admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:22:43 +00:00
parent 2a4ebeafc4
commit 5f6d84c100
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 3904 additions and 3899 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
2004/0xxx/CVE-2004-0048.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0048", "ID": "CVE-2004-0048",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2004/0xxx/CVE-2004-0094.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0094", "ID": "CVE-2004-0094",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "CLSA-2004:824", "description_data": [
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000824" "lang": "eng",
}, "value": "Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI)."
{ }
"name" : "DSA-443", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2004/dsa-443" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2004:152", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-152.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20040406-01-U", ]
"refsource" : "SGI", }
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U" ]
}, },
{ "references": {
"name" : "9701", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/9701" "name": "DSA-443",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2004/dsa-443"
"name" : "xfree86-glx-integer-dos(15273)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15273" "name": "20040406-01-U",
} "refsource": "SGI",
] "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U"
} },
} {
"name": "9701",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9701"
},
{
"name": "RHSA-2004:152",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-152.html"
},
{
"name": "xfree86-glx-integer-dos(15273)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15273"
},
{
"name": "CLSA-2004:824",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000824"
}
]
}
}

230
2004/0xxx/CVE-2004-0181.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0181", "ID": "CVE-2004-0181",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "ESA-20040428-004", "description_data": [
"refsource" : "ENGARDE", {
"url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html" "lang": "eng",
}, "value": "The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device."
{ }
"name" : "GLSA-200407-02", ]
"refsource" : "GENTOO", },
"url" : "http://security.gentoo.org/glsa/glsa-200407-02.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDKSA-2004:029", "description": [
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:029" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2005:663", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2005-663.html" ]
}, },
{ "references": {
"name" : "RHSA-2004:504", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-504.html" "name": "2004-0020",
}, "refsource": "TRUSTIX",
{ "url": "http://marc.info/?l=bugtraq&m=108213675028441&w=2"
"name" : "2004-0020", },
"refsource" : "TRUSTIX", {
"url" : "http://marc.info/?l=bugtraq&m=108213675028441&w=2" "name": "oval:org.mitre.oval:def:10329",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10329"
"name" : "TLSA-2004-14", },
"refsource" : "TURBO", {
"url" : "http://www.turbolinux.com/security/2004/TLSA-2004-14.txt" "name": "TLSA-2004-14",
}, "refsource": "TURBO",
{ "url": "http://www.turbolinux.com/security/2004/TLSA-2004-14.txt"
"name" : "10143", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10143" "name": "17002",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17002"
"name" : "oval:org.mitre.oval:def:10329", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10329" "name": "10143",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/10143"
"name" : "ADV-2005-1878", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/1878" "name": "ESA-20040428-004",
}, "refsource": "ENGARDE",
{ "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html"
"name" : "17002", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17002" "name": "RHSA-2005:663",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2005-663.html"
"name" : "linux-jfs-info-disclosure(15902)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15902" "name": "ADV-2005-1878",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2005/1878"
} },
} {
"name": "linux-jfs-info-disclosure(15902)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15902"
},
{
"name": "RHSA-2004:504",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-504.html"
},
{
"name": "MDKSA-2004:029",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:029"
},
{
"name": "GLSA-200407-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200407-02.xml"
}
]
}
}

170
2004/0xxx/CVE-2004-0194.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0194", "ID": "CVE-2004-0194",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the OutputDebugString function for Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary code via a PDF document with XML Forms Data Format (XFDF) data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040303 Abobe Reader 5.1 XFDF Buffer Overflow Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=107842545022724&w=2" "lang": "eng",
}, "value": "Stack-based buffer overflow in the OutputDebugString function for Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary code via a PDF document with XML Forms Data Format (XFDF) data."
{ }
"name" : "20040303 Adobe Acrobat Reader XML Forms Data Format Buffer Overflow", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018227.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.nextgenss.com/advisories/adobexfdf.txt", "description": [
"refsource" : "MISC", {
"url" : "http://www.nextgenss.com/advisories/adobexfdf.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "9802", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/9802" ]
}, },
{ "references": {
"name" : "acrobatreader-xfdf-bo(15384)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15384" "name": "4135",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/4135"
"name" : "4135", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/4135" "name": "9802",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/9802"
} },
} {
"name": "acrobatreader-xfdf-bo(15384)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15384"
},
{
"name": "20040303 Abobe Reader 5.1 XFDF Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107842545022724&w=2"
},
{
"name": "20040303 Adobe Acrobat Reader XML Forms Data Format Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018227.html"
},
{
"name": "http://www.nextgenss.com/advisories/adobexfdf.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/advisories/adobexfdf.txt"
}
]
}
}

180
2004/1xxx/CVE-2004-1444.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1444", "ID": "CVE-2004-1444",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.nl/0406-exploits/roundUP.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.nl/0406-exploits/roundUP.txt" "lang": "eng",
}, "value": "Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request."
{ }
"name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=961511&group_id=31577&atid=402788", ]
"refsource" : "CONFIRM", },
"url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=961511&group_id=31577&atid=402788" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-200408-09", "description": [
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200408-09.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "11801", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/11801/" ]
}, },
{ "references": {
"name" : "1010415", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1010415" "name": "1010415",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1010415"
"name" : "10495", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10495" "name": "10495",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/10495"
"name" : "roundup-get-view-file(16350)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16350" "name": "roundup-get-view-file(16350)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16350"
} },
} {
"name": "http://sourceforge.net/tracker/index.php?func=detail&aid=961511&group_id=31577&atid=402788",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail&aid=961511&group_id=31577&atid=402788"
},
{
"name": "11801",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11801/"
},
{
"name": "http://packetstormsecurity.nl/0406-exploits/roundUP.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.nl/0406-exploits/roundUP.txt"
},
{
"name": "GLSA-200408-09",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-09.xml"
}
]
}
}

150
2004/1xxx/CVE-2004-1494.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1494", "ID": "CVE-2004-1494",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 allows remote attackers to cause a denial of service ( CPU consumption or application exit) and possibly execute arbitrary code via a long string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041101 XDICT Buffer OverRun Vulnerability,funny :-)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109933696831725&w=2" "lang": "eng",
}, "value": "Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 allows remote attackers to cause a denial of service ( CPU consumption or application exit) and possibly execute arbitrary code via a long string."
{ }
"name" : "20041101 XDICT Buffer OverRun Vulnerability,funny :-)", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028241.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://secway.org/Advisory/Ad20041026EN.txt", "description": [
"refsource" : "MISC", {
"url" : "http://secway.org/Advisory/Ad20041026EN.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "xdict-screen-fetch-bo(17929)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17929" ]
} },
] "references": {
} "reference_data": [
} {
"name": "xdict-screen-fetch-bo(17929)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17929"
},
{
"name": "20041101 XDICT Buffer OverRun Vulnerability,funny :-)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109933696831725&w=2"
},
{
"name": "20041101 XDICT Buffer OverRun Vulnerability,funny :-)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028241.html"
},
{
"name": "http://secway.org/Advisory/Ad20041026EN.txt",
"refsource": "MISC",
"url": "http://secway.org/Advisory/Ad20041026EN.txt"
}
]
}
}

190
2004/1xxx/CVE-2004-1997.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1997", "ID": "CVE-2004-1997",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[kolab-users] 20040420 Possible Kolab LDAP configuration information disclosure", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.kolab.org/pipermail/kolab-users/2004-April/000215.html" "lang": "eng",
}, "value": "Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges."
{ }
"name" : "http://www.erfrakon.de/projects/kolab/download/kolab-server-1.0/src/Changelog", ]
"refsource" : "CONFIRM", },
"url" : "http://www.erfrakon.de/projects/kolab/download/kolab-server-1.0/src/Changelog" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDKSA-2004:052", "description": [
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:052" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "OpenPKG-SA-2004.019", ]
"refsource" : "OPENPKG", }
"url" : "http://marc.info/?l=bugtraq&m=108377525924422&w=2" ]
}, },
{ "references": {
"name" : "10277", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10277" "name": "kolab-root-password-plaintext(16068)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16068"
"name" : "5898", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/5898" "name": "MDKSA-2004:052",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:052"
"name" : "11560", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11560" "name": "OpenPKG-SA-2004.019",
}, "refsource": "OPENPKG",
{ "url": "http://marc.info/?l=bugtraq&m=108377525924422&w=2"
"name" : "kolab-root-password-plaintext(16068)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16068" "name": "10277",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/10277"
} },
} {
"name": "11560",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11560"
},
{
"name": "5898",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5898"
},
{
"name": "http://www.erfrakon.de/projects/kolab/download/kolab-server-1.0/src/Changelog",
"refsource": "CONFIRM",
"url": "http://www.erfrakon.de/projects/kolab/download/kolab-server-1.0/src/Changelog"
},
{
"name": "[kolab-users] 20040420 Possible Kolab LDAP configuration information disclosure",
"refsource": "MLIST",
"url": "http://www.kolab.org/pipermail/kolab-users/2004-April/000215.html"
}
]
}
}

160
2004/2xxx/CVE-2004-2244.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2244", "ID": "CVE-2004-2244",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://otn.oracle.com/deploy/security/pdf/2004alert65.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://otn.oracle.com/deploy/security/pdf/2004alert65.pdf" "lang": "eng",
}, "value": "The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD."
{ }
"name" : "9703", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/9703" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4011", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/4011" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "10936", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/10936" ]
}, },
{ "references": {
"name" : "oracle-soap-dos(15270)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15270" "name": "10936",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/10936"
} },
} {
"name": "oracle-soap-dos(15270)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15270"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/2004alert65.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2004alert65.pdf"
},
{
"name": "9703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9703"
},
{
"name": "4011",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4011"
}
]
}
}

180
2008/2xxx/CVE-2008-2407.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2407", "ID": "CVE-2008-2407",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian before 3.1.10.0 allows user-assisted remote attackers to execute arbitrary code via a long attribute value in a FONT tag in a message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080521 ZDI-08-029: Trillian AIM.DLL Long HTML Font Parameter Stack Overflow Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/492433/100/0/threaded" "lang": "eng",
}, "value": "Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian before 3.1.10.0 allows user-assisted remote attackers to execute arbitrary code via a long attribute value in a FONT tag in a message."
{ }
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-029/", ]
"refsource" : "MISC", },
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-029/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "29330", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29330" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-1622", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/1622" ]
}, },
{ "references": {
"name" : "1020104", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1020104" "name": "1020104",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1020104"
"name" : "30336", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30336" "name": "trillian-aimdll-bo(42582)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42582"
"name" : "trillian-aimdll-bo(42582)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42582" "name": "ADV-2008-1622",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2008/1622"
} },
} {
"name": "29330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29330"
},
{
"name": "30336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30336"
},
{
"name": "20080521 ZDI-08-029: Trillian AIM.DLL Long HTML Font Parameter Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492433/100/0/threaded"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-029/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-029/"
}
]
}
}

510
2008/2xxx/CVE-2008-2664.json
View File

@ -1,257 +1,257 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2664", "ID": "CVE-2008-2664",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080626 rPSA-2008-0206-1 ruby", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/493688/100/0/threaded" "lang": "eng",
}, "value": "The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change."
{ }
"name" : "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", ]
"refsource" : "MISC", },
"url" : "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", "description": [
"refsource" : "MISC", {
"url" : "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", ]
"refsource" : "MISC", }
"url" : "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/" ]
}, },
{ "references": {
"name" : "http://www.ruby-forum.com/topic/157034", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.ruby-forum.com/topic/157034" "name": "SUSE-SR:2008:017",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
"name" : "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", },
"refsource" : "MISC", {
"url" : "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html" "name": "http://support.apple.com/kb/HT2163",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT2163"
"name" : "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", },
"refsource" : "MISC", {
"url" : "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html" "name": "31090",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31090"
"name" : "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", },
"refsource" : "CONFIRM", {
"url" : "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/" "name": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities",
}, "refsource": "MISC",
{ "url": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities"
"name" : "http://support.apple.com/kb/HT2163", },
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT2163" "name": "MDVSA-2008:141",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141"
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", },
"refsource" : "CONFIRM", {
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206" "name": "30875",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30875"
"name" : "https://issues.rpath.com/browse/RPL-2626", },
"refsource" : "CONFIRM", {
"url" : "https://issues.rpath.com/browse/RPL-2626" "name": "ruby-rbstrformat-code-execution(43348)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43348"
"name" : "APPLE-SA-2008-06-30", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" "name": "ADV-2008-1981",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1981/references"
"name" : "DSA-1612", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1612" "name": "ADV-2008-1907",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1907/references"
"name" : "DSA-1618", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1618" "name": "DSA-1618",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1618"
"name" : "FEDORA-2008-5649", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html" "name": "31687",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31687"
"name" : "GLSA-200812-17", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200812-17.xml" "name": "30894",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30894"
"name" : "MDVSA-2008:140", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140" "name": "31062",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31062"
"name" : "MDVSA-2008:141", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141" "name": "31256",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31256"
"name" : "MDVSA-2008:142", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142" "name": "20080626 rPSA-2008-0206-1 ruby",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/493688/100/0/threaded"
"name" : "RHSA-2008:0561", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0561.html" "name": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/",
}, "refsource": "MISC",
{ "url": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/"
"name" : "SSA:2008-179-01", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562" "name": "SSA:2008-179-01",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562"
"name" : "SUSE-SR:2008:017", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" "name": "APPLE-SA-2008-06-30",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
"name" : "USN-621-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-621-1" "name": "1020347",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1020347"
"name" : "29903", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29903" "name": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html",
}, "refsource": "MISC",
{ "url": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html"
"name" : "oval:org.mitre.oval:def:9646", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9646" "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206",
}, "refsource": "CONFIRM",
{ "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206"
"name" : "ADV-2008-1907", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1907/references" "name": "FEDORA-2008-5649",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html"
"name" : "ADV-2008-1981", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1981/references" "name": "MDVSA-2008:140",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140"
"name" : "1020347", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020347" "name": "30802",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30802"
"name" : "30831", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30831" "name": "30831",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30831"
"name" : "30802", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30802" "name": "oval:org.mitre.oval:def:9646",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9646"
"name" : "31062", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31062" "name": "RHSA-2008:0561",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html"
"name" : "31090", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31090" "name": "https://issues.rpath.com/browse/RPL-2626",
}, "refsource": "CONFIRM",
{ "url": "https://issues.rpath.com/browse/RPL-2626"
"name" : "31181", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31181" "name": "DSA-1612",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1612"
"name" : "31256", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31256" "name": "GLSA-200812-17",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
"name" : "31687", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31687" "name": "33178",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33178"
"name" : "30867", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30867" "name": "29903",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/29903"
"name" : "30875", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30875" "name": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html",
}, "refsource": "MISC",
{ "url": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html"
"name" : "30894", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30894" "name": "30867",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30867"
"name" : "33178", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33178" "name": "MDVSA-2008:142",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142"
"name" : "ruby-rbstrformat-code-execution(43348)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43348" "name": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/",
} "refsource": "CONFIRM",
] "url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/"
} },
} {
"name": "http://www.ruby-forum.com/topic/157034",
"refsource": "MISC",
"url": "http://www.ruby-forum.com/topic/157034"
},
{
"name": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/",
"refsource": "MISC",
"url": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/"
},
{
"name": "USN-621-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-621-1"
},
{
"name": "31181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31181"
}
]
}
}

170
2008/2xxx/CVE-2008-2794.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2794", "ID": "CVE-2008-2794",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the GUI in Symantec Altiris Notification Server Agent 6.x before 6.0 SP3 R8 allows local users to gain privileges via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://securityresponse.symantec.com/avcenter/security/Content/2008.06.17.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://securityresponse.symantec.com/avcenter/security/Content/2008.06.17.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the GUI in Symantec Altiris Notification Server Agent 6.x before 6.0 SP3 R8 allows local users to gain privileges via unknown attack vectors."
{ }
"name" : "29708", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29708" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-1861", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1861/references" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1020304", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1020304" ]
}, },
{ "references": {
"name" : "30741", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30741" "name": "30741",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30741"
"name" : "symantec-ans-agent-privilege-escalation(43154)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43154" "name": "ADV-2008-1861",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2008/1861/references"
} },
} {
"name": "29708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29708"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2008.06.17.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.06.17.html"
},
{
"name": "1020304",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020304"
},
{
"name": "symantec-ans-agent-privilege-escalation(43154)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43154"
}
]
}
}

160
2008/2xxx/CVE-2008-2914.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2914", "ID": "CVE-2008-2914",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in jobseekers/JobSearch3.php (aka the search module) in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the (1) kw or (2) position parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080615 PHP JOBWEBSITE PRO (JobSearch3.php) SQL Injection Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/493374/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in jobseekers/JobSearch3.php (aka the search module) in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the (1) kw or (2) position parameter. NOTE: some of these details are obtained from third party information."
{ }
"name" : "5807", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/5807" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "29713", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29713" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "30686", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/30686" ]
}, },
{ "references": {
"name" : "phpjobwebsitepro-jobsearch3-sql-injection(43092)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43092" "name": "30686",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/30686"
} },
} {
"name": "5807",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5807"
},
{
"name": "phpjobwebsitepro-jobsearch3-sql-injection(43092)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43092"
},
{
"name": "29713",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29713"
},
{
"name": "20080615 PHP JOBWEBSITE PRO (JobSearch3.php) SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493374/100/0/threaded"
}
]
}
}

170
2008/3xxx/CVE-2008-3157.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3157", "ID": "CVE-2008-3157",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Nortel SIP Multimedia PC Client 4.x MCS5100 and MCS5200 does not limit the number of concurrent sessions, which allows attackers to cause a denial of service (resource consumption) via a large number of sessions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.voipshield.com/research-details.php?id=61", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.voipshield.com/research-details.php?id=61" "lang": "eng",
}, "value": "Nortel SIP Multimedia PC Client 4.x MCS5100 and MCS5200 does not limit the number of concurrent sessions, which allows attackers to cause a denial of service (resource consumption) via a large number of sessions."
{ }
"name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738961", ]
"refsource" : "CONFIRM", },
"url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738961" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-1942", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1942/references" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1020371", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1020371" ]
}, },
{ "references": {
"name" : "30854", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30854" "name": "30854",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30854"
"name" : "nortel-sip-connection-handling-dos(43364)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43364" "name": "1020371",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1020371"
} },
} {
"name": "ADV-2008-1942",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1942/references"
},
{
"name": "nortel-sip-connection-handling-dos(43364)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43364"
},
{
"name": "http://www.voipshield.com/research-details.php?id=61",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=61"
},
{
"name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738961",
"refsource": "CONFIRM",
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738961"
}
]
}
}

170
2008/3xxx/CVE-2008-3167.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3167", "ID": "CVE-2008-3167",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in plugins/safehtml/ and the (2) sIncPath parameter to (c) ray/modules/global/inc/content.inc.php. NOTE: vector 1 might be a problem in SafeHTML instead of Dolphin."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6024", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6024" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in plugins/safehtml/ and the (2) sIncPath parameter to (c) ray/modules/global/inc/content.inc.php. NOTE: vector 1 might be a problem in SafeHTML instead of Dolphin."
{ }
"name" : "30136", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30136" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30981", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30981" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "30995", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/30995" ]
}, },
{ "references": {
"name" : "3993", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3993" "name": "30995",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30995"
"name" : "dolphin-multiple-file-include(43647)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43647" "name": "6024",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/6024"
} },
} {
"name": "30136",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30136"
},
{
"name": "30981",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30981"
},
{
"name": "3993",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3993"
},
{
"name": "dolphin-multiple-file-include(43647)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43647"
}
]
}
}

140
2008/3xxx/CVE-2008-3573.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3573", "ID": "CVE-2008-3573",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value with the current date and the HTTP User-Agent string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.rooksecurity.com/blog/?p=17", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.rooksecurity.com/blog/?p=17" "lang": "eng",
}, "value": "The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value with the current date and the HTTP User-Agent string."
{ }
"name" : "30518", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30518" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "pligg-captcha-security-bypass(44192)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44192" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "pligg-captcha-security-bypass(44192)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44192"
},
{
"name": "http://www.rooksecurity.com/blog/?p=17",
"refsource": "MISC",
"url": "http://www.rooksecurity.com/blog/?p=17"
},
{
"name": "30518",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30518"
}
]
}
}

200
2008/3xxx/CVE-2008-3644.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3644", "ID": "CVE-2008-3644",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT3298", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT3298" "lang": "eng",
}, "value": "Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache."
{ }
"name" : "http://support.apple.com/kb/HT3318", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT3318" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2008-11-13", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2008-11-20", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html" ]
}, },
{ "references": {
"name" : "32291", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/32291" "name": "APPLE-SA-2008-11-13",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html"
"name" : "1021226", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021226" "name": "APPLE-SA-2008-11-20",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
"name" : "32706", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32706" "name": "ADV-2008-3232",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/3232"
"name" : "ADV-2008-3232", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/3232" "name": "32706",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32706"
"name" : "32756", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32756" "name": "32291",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/32291"
} },
} {
"name": "http://support.apple.com/kb/HT3318",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "1021226",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021226"
},
{
"name": "http://support.apple.com/kb/HT3298",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3298"
},
{
"name": "32756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32756"
}
]
}
}

170
2008/3xxx/CVE-2008-3955.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3955", "ID": "CVE-2008-3955",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Masir Camp E-Shop Module 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ordercode parameter in a veiworderstatus page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6395", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6395" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in Masir Camp E-Shop Module 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ordercode parameter in a veiworderstatus page."
{ }
"name" : "http://bugreport.ir/index_52.htm", ]
"refsource" : "MISC", },
"url" : "http://bugreport.ir/index_52.htm" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31046", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31046" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-2509", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/2509" ]
}, },
{ "references": {
"name" : "4234", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4234" "name": "http://bugreport.ir/index_52.htm",
}, "refsource": "MISC",
{ "url": "http://bugreport.ir/index_52.htm"
"name" : "masircamp-index-sql-injection(44933)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44933" "name": "4234",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/4234"
} },
} {
"name": "ADV-2008-2509",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2509"
},
{
"name": "masircamp-index-sql-injection(44933)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44933"
},
{
"name": "6395",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6395"
},
{
"name": "31046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31046"
}
]
}
}

160
2008/6xxx/CVE-2008-6542.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6542", "ID": "CVE-2008-6542",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform \"server-side execution of application logic\" by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or HTML files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno13/tabid/1149/Default.aspx", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno13/tabid/1149/Default.aspx" "lang": "eng",
}, "value": "Unspecified vulnerability in the Skin Manager in DotNetNuke before 4.8.2 allows remote authenticated administrators to perform \"server-side execution of application logic\" by uploading a static file that is converted into a dynamic script via unknown vectors related to HTM or HTML files."
{ }
"name" : "28438", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28438" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "43721", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/43721" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "29488", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/29488" ]
}, },
{ "references": {
"name" : "dotnetnuke-skinmanager-unspecified(49767)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49767" "name": "http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno13/tabid/1149/Default.aspx",
} "refsource": "CONFIRM",
] "url": "http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno13/tabid/1149/Default.aspx"
} },
} {
"name": "dotnetnuke-skinmanager-unspecified(49767)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49767"
},
{
"name": "29488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29488"
},
{
"name": "28438",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28438"
},
{
"name": "43721",
"refsource": "OSVDB",
"url": "http://osvdb.org/43721"
}
]
}
}

170
2008/6xxx/CVE-2008-6849.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6849", "ID": "CVE-2008-6849",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a via a link that is listed by userfiles/number_shell.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7561", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7561" "lang": "eng",
}, "value": "Unrestricted file upload vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a via a link that is listed by userfiles/number_shell.php."
{ }
"name" : "32995", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32995" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "50988", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/50988" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "33304", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/33304" ]
}, },
{ "references": {
"name" : "ADV-2008-3510", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/3510" "name": "7561",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/7561"
"name" : "phpgreetcards-index-file-upload(47591)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47591" "name": "50988",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/50988"
} },
} {
"name": "32995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32995"
},
{
"name": "33304",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33304"
},
{
"name": "ADV-2008-3510",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3510"
},
{
"name": "phpgreetcards-index-file-upload(47591)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47591"
}
]
}
}

160
2008/6xxx/CVE-2008-6867.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6867", "ID": "CVE-2008-6867",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in content.php in Scripts For Sites (SFS) EZ Career allows remote attackers to execute arbitrary SQL commands via the topic parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6919", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6919" "lang": "eng",
}, "value": "SQL injection vulnerability in content.php in Scripts For Sites (SFS) EZ Career allows remote attackers to execute arbitrary SQL commands via the topic parameter."
{ }
"name" : "32037", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32037" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "49486", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/49486" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "32527", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/32527" ]
}, },
{ "references": {
"name" : "ezcareer-content-sql-injection(46275)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46275" "name": "ezcareer-content-sql-injection(46275)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46275"
} },
} {
"name": "49486",
"refsource": "OSVDB",
"url": "http://osvdb.org/49486"
},
{
"name": "32527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32527"
},
{
"name": "6919",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6919"
},
{
"name": "32037",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32037"
}
]
}
}

150
2008/6xxx/CVE-2008-6910.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6910", "ID": "CVE-2008-6910",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://drupal.org/node/348295", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/348295" "lang": "eng",
}, "value": "Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for Drupal, does not use timeouts for signed requests, which allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request."
{ }
"name" : "32894", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32894" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "50743", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/50743" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "services-timeout-security-bypass(52441)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52441" ]
} },
] "references": {
} "reference_data": [
} {
"name": "50743",
"refsource": "OSVDB",
"url": "http://osvdb.org/50743"
},
{
"name": "services-timeout-security-bypass(52441)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52441"
},
{
"name": "32894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32894"
},
{
"name": "http://drupal.org/node/348295",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/348295"
}
]
}
}

200
2008/7xxx/CVE-2008-7209.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-7209", "ID": "CVE-2008-7209",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in the add2 action in a_upload.php in OneCMS 2.4, and possibly earlier, allows remote attackers to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing it via a direct request to the file in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080107 OneCMS Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/485837/100/200/threaded" "lang": "eng",
}, "value": "Unrestricted file upload vulnerability in the add2 action in a_upload.php in OneCMS 2.4, and possibly earlier, allows remote attackers to execute arbitrary code by uploading a file with an executable extension and using a safe content type such as image/gif, then accessing it via a direct request to the file in an unspecified directory."
{ }
"name" : "20080126 Re: OneCMS Vulnerabilities", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/487136/100/200/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4857", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4857" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.bugreport.ir/index_26.htm", ]
"refsource" : "MISC", }
"url" : "http://www.bugreport.ir/index_26.htm" ]
}, },
{ "references": {
"name" : "http://sourceforge.net/forum/forum.php?forum_id=774946", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/forum/forum.php?forum_id=774946" "name": "http://www.bugreport.ir/index_26.htm",
}, "refsource": "MISC",
{ "url": "http://www.bugreport.ir/index_26.htm"
"name" : "27158", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27158" "name": "20080107 OneCMS Vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/485837/100/200/threaded"
"name" : "51117", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/51117" "name": "http://sourceforge.net/forum/forum.php?forum_id=774946",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/forum/forum.php?forum_id=774946"
"name" : "ADV-2008-0081", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0081" "name": "ADV-2008-0081",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0081"
"name" : "onecms-aupload-file-upload(39485)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39485" "name": "20080126 Re: OneCMS Vulnerabilities",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/487136/100/200/threaded"
} },
} {
"name": "51117",
"refsource": "OSVDB",
"url": "http://osvdb.org/51117"
},
{
"name": "27158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27158"
},
{
"name": "4857",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4857"
},
{
"name": "onecms-aupload-file-upload(39485)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39485"
}
]
}
}

160
2008/7xxx/CVE-2008-7315.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-7315", "ID": "CVE-2008-7315",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20151008 Re: CVE request - perl library UI:Dialog 1.09 - shell escaping vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/10/08/6" "lang": "eng",
}, "value": "UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands."
{ }
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496448", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496448" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://rt.cpan.org/Public/Bug/Display.html?id=107364", "description": [
"refsource" : "CONFIRM", {
"url" : "https://rt.cpan.org/Public/Bug/Display.html?id=107364" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://security-tracker.debian.org/tracker/CVE-2008-7315/", ]
"refsource" : "CONFIRM", }
"url" : "https://security-tracker.debian.org/tracker/CVE-2008-7315/" ]
}, },
{ "references": {
"name" : "77031", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/77031/info" "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496448",
} "refsource": "CONFIRM",
] "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496448"
} },
} {
"name": "https://security-tracker.debian.org/tracker/CVE-2008-7315/",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2008-7315/"
},
{
"name": "77031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77031/info"
},
{
"name": "https://rt.cpan.org/Public/Bug/Display.html?id=107364",
"refsource": "CONFIRM",
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=107364"
},
{
"name": "[oss-security] 20151008 Re: CVE request - perl library UI:Dialog 1.09 - shell escaping vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/08/6"
}
]
}
}

190
2012/5xxx/CVE-2012-5665.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-5665", "ID": "CVE-2012-5665",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20121221 CVE request: ownCloud", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/12/22/2" "lang": "eng",
}, "value": "ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file."
{ }
"name" : "[oss-security] 20121221 Re: CVE request: ownCloud", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/12/22/5" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://owncloud.org/changelog/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://owncloud.org/changelog/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/owncloud/core/commit/c4ecbad", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/owncloud/core/commit/c4ecbad" ]
}, },
{ "references": {
"name" : "https://github.com/owncloud/core/commit/db7ca53", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/owncloud/core/commit/db7ca53" "name": "https://github.com/owncloud/core/commit/c4ecbad",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/owncloud/core/commit/c4ecbad"
"name" : "57030", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/57030" "name": "57030",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/57030"
"name" : "51614", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51614" "name": "https://github.com/owncloud/core/commit/db7ca53",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/owncloud/core/commit/db7ca53"
"name" : "owncloud-settings-sec-bypass(80808)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80808" "name": "[oss-security] 20121221 Re: CVE request: ownCloud",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2012/12/22/5"
} },
} {
"name": "http://owncloud.org/changelog/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/changelog/"
},
{
"name": "51614",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51614"
},
{
"name": "owncloud-settings-sec-bypass(80808)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80808"
},
{
"name": "[oss-security] 20121221 CVE request: ownCloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/22/2"
}
]
}
}

34
2013/2xxx/CVE-2013-2262.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2262", "ID": "CVE-2013-2262",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

190
2013/2xxx/CVE-2013-2756.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2756", "ID": "CVE-2013-2756",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[cloudstack-dev] 20130424 Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack", "description_data": [
"refsource" : "MLIST", {
"url" : "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300@stratosec.co%3E" "lang": "eng",
}, "value": "Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code."
{ }
"name" : "http://support.citrix.com/article/CTX135815", ]
"refsource" : "CONFIRM", },
"url" : "http://support.citrix.com/article/CTX135815" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "59463", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/59463" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "92748", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/92748" ]
}, },
{ "references": {
"name" : "1028473", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1028473" "name": "cloudstack-cve20132756-sec-bypass(83781)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83781"
"name" : "53175", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/53175" "name": "http://support.citrix.com/article/CTX135815",
}, "refsource": "CONFIRM",
{ "url": "http://support.citrix.com/article/CTX135815"
"name" : "53204", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/53204" "name": "[cloudstack-dev] 20130424 Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack",
}, "refsource": "MLIST",
{ "url": "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300@stratosec.co%3E"
"name" : "cloudstack-cve20132756-sec-bypass(83781)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83781" "name": "92748",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/92748"
} },
} {
"name": "59463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59463"
},
{
"name": "1028473",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028473"
},
{
"name": "53204",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53204"
},
{
"name": "53175",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53175"
}
]
}
}

5
2016/6xxx/CVE-2016-6827.json
View File

@ -61,6 +61,11 @@
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160815-01-fusioncompute-en", "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160815-01-fusioncompute-en",
"refsource": "CONFIRM", "refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160815-01-fusioncompute-en" "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160815-01-fusioncompute-en"
},
{
"refsource": "CONFIRM",
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160815-01-fusioncompute-EN",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160815-01-fusioncompute-EN"
} }
] ]
} }

34
2017/11xxx/CVE-2017-11065.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11065", "ID": "CVE-2017-11065",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

132
2017/11xxx/CVE-2017-11152.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@synology.com", "ASSIGNER": "security@synology.com",
"DATE_PUBLIC" : "2017-07-31T00:00:00", "DATE_PUBLIC": "2017-07-31T00:00:00",
"ID" : "CVE-2017-11152", "ID": "CVE-2017-11152",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Synology Photo Station", "product_name": "Synology Photo Station",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "before 6.7.3-3432 and 6.3-2967" "version_value": "before 6.7.3-3432 and 6.3-2967"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Synology" "vendor_name": "Synology"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Limitation of a Pathname to a Restricted Directory (CWE-22)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42434", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42434/" "lang": "eng",
}, "value": "Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter."
{ }
"name" : "https://www.synology.com/en-global/support/security/Synology_SA_17_34_PhotoStation", ]
"refsource" : "CONFIRM", },
"url" : "https://www.synology.com/en-global/support/security/Synology_SA_17_34_PhotoStation" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Improper Limitation of a Pathname to a Restricted Directory (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/en-global/support/security/Synology_SA_17_34_PhotoStation",
"refsource": "CONFIRM",
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_34_PhotoStation"
},
{
"name": "42434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42434/"
}
]
}
}

160
2017/11xxx/CVE-2017-11215.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-11215", "ID": "CVE-2017-11215",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Flash Player 27.0.0.183 and earlier versions", "product_name": "Adobe Flash Player 27.0.0.183 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Flash Player 27.0.0.183 and earlier versions" "version_value": "Adobe Flash Player 27.0.0.183 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-33.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-33.html" "lang": "eng",
}, "value": "An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution."
{ }
"name" : "GLSA-201711-13", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201711-13" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2017:3222", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:3222" "lang": "eng",
}, "value": "Use After Free"
{ }
"name" : "101837", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/101837" ]
}, },
{ "references": {
"name" : "1039778", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039778" "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-33.html",
} "refsource": "CONFIRM",
] "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-33.html"
} },
} {
"name": "RHSA-2017:3222",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3222"
},
{
"name": "GLSA-201711-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-13"
},
{
"name": "101837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101837"
},
{
"name": "1039778",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039778"
}
]
}
}

140
2017/11xxx/CVE-2017-11721.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11721", "ID": "CVE-2017-11721",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1" "lang": "eng",
}, "value": "Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet."
{ }
"name" : "DSA-3941", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2017/dsa-3941" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3948", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3948" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "DSA-3941",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3941"
},
{
"name": "https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1",
"refsource": "MISC",
"url": "https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1"
},
{
"name": "DSA-3948",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3948"
}
]
}
}

34
2017/11xxx/CVE-2017-11925.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11925", "ID": "CVE-2017-11925",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/14xxx/CVE-2017-14243.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14243", "ID": "CVE-2017-14243",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi, backupsettings.cgi, pppoe.cgi, resetrouter.cgi, and password.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42739", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42739/" "lang": "eng",
}, "value": "An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi, backupsettings.cgi, pppoe.cgi, resetrouter.cgi, and password.cgi."
{ }
"name" : "https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass", ]
"refsource" : "MISC", },
"url" : "https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass",
"refsource": "MISC",
"url": "https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass"
},
{
"name": "42739",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42739/"
}
]
}
}

130
2017/14xxx/CVE-2017-14507.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14507", "ID": "CVE-2017-14507",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42794", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42794/" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php."
{ }
"name" : "https://wpvulndb.com/vulnerabilities/8921", ]
"refsource" : "MISC", },
"url" : "https://wpvulndb.com/vulnerabilities/8921" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42794",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42794/"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8921",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8921"
}
]
}
}

160
2017/14xxx/CVE-2017-14607.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14607", "ID": "CVE-2017-14607",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ImageMagick/ImageMagick/issues/765", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/ImageMagick/ImageMagick/issues/765" "lang": "eng",
}, "value": "In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash."
{ }
"name" : "DSA-4032", ]
"refsource" : "DEBIAN", },
"url" : "https://www.debian.org/security/2017/dsa-4032" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4040", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2017/dsa-4040" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-3681-1", ]
"refsource" : "UBUNTU", }
"url" : "https://usn.ubuntu.com/3681-1/" ]
}, },
{ "references": {
"name" : "100944", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100944" "name": "DSA-4040",
} "refsource": "DEBIAN",
] "url": "https://www.debian.org/security/2017/dsa-4040"
} },
} {
"name": "USN-3681-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3681-1/"
},
{
"name": "DSA-4032",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4032"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/765",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/765"
},
{
"name": "100944",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100944"
}
]
}
}

190
2017/15xxx/CVE-2017-15042.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15042", "ID": "CVE-2017-15042",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/golang/go/issues/22134", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/golang/go/issues/22134" "lang": "eng",
}, "value": "An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password."
{ }
"name" : "https://golang.org/cl/68023", ]
"refsource" : "CONFIRM", },
"url" : "https://golang.org/cl/68023" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://golang.org/cl/68210", "description": [
"refsource" : "CONFIRM", {
"url" : "https://golang.org/cl/68210" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ", ]
"refsource" : "CONFIRM", }
"url" : "https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ" ]
}, },
{ "references": {
"name" : "GLSA-201710-23", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201710-23" "name": "RHSA-2017:3463",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:3463"
"name" : "RHSA-2017:3463", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:3463" "name": "RHSA-2018:0878",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:0878"
"name" : "RHSA-2018:0878", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0878" "name": "101197",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/101197"
"name" : "101197", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/101197" "name": "https://golang.org/cl/68210",
} "refsource": "CONFIRM",
] "url": "https://golang.org/cl/68210"
} },
} {
"name": "https://golang.org/cl/68023",
"refsource": "CONFIRM",
"url": "https://golang.org/cl/68023"
},
{
"name": "https://github.com/golang/go/issues/22134",
"refsource": "CONFIRM",
"url": "https://github.com/golang/go/issues/22134"
},
{
"name": "GLSA-201710-23",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-23"
},
{
"name": "https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ",
"refsource": "CONFIRM",
"url": "https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ"
}
]
}
}

120
2017/15xxx/CVE-2017-15240.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15240", "ID": "CVE-2017-15240",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a \"Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132cef.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15240", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15240" "lang": "eng",
} "value": "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a \"Read Access Violation starting at PDF!xmlParserInputRead+0x0000000000132cef.\""
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15240",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15240"
}
]
}
}

148
2017/8xxx/CVE-2017-8013.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security_alert@emc.com", "ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC" : "2017-09-14T00:00:00", "DATE_PUBLIC": "2017-09-14T00:00:00",
"ID" : "CVE-2017-8013", "ID": "CVE-2017-8013",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "EMC Data Protection Advisor", "product_name": "EMC Data Protection Advisor",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.3.x" "version_value": "6.3.x"
}, },
{ {
"version_value" : "6.4.x" "version_value": "6.4.x"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Dell EMC" "vendor_name": "Dell EMC"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: \"Apollo System Test\", \"emc.dpa.agent.logon\" and \"emc.dpa.metrics.logon\". An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Hardcoded Password Vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20170914 ESA-2017-098: EMC Data Protection Advisor Hardcoded Password Vulnerability", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2017/Sep/36" "lang": "eng",
}, "value": "EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: \"Apollo System Test\", \"emc.dpa.agent.logon\" and \"emc.dpa.metrics.logon\". An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges)."
{ }
"name" : "100846", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100846" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039370", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039370" "lang": "eng",
} "value": "Hardcoded Password Vulnerability"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1039370",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039370"
},
{
"name": "20170914 ESA-2017-098: EMC Data Protection Advisor Hardcoded Password Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Sep/36"
},
{
"name": "100846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100846"
}
]
}
}

122
2017/8xxx/CVE-2017-8120.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00", "DATE_PUBLIC": "2017-11-15T00:00:00",
"ID" : "CVE-2017-8120", "ID": "CVE-2017-8120",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "UMA", "product_name": "UMA",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "V200R001 and V300R001" "version_value": "V200R001 and V300R001"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "privilege elevation"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en" "lang": "eng",
} "value": "The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege elevation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
]
}
}

152
2017/8xxx/CVE-2017-8564.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-07-11T00:00:00", "DATE_PUBLIC": "2017-07-11T00:00:00",
"ID" : "CVE-2017-8564", "ID": "CVE-2017-8564",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016", "product_name": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows kernel" "version_value": "Windows kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly initialize a memory address, aka \"Windows Kernel Information Disclosure Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42338", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42338/" "lang": "eng",
}, "value": "Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly initialize a memory address, aka \"Windows Kernel Information Disclosure Vulnerability\"."
{ }
"name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8564", ]
"refsource" : "CONFIRM", },
"url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8564" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "99428", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99428" "lang": "eng",
}, "value": "Information Disclosure"
{ }
"name" : "1038853", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1038853" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8564",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8564"
},
{
"name": "42338",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42338/"
},
{
"name": "1038853",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038853"
},
{
"name": "99428",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99428"
}
]
}
}

34
2017/8xxx/CVE-2017-8586.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8586", "ID": "CVE-2017-8586",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

142
2017/8xxx/CVE-2017-8720.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-09-12T00:00:00", "DATE_PUBLIC": "2017-09-12T00:00:00",
"ID" : "CVE-2017-8720", "ID": "CVE-2017-8720",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows graphics component", "product_name": "Windows graphics component",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" "version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Microsoft Windows graphics component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-8675."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8720", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8720" "lang": "eng",
}, "value": "The Microsoft Windows graphics component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-8675."
{ }
"name" : "100804", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100804" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039325", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039325" "lang": "eng",
} "value": "Elevation of Privilege"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1039325",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039325"
},
{
"name": "100804",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100804"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8720",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8720"
}
]
}
}

140
2017/9xxx/CVE-2017-9797.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"DATE_PUBLIC" : "2017-09-29T00:00:00", "DATE_PUBLIC": "2017-09-29T00:00:00",
"ID" : "CVE-2017-9797", "ID": "CVE-2017-9797",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache Geode", "product_name": "Apache Geode",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.0.0" "version_value": "1.0.0"
}, },
{ {
"version_value" : "1.1.0" "version_value": "1.1.0"
}, },
{ {
"version_value" : "1.1.1" "version_value": "1.1.1"
}, },
{ {
"version_value" : "1.2.0" "version_value": "1.2.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of service attack on the cluster."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Access Control error"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[geode-user] 20170929 [SECURITY] CVE-2017-9797 Apache Geode client/server authentication vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://mail-archives.apache.org/mod_mbox/geode-user/201709.mbox/%3cCAEwge-Hrbb7JS8Nygrh7geyFvW4bMZ3AdCmPOzMfvbniipz0bA@mail.gmail.com%3e" "lang": "eng",
} "value": "When an Apache Geode cluster before v1.2.1 is operating in secure mode, an unauthenticated client can enter multi-user authentication mode and send metadata messages. These metadata operations could leak information about application data types. In addition, an attacker could perform a denial of service attack on the cluster."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[geode-user] 20170929 [SECURITY] CVE-2017-9797 Apache Geode client/server authentication vulnerability",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/geode-user/201709.mbox/%3cCAEwge-Hrbb7JS8Nygrh7geyFvW4bMZ3AdCmPOzMfvbniipz0bA@mail.gmail.com%3e"
}
]
}
}

34
2018/1000xxx/CVE-2018-1000673.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-1000673", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-1000673",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-1000773. Reason: This candidate is a reservation duplicate of CVE-2018-1000773. Notes: All CVE users should reference CVE-2018-1000773 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-1000773. Reason: This candidate is a reservation duplicate of CVE-2018-1000773. Notes: All CVE users should reference CVE-2018-1000773 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

122
2018/12xxx/CVE-2018-12220.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@intel.com", "ASSIGNER": "secure@intel.com",
"DATE_PUBLIC" : "2019-03-12T00:00:00", "DATE_PUBLIC": "2019-03-12T00:00:00",
"ID" : "CVE-2018-12220", "ID": "CVE-2018-12220",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Intel(R) Graphics Driver for Windows", "product_name": "Intel(R) Graphics Driver for Windows",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Multiple versions." "version_value": "Multiple versions."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Intel Corporation" "vendor_name": "Intel Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Logic bug in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Escalation of Privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html" "lang": "eng",
} "value": "Logic bug in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html"
}
]
}
}

130
2018/12xxx/CVE-2018-12565.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12565", "ID": "CVE-2018-12565",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://git.linaro.org/lava/lava.git/commit/?id=583666c84ea2f12797a3eb71392bcb05782f5b14", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://git.linaro.org/lava/lava.git/commit/?id=583666c84ea2f12797a3eb71392bcb05782f5b14" "lang": "eng",
}, "value": "An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur."
{ }
"name" : "DSA-4234", ]
"refsource" : "DEBIAN", },
"url" : "https://www.debian.org/security/2018/dsa-4234" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4234",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4234"
},
{
"name": "https://git.linaro.org/lava/lava.git/commit/?id=583666c84ea2f12797a3eb71392bcb05782f5b14",
"refsource": "CONFIRM",
"url": "https://git.linaro.org/lava/lava.git/commit/?id=583666c84ea2f12797a3eb71392bcb05782f5b14"
}
]
}
}

130
2018/12xxx/CVE-2018-12578.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12578", "ID": "CVE-2018-12578",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180810 [SECURITY] [DLA 1463-1] sam2p security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00010.html" "lang": "eng",
}, "value": "There is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact."
{ }
"name" : "https://github.com/pts/sam2p/issues/39", ]
"refsource" : "MISC", },
"url" : "https://github.com/pts/sam2p/issues/39" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180810 [SECURITY] [DLA 1463-1] sam2p security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00010.html"
},
{
"name": "https://github.com/pts/sam2p/issues/39",
"refsource": "MISC",
"url": "https://github.com/pts/sam2p/issues/39"
}
]
}
}

144
2018/16xxx/CVE-2018-16091.json
View File

@ -1,74 +1,74 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@lenovo.com", "ASSIGNER": "psirt@lenovo.com",
"ID" : "CVE-2018-16091", "ID": "CVE-2018-16091",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "System Management Module Vulnerabilities" "TITLE": "System Management Module Vulnerabilities"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ThinkSystem SMM", "product_name": "ThinkSystem SMM",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"version_value" : "1.06" "version_value": "1.06"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Lenovo" "vendor_name": "Lenovo"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege escalation"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.lenovo.com/us/en/solutions/LEN-24374", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.lenovo.com/us/en/solutions/LEN-24374" "lang": "eng",
} "value": "In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows."
] }
}, ]
"solution" : [ },
{ "problemtype": {
"lang" : "eng", "problemtype_data": [
"value" : "Update SMM firmware" {
} "description": [
], {
"source" : { "lang": "eng",
"advisory" : "LEN-24374", "value": "Privilege escalation"
"discovery" : "INTERNAL" }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-24374",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24374"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update SMM firmware"
}
],
"source": {
"advisory": "LEN-24374",
"discovery": "INTERNAL"
}
}

130
2018/16xxx/CVE-2018-16161.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2018-16161", "ID": "CVE-2018-16161",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "OpenDolphin", "product_name": "OpenDolphin",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.7.0 and earlier" "version_value": "2.7.0 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Life Sciences Computing Corporation" "vendor_name": "Life Sciences Computing Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenDolphin 2.7.0 and earlier allows authenticated users to gain administrative privileges and perform unintended operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege escalation"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.opendolphin.com/security20181023.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.opendolphin.com/security20181023.html" "lang": "eng",
}, "value": "OpenDolphin 2.7.0 and earlier allows authenticated users to gain administrative privileges and perform unintended operations."
{ }
"name" : "JVN#59394343", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN59394343/index.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#59394343",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN59394343/index.html"
},
{
"name": "http://www.opendolphin.com/security20181023.html",
"refsource": "MISC",
"url": "http://www.opendolphin.com/security20181023.html"
}
]
}
}

130
2018/16xxx/CVE-2018-16476.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"ID" : "CVE-2018-16476", "ID": "CVE-2018-16476",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "https://github.com/rails/rails", "product_name": "https://github.com/rails/rails",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.2.11, 5.0.7.1, 5.1.6.1, 5.2.1.1" "version_value": "4.2.11, 5.0.7.1, 5.1.6.1, 5.2.1.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Access Control - Generic (CWE-284)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ", "description_data": [
"refsource" : "MISC", {
"url" : "https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ" "lang": "eng",
}, "value": "A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have."
{ }
"name" : "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/", ]
"refsource" : "MISC", },
"url" : "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Improper Access Control - Generic (CWE-284)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ",
"refsource": "MISC",
"url": "https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ"
},
{
"name": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/",
"refsource": "MISC",
"url": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/"
}
]
}
}

120
2018/16xxx/CVE-2018-16629.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16629", "ID": "CVE-2018-16629",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/security-breachlock/CVE-2018-16629/blob/master/subrion_cms.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/security-breachlock/CVE-2018-16629/blob/master/subrion_cms.pdf" "lang": "eng",
} "value": "panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/security-breachlock/CVE-2018-16629/blob/master/subrion_cms.pdf",
"refsource": "MISC",
"url": "https://github.com/security-breachlock/CVE-2018-16629/blob/master/subrion_cms.pdf"
}
]
}
}

34
2018/16xxx/CVE-2018-16719.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16719", "ID": "CVE-2018-16719",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

220
2018/4xxx/CVE-2018-4222.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2018-4222", "ID": "CVE-2018-4222",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44859", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44859/" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation."
{ }
"name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1545", ]
"refsource" : "MISC", },
"url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1545" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT208848", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208848" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT208850", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT208850" ]
}, },
{ "references": {
"name" : "https://support.apple.com/HT208851", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208851" "name": "https://support.apple.com/HT208850",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT208850"
"name" : "https://support.apple.com/HT208852", },
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208852" "name": "44859",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/44859/"
"name" : "https://support.apple.com/HT208853", },
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208853" "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1545",
}, "refsource": "MISC",
{ "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1545"
"name" : "https://support.apple.com/HT208854", },
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208854" "name": "https://support.apple.com/HT208853",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT208853"
"name" : "GLSA-201808-04", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201808-04" "name": "https://support.apple.com/HT208851",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT208851"
"name" : "USN-3687-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3687-1/" "name": "GLSA-201808-04",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201808-04"
"name" : "1041029", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041029" "name": "https://support.apple.com/HT208854",
} "refsource": "CONFIRM",
] "url": "https://support.apple.com/HT208854"
} },
} {
"name": "1041029",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041029"
},
{
"name": "USN-3687-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3687-1/"
},
{
"name": "https://support.apple.com/HT208848",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208848"
},
{
"name": "https://support.apple.com/HT208852",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208852"
}
]
}
}

34
2018/4xxx/CVE-2018-4362.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4362", "ID": "CVE-2018-4362",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/4xxx/CVE-2018-4766.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4766", "ID": "CVE-2018-4766",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }