16286.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16286",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html",
"refsource" : "MISC",
"url" : "http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LG SuperSign CMS allows authentication bypass because the CAPTCHA requirement is skipped if a captcha:pass cookie is sent, and because the PIN is limited to four digits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html",
"refsource": "MISC",
"url": "http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html"
}
]
}
}

32
2018/16xxx/CVE-2018-16340.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16340",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16340",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2018/16xxx/CVE-2018-16372.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16372",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=content&a=search kw parameter. NOTE: this product is discontinued."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/iechoo/ideacms/issues/1",
"refsource" : "MISC",
"url" : "https://github.com/iechoo/ideacms/issues/1"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=content&a=search kw parameter. NOTE: this product is discontinued."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/iechoo/ideacms/issues/1",
"refsource": "MISC",
"url": "https://github.com/iechoo/ideacms/issues/1"
}
]
}
}

146
2018/16xxx/CVE-2018-16555.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "productcert@siemens.com",
"ID" : "CVE-2018-16555",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SCALANCE S602, SCALANCE S612, SCALANCE S623, SCALANCE S627-2M",
"version" : {
"version_data" : [
{
"version_value" : "SCALANCE S602 : All versions < V4.0.1.1"
},
{
"version_value" : "SCALANCE S612 : All versions < V4.0.1.1"
},
{
"version_value" : "SCALANCE S623 : All versions < V4.0.1.1"
},
{
"version_value" : "SCALANCE S627-2M : All versions < V4.0.1.1"
}
]
}
}
]
},
"vendor_name" : "Siemens AG"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-16555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCALANCE S602, SCALANCE S612, SCALANCE S623, SCALANCE S627-2M",
"version": {
"version_data": [
{
"version_value": "SCALANCE S602 : All versions < V4.0.1.1"
},
{
"version_value": "SCALANCE S612 : All versions < V4.0.1.1"
},
{
"version_value": "SCALANCE S623 : All versions < V4.0.1.1"
},
{
"version_value": "SCALANCE S627-2M : All versions < V4.0.1.1"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-242982.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-242982.pdf"
},
{
"name" : "105937",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105937"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-242982.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-242982.pdf"
},
{
"name": "105937",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105937"
}
]
}
}

118
2018/16xxx/CVE-2018-16724.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16724",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/xxy961216/attack-baijiacmsV4-with-blind-sql-injection",
"refsource" : "MISC",
"url" : "https://github.com/xxy961216/attack-baijiacmsV4-with-blind-sql-injection"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xxy961216/attack-baijiacmsV4-with-blind-sql-injection",
"refsource": "MISC",
"url": "https://github.com/xxy961216/attack-baijiacmsV4-with-blind-sql-injection"
}
]
}
}

210
2018/16xxx/CVE-2018-16841.json
View File

@ -1,108 +1,108 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sfowler@redhat.com",
"ID" : "CVE-2018-16841",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "samba",
"version" : {
"version_data" : [
{
"version_value" : "4.7.12"
},
{
"version_value" : "4.8.7"
},
{
"version_value" : "4.9.3"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.7/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "samba",
"version": {
"version_data": [
{
"version_value": "4.7.12"
},
{
"version_value": "4.8.7"
},
{
"version_value": "4.9.3"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16841",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16841"
},
{
"name" : "https://www.samba.org/samba/security/CVE-2018-16841.html",
"refsource" : "CONFIRM",
"url" : "https://www.samba.org/samba/security/CVE-2018-16841.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20181127-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20181127-0001/"
},
{
"name" : "DSA-4345",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4345"
},
{
"name" : "USN-3827-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3827-1/"
},
{
"name" : "USN-3827-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3827-2/"
},
{
"name" : "106023",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106023"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.7/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106023"
},
{
"name": "USN-3827-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3827-2/"
},
{
"name": "USN-3827-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3827-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181127-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181127-0001/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16841",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16841"
},
{
"name": "DSA-4345",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4345"
},
{
"name": "https://www.samba.org/samba/security/CVE-2018-16841.html",
"refsource": "CONFIRM",
"url": "https://www.samba.org/samba/security/CVE-2018-16841.html"
}
]
}
}

32
2018/4xxx/CVE-2018-4719.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4719",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4719",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

136
2018/4xxx/CVE-2018-4853.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "productcert@siemens.com",
"DATE_PUBLIC" : "2018-07-03T00:00:00",
"ID" : "CVE-2018-4853",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SICLOCK TC100, SICLOCK TC400",
"version" : {
"version_data" : [
{
"version_value" : "SICLOCK TC100 : All versions"
},
{
"version_value" : "SICLOCK TC400 : All versions"
}
]
}
}
]
},
"vendor_name" : "Siemens AG"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the firmware of the device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-306: Missing Authentication for Critical Function"
}
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"DATE_PUBLIC": "2018-07-03T00:00:00",
"ID": "CVE-2018-4853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SICLOCK TC100, SICLOCK TC400",
"version": {
"version_data": [
{
"version_value": "SICLOCK TC100 : All versions"
},
{
"version_value": "SICLOCK TC400 : All versions"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
},
{
"name" : "104672",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104672"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the firmware of the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306: Missing Authentication for Critical Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104672",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104672"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
}
]
}
}

136
2018/4xxx/CVE-2018-4856.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "productcert@siemens.com",
"DATE_PUBLIC" : "2018-07-03T00:00:00",
"ID" : "CVE-2018-4856",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SICLOCK TC100, SICLOCK TC400",
"version" : {
"version_data" : [
{
"version_value" : "SICLOCK TC100 : All versions"
},
{
"version_value" : "SICLOCK TC400 : All versions"
}
]
}
}
]
},
"vendor_name" : "Siemens AG"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with administrative access to the device's management interface could lock out legitimate users. Manual interaction is required to restore the access of legitimate users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-287: Improper Authentication"
}
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"DATE_PUBLIC": "2018-07-03T00:00:00",
"ID": "CVE-2018-4856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SICLOCK TC100, SICLOCK TC400",
"version": {
"version_data": [
{
"version_value": "SICLOCK TC100 : All versions"
},
{
"version_value": "SICLOCK TC400 : All versions"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
},
{
"name" : "104672",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104672"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with administrative access to the device's management interface could lock out legitimate users. Manual interaction is required to restore the access of legitimate users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104672",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104672"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
}
]
}
}

138
2018/4xxx/CVE-2018-4985.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-4985",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-4985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions",
"version": {
"version_data": [
{
"version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html",
"refsource" : "MISC",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"
},
{
"name" : "104175",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104175"
},
{
"name" : "1040920",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040920"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"
},
{
"name": "1040920",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040920"
},
{
"name": "104175",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104175"
}
]
}
}