admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:16:36 +00:00
parent 4837782737
commit 789176626c
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
50 changed files with 3394 additions and 3394 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2004/0xxx/CVE-2004-0342.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0342", "ID": "CVE-2004-0342",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040228 Multiple WFTPD Denial of Service vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=107801142924976&w=2" "lang": "eng",
}, "value": "WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error."
{ }
"name" : "9767", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/9767" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4116", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/4116" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "11001", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/11001" ]
}, },
{ "references": {
"name" : "wftpd-ftp-command-dos(15342)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15342" "name": "20040228 Multiple WFTPD Denial of Service vulnerabilities",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=107801142924976&w=2"
} },
} {
"name": "4116",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4116"
},
{
"name": "11001",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11001"
},
{
"name": "wftpd-ftp-command-dos(15342)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15342"
},
{
"name": "9767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9767"
}
]
}
}

230
2004/0xxx/CVE-2004-0757.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0757", "ID": "CVE-2004-0757",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7" "lang": "eng",
}, "value": "Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code."
{ }
"name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=229374", ]
"refsource" : "CONFIRM", },
"url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=229374" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FLSA:2089", "description": [
"refsource" : "FEDORA", {
"url" : "http://marc.info/?l=bugtraq&m=109900315219363&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2004:421", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2004-421.html" ]
}, },
{ "references": {
"name" : "SCOSA-2005.49", "reference_data": [
"refsource" : "SCO", {
"url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" "name": "oval:org.mitre.oval:def:11042",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11042"
"name" : "SUSE-SA:2004:036", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html" "name": "10856",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/10856"
"name" : "VU#561022", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/561022" "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=229374",
}, "refsource": "CONFIRM",
{ "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=229374"
"name" : "15495", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15495" "name": "SCOSA-2005.49",
}, "refsource": "SCO",
{ "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
"name" : "oval:org.mitre.oval:def:3250", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3250" "name": "SUSE-SA:2004:036",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
"name" : "oval:org.mitre.oval:def:11042", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11042" "name": "RHSA-2004:421",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
"name" : "10856", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/10856" "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7"
"name" : "mozilla-senduidl-pop3-bo(16869)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16869" "name": "FLSA:2089",
} "refsource": "FEDORA",
] "url": "http://marc.info/?l=bugtraq&m=109900315219363&w=2"
} },
} {
"name": "mozilla-senduidl-pop3-bo(16869)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16869"
},
{
"name": "15495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15495"
},
{
"name": "oval:org.mitre.oval:def:3250",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3250"
},
{
"name": "VU#561022",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/561022"
}
]
}
}

200
2004/0xxx/CVE-2004-0780.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0780", "ID": "CVE-2004-0780",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to execute arbitrary code via a long -S command line argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060110 Sun Solaris uustat Buffer Overflow Vulnerability", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=366" "lang": "eng",
}, "value": "Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to execute arbitrary code via a long -S command line argument."
{ }
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm", ]
"refsource" : "CONFIRM", },
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "101933", "description": [
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101933-1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "16193", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/16193" ]
}, },
{ "references": {
"name" : "ADV-2006-0113", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0113" "name": "16193",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/16193"
"name" : "1015455", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015455" "name": "20060110 Sun Solaris uustat Buffer Overflow Vulnerability",
}, "refsource": "IDEFENSE",
{ "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=366"
"name" : "18371", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18371" "name": "ADV-2006-0113",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0113"
"name" : "19087", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19087" "name": "1015455",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015455"
"name" : "solaris-uustat-bo(24045)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24045" "name": "solaris-uustat-bo(24045)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24045"
} },
} {
"name": "101933",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101933-1"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm"
},
{
"name": "18371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18371"
},
{
"name": "19087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19087"
}
]
}
}

180
2004/1xxx/CVE-2004-1474.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1474", "ID": "CVE-2004-1474",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall's configuration file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109588376426070&w=2" "lang": "eng",
}, "value": "Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the firewall's configuration file."
{ }
"name" : "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html", ]
"refsource" : "CONFIRM", },
"url" : "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#173910", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/173910" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "11237", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/11237" ]
}, },
{ "references": {
"name" : "10206", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/10206" "name": "12635",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/12635"
"name" : "12635", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12635" "name": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html",
}, "refsource": "CONFIRM",
{ "url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
"name" : "symantec-default-snmp(17471)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17471" "name": "VU#173910",
} "refsource": "CERT-VN",
] "url": "http://www.kb.cert.org/vuls/id/173910"
} },
} {
"name": "20040922 Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109588376426070&w=2"
},
{
"name": "10206",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10206"
},
{
"name": "symantec-default-snmp(17471)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17471"
},
{
"name": "11237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11237"
}
]
}
}

180
2004/1xxx/CVE-2004-1612.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1612", "ID": "CVE-2004-1612",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in SalesLogix 6.1 allows remote attackers to upload arbitrary files via a .. (dot dot) in a ProcessQueueFile request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041018 Multiple vulnerabilities in Sage Saleslogix", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109811852218478&w=2" "lang": "eng",
}, "value": "Directory traversal vulnerability in SalesLogix 6.1 allows remote attackers to upload arbitrary files via a .. (dot dot) in a ProcessQueueFile request."
{ }
"name" : "20041018 Multiple vulnerabilities in Sage Saleslogix", ]
"refsource" : "FULLDISC", },
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0661.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "11450", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11450" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "10949", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/10949" ]
}, },
{ "references": {
"name" : "1011769", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1011769" "name": "12883",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/12883"
"name" : "12883", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12883" "name": "10949",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/10949"
"name" : "saleslogix-processqueuefile-file-upload(17765)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17765" "name": "20041018 Multiple vulnerabilities in Sage Saleslogix",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=109811852218478&w=2"
} },
} {
"name": "1011769",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011769"
},
{
"name": "11450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11450"
},
{
"name": "20041018 Multiple vulnerabilities in Sage Saleslogix",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0661.html"
},
{
"name": "saleslogix-processqueuefile-file-upload(17765)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17765"
}
]
}
}

160
2004/1xxx/CVE-2004-1894.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1894", "ID": "CVE-2004-1894",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TEXutil in ConTEXt, when executed with the --silent option, allows local users to overwrite arbitrary files via a symlink attack on texutil.log."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040404 Texutil symlink vulnerability.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=108118755923319&w=2" "lang": "eng",
}, "value": "TEXutil in ConTEXt, when executed with the --silent option, allows local users to overwrite arbitrary files via a symlink attack on texutil.log."
{ }
"name" : "20040404 Texutil symlink vulnerability.", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019777.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "10042", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10042" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1009661", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1009661" ]
}, },
{ "references": {
"name" : "texutil-symlink-attack(15728)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15728" "name": "1009661",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1009661"
} },
} {
"name": "20040404 Texutil symlink vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108118755923319&w=2"
},
{
"name": "texutil-symlink-attack(15728)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15728"
},
{
"name": "10042",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10042"
},
{
"name": "20040404 Texutil symlink vulnerability.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/019777.html"
}
]
}
}

660
2008/2xxx/CVE-2008-2802.json
View File

@ -1,332 +1,332 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2008-2802", "ID": "CVE-2008-2802",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's \"privilege level.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080708 rPSA-2008-0216-1 firefox", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/494080/100/0/threaded" "lang": "eng",
}, "value": "Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's \"privilege level.\""
{ }
"name" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15", ]
"refsource" : "CONFIRM", },
"url" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-24.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-24.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=419846", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=419846" ]
}, },
{ "references": {
"name" : "https://issues.rpath.com/browse/RPL-2646", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://issues.rpath.com/browse/RPL-2646" "name": "SUSE-SA:2008:034",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html"
"name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0216", },
"refsource" : "CONFIRM", {
"url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0216" "name": "RHSA-2008:0549",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html"
"name" : "DSA-1607", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1607" "name": "DSA-1697",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2009/dsa-1697"
"name" : "DSA-1615", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1615" "name": "31021",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31021"
"name" : "DSA-1621", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1621" "name": "30898",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30898"
"name" : "DSA-1697", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2009/dsa-1697" "name": "31403",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31403"
"name" : "FEDORA-2008-6127", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html" "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0216",
}, "refsource": "CONFIRM",
{ "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216"
"name" : "FEDORA-2008-6193", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html" "name": "https://issues.rpath.com/browse/RPL-2646",
}, "refsource": "CONFIRM",
{ "url": "https://issues.rpath.com/browse/RPL-2646"
"name" : "FEDORA-2008-6196", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html" "name": "30949",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30949"
"name" : "FEDORA-2008-6706", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html" "name": "SSA:2008-191-03",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152"
"name" : "FEDORA-2008-6737", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html" "name": "ADV-2009-0977",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/0977"
"name" : "GLSA-200808-03", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200808-03.xml" "name": "31069",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31069"
"name" : "MDVSA-2008:136", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136" "name": "31008",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31008"
"name" : "MDVSA-2008:155", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155" "name": "31377",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31377"
"name" : "RHSA-2008:0547", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0547.html" "name": "RHSA-2008:0616",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
"name" : "RHSA-2008:0549", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0549.html" "name": "ADV-2008-1993",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1993/references"
"name" : "RHSA-2008:0569", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0569.html" "name": "31023",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31023"
"name" : "RHSA-2008:0616", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2008-0616.html" "name": "MDVSA-2008:155",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155"
"name" : "SSA:2008-191-03", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152" "name": "30038",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/30038"
"name" : "SSA:2008-210-05", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484" "name": "30915",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30915"
"name" : "SSA:2008-191", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911" "name": "DSA-1607",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1607"
"name" : "256408", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" "name": "GLSA-200808-03",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
"name" : "SUSE-SA:2008:034", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html" "name": "31005",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31005"
"name" : "USN-619-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-619-1" "name": "33433",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33433"
"name" : "USN-629-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-629-1" "name": "FEDORA-2008-6127",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html"
"name" : "30038", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30038" "name": "1020419",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1020419"
"name" : "oval:org.mitre.oval:def:11121", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11121" "name": "31253",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31253"
"name" : "34501", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34501" "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15"
"name" : "31076", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31076" "name": "FEDORA-2008-6737",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html"
"name" : "ADV-2008-1993", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1993/references" "name": "31183",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31183"
"name" : "1020419", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020419" "name": "30903",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30903"
"name" : "30911", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30911" "name": "RHSA-2008:0547",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html"
"name" : "30915", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30915" "name": "FEDORA-2008-6193",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html"
"name" : "30878", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30878" "name": "USN-629-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-629-1"
"name" : "30898", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30898" "name": "oval:org.mitre.oval:def:11121",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11121"
"name" : "30903", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30903" "name": "256408",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
"name" : "30949", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30949" "name": "SSA:2008-191",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911"
"name" : "31005", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31005" "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-24.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-24.html"
"name" : "31008", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31008" "name": "SSA:2008-210-05",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484"
"name" : "31069", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31069" "name": "DSA-1615",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1615"
"name" : "31023", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31023" "name": "FEDORA-2008-6706",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html"
"name" : "31183", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31183" "name": "31220",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31220"
"name" : "31195", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31195" "name": "31195",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31195"
"name" : "31220", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31220" "name": "31076",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31076"
"name" : "31253", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31253" "name": "USN-619-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-619-1"
"name" : "31377", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31377" "name": "30911",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30911"
"name" : "31286", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31286" "name": "RHSA-2008:0569",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html"
"name" : "31403", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31403" "name": "30878",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30878"
"name" : "31021", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31021" "name": "DSA-1621",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1621"
"name" : "33433", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33433" "name": "20080708 rPSA-2008-0216-1 firefox",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded"
"name" : "ADV-2009-0977", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0977" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=419846",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=419846"
} },
} {
"name": "31286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31286"
},
{
"name": "FEDORA-2008-6196",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html"
},
{
"name": "34501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34501"
},
{
"name": "MDVSA-2008:136",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136"
}
]
}
}

140
2008/2xxx/CVE-2008-2966.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2966", "ID": "CVE-2008-2966",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the user parameter. party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5877", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5877" "lang": "eng",
}, "value": "Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the user parameter. party information."
{ }
"name" : "29853", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29853" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "jaxultrabb-viewprofile-file-include(43278)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43278" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "5877",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5877"
},
{
"name": "jaxultrabb-viewprofile-file-include(43278)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43278"
},
{
"name": "29853",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29853"
}
]
}
}

160
2008/3xxx/CVE-2008-3345.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3345", "ID": "CVE-2008-3345",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a pickup action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080719 Easyecards 310a Multipe Vulerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit ) By Khashayar Fereidani", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=121665294304071&w=2" "lang": "eng",
}, "value": "SQL injection vulnerability in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a pickup action."
{ }
"name" : "30328", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30328" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31192", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31192" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4049", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4049" ]
}, },
{ "references": {
"name" : "easyecards-sid-sql-injection(43924)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43924" "name": "30328",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/30328"
} },
} {
"name": "31192",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31192"
},
{
"name": "easyecards-sid-sql-injection(43924)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43924"
},
{
"name": "4049",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4049"
},
{
"name": "20080719 Easyecards 310a Multipe Vulerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit ) By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=121665294304071&w=2"
}
]
}
}

250
2008/3xxx/CVE-2008-3464.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2008-3464", "ID": "CVE-2008-3464",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka \"AFD Kernel Overwrite Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081015 Exploit for MS08-066 - AFD.sys kernel memory overwrite.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/497375/100/0/threaded" "lang": "eng",
}, "value": "afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka \"AFD Kernel Overwrite Vulnerability.\""
{ }
"name" : "6757", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/6757" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://blogs.technet.com/swi/archive/2008/10/14/ms08-066-how-to-correctly-validate-and-capture-user-mode-data.aspx", "description": [
"refsource" : "MISC", {
"url" : "http://blogs.technet.com/swi/archive/2008/10/14/ms08-066-how-to-correctly-validate-and-capture-user-mode-data.aspx" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBST02379", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2" ]
}, },
{ "references": {
"name" : "SSRT080143", "reference_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2" "name": "6757",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/6757"
"name" : "MS08-066", },
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-066" "name": "win-afd-privilege-escalation(45578)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45578"
"name" : "TA08-288A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-288A.html" "name": "ADV-2008-2817",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2817"
"name" : "31673", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31673" "name": "20081015 Exploit for MS08-066 - AFD.sys kernel memory overwrite.",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/497375/100/0/threaded"
"name" : "oval:org.mitre.oval:def:5825", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5825" "name": "SSRT080143",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"
"name" : "ADV-2008-2817", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2817" "name": "31673",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/31673"
"name" : "1021053", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021053" "name": "http://blogs.technet.com/swi/archive/2008/10/14/ms08-066-how-to-correctly-validate-and-capture-user-mode-data.aspx",
}, "refsource": "MISC",
{ "url": "http://blogs.technet.com/swi/archive/2008/10/14/ms08-066-how-to-correctly-validate-and-capture-user-mode-data.aspx"
"name" : "32261", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32261" "name": "1021053",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1021053"
"name" : "win-afd-privilege-escalation(45578)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45578" "name": "oval:org.mitre.oval:def:5825",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5825"
"name" : "win-ms08kb956803-update(45582)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45582" "name": "HPSBST02379",
} "refsource": "HP",
] "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"
} },
} {
"name": "win-ms08kb956803-update(45582)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45582"
},
{
"name": "TA08-288A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
},
{
"name": "MS08-066",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-066"
},
{
"name": "32261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32261"
}
]
}
}

150
2008/3xxx/CVE-2008-3787.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3787", "ID": "CVE-2008-3787",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in listing_view.php in Web Directory Script 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6298", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6298" "lang": "eng",
}, "value": "SQL injection vulnerability in listing_view.php in Web Directory Script 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter."
{ }
"name" : "30807", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30807" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4187", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4187" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "webdirectory-listingview-sql-injection(44638)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44638" ]
} },
] "references": {
} "reference_data": [
} {
"name": "30807",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30807"
},
{
"name": "4187",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4187"
},
{
"name": "webdirectory-listingview-sql-injection(44638)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44638"
},
{
"name": "6298",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6298"
}
]
}
}

200
2008/3xxx/CVE-2008-3845.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3845", "ID": "CVE-2008-3845",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080825 Crafty Syntax Live Help <= 2.14.6 SQL Injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/495729/100/0/threaded" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php."
{ }
"name" : "6307", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/6307" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.gulftech.org/?node=research&article_id=00127-08252008", "description": [
"refsource" : "MISC", {
"url" : "http://www.gulftech.org/?node=research&article_id=00127-08252008" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://security.craftysyntax.com/updates/?v=2.14.6", ]
"refsource" : "CONFIRM", }
"url" : "http://security.craftysyntax.com/updates/?v=2.14.6" ]
}, },
{ "references": {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=620878", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=620878" "name": "6307",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/6307"
"name" : "30825", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30825" "name": "http://security.craftysyntax.com/updates/?v=2.14.6",
}, "refsource": "CONFIRM",
{ "url": "http://security.craftysyntax.com/updates/?v=2.14.6"
"name" : "31573", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31573" "name": "http://sourceforge.net/project/shownotes.php?release_id=620878",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/project/shownotes.php?release_id=620878"
"name" : "4192", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4192" "name": "http://www.gulftech.org/?node=research&article_id=00127-08252008",
}, "refsource": "MISC",
{ "url": "http://www.gulftech.org/?node=research&article_id=00127-08252008"
"name" : "crafty-syntax-isxmlhttp-sql-injection(44669)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44669" "name": "20080825 Crafty Syntax Live Help <= 2.14.6 SQL Injection",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/495729/100/0/threaded"
} },
} {
"name": "31573",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31573"
},
{
"name": "crafty-syntax-isxmlhttp-sql-injection(44669)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44669"
},
{
"name": "30825",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30825"
},
{
"name": "4192",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4192"
}
]
}
}

350
2008/4xxx/CVE-2008-4096.json
View File

@ -1,177 +1,177 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4096", "ID": "CVE-2008-4096",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20080915 Re: phpMyAdmin code execution (CVE request)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2008/09/16/2" "lang": "eng",
}, "value": "libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function."
{ }
"name" : "[oss-security] 20080915 phpMyAdmin code execution (CVE request)", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2008/09/15/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[phpmyadmin-news] 20080915 phpMyAdmin 2.11.9.1 is released", "description": [
"refsource" : "MLIST", {
"url" : "http://www.nabble.com/phpMyAdmin-2.11.9.1-is-released-td19497113.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://fd.the-wildcat.de/pma_e36a091q11.php", ]
"refsource" : "MISC", }
"url" : "http://fd.the-wildcat.de/pma_e36a091q11.php" ]
}, },
{ "references": {
"name" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-7", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-7" "name": "MDVSA-2008:202",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:202"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=462430", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=462430" "name": "31884",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31884"
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080916-1/", },
"refsource" : "CONFIRM", {
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080916-1/" "name": "31918",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31918"
"name" : "DSA-1641", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1641" "name": "SUSE-SR:2009:003",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html"
"name" : "FEDORA-2008-8269", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01137.html" "name": "FEDORA-2008-8370",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01290.html"
"name" : "FEDORA-2008-8286", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01155.html" "name": "ADV-2008-2585",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2585"
"name" : "FEDORA-2008-8335", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01228.html" "name": "FEDORA-2008-8269",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01137.html"
"name" : "FEDORA-2008-8370", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01290.html" "name": "48196",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/48196"
"name" : "GLSA-200903-32", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200903-32.xml" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=462430",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=462430"
"name" : "MDVSA-2008:202", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:202" "name": "[oss-security] 20080915 phpMyAdmin code execution (CVE request)",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2008/09/15/2"
"name" : "SUSE-SR:2009:003", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html" "name": "http://typo3.org/teams/security/security-bulletins/typo3-20080916-1/",
}, "refsource": "CONFIRM",
{ "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080916-1/"
"name" : "31188", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31188" "name": "GLSA-200903-32",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200903-32.xml"
"name" : "48196", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/48196" "name": "FEDORA-2008-8335",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01228.html"
"name" : "31918", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31918" "name": "FEDORA-2008-8286",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01155.html"
"name" : "ADV-2008-2585", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2585" "name": "phpmyadmin-serverdatabases-code-execution(45157)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45157"
"name" : "31884", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31884" "name": "DSA-1641",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1641"
"name" : "32034", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32034" "name": "33822",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33822"
"name" : "33822", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33822" "name": "31188",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/31188"
"name" : "ADV-2008-2619", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2619" "name": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-7",
}, "refsource": "CONFIRM",
{ "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-7"
"name" : "phpmyadmin-serverdatabases-code-execution(45157)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45157" "name": "32034",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/32034"
} },
} {
"name": "[phpmyadmin-news] 20080915 phpMyAdmin 2.11.9.1 is released",
"refsource": "MLIST",
"url": "http://www.nabble.com/phpMyAdmin-2.11.9.1-is-released-td19497113.html"
},
{
"name": "http://fd.the-wildcat.de/pma_e36a091q11.php",
"refsource": "MISC",
"url": "http://fd.the-wildcat.de/pma_e36a091q11.php"
},
{
"name": "[oss-security] 20080915 Re: phpMyAdmin code execution (CVE request)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/16/2"
},
{
"name": "ADV-2008-2619",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2619"
}
]
}
}

140
2008/6xxx/CVE-2008-6008.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6008", "ID": "CVE-2008-6008",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "hyBook Guestbook Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for hyBook.mdb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080927 hyBook Remote Password Disclouse Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/496790/100/0/threaded" "lang": "eng",
}, "value": "hyBook Guestbook Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for hyBook.mdb."
{ }
"name" : "32079", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/32079" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "hybook-guestbook-hybook-info-disclosure(45513)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45513" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "32079",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32079"
},
{
"name": "hybook-guestbook-hybook-info-disclosure(45513)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45513"
},
{
"name": "20080927 hyBook Remote Password Disclouse Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496790/100/0/threaded"
}
]
}
}

140
2008/6xxx/CVE-2008-6411.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6411", "ID": "CVE-2008-6411",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Explay CMS 2.1 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the login cookie to 1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6500", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6500" "lang": "eng",
}, "value": "Explay CMS 2.1 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the login cookie to 1."
{ }
"name" : "31270", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31270" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "explaycms-cookie-authentication-bypass(45300)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45300" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "31270",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31270"
},
{
"name": "6500",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6500"
},
{
"name": "explaycms-cookie-authentication-bypass(45300)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45300"
}
]
}
}

170
2008/6xxx/CVE-2008-6592.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6592", "ID": "CVE-2008-6592",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy \"no database\" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080418 LightNEasy v.1.2.2 flat Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/491064/100/0/threaded" "lang": "eng",
}, "value": "thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy \"no database\" (aka flat) and SQLite 1.2.2 and earlier, allows remote attackers to copy, rename, and read arbitrary files via directory traversal sequences in the image parameter with a modified cache_dir parameter containing a %00 (encoded null byte)."
{ }
"name" : "5452", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/5452" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "28801", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28801" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "44674", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/44674" ]
}, },
{ "references": {
"name" : "29833", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29833" "name": "28801",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/28801"
"name" : "lightneasy-thumbsup-file-manipulation(49851)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49851" "name": "20080418 LightNEasy v.1.2.2 flat Multiple Vulnerabilities",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/491064/100/0/threaded"
} },
} {
"name": "44674",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/44674"
},
{
"name": "29833",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29833"
},
{
"name": "5452",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5452"
},
{
"name": "lightneasy-thumbsup-file-manipulation(49851)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49851"
}
]
}
}

220
2008/7xxx/CVE-2008-7235.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-7235", "ID": "CVE-2008-7235",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04."
{ }
"name" : "HPSBMA02133", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=120058413923005&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT061201", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=120058413923005&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "TA08-017A", ]
"refsource" : "CERT", }
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-017A.html" ]
}, },
{ "references": {
"name" : "27229", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27229" "name": "1019218",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1019218"
"name" : "40296", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/40296" "name": "27229",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/27229"
"name" : "1019218", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1019218" "name": "TA08-017A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA08-017A.html"
"name" : "28518", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28518" "name": "ADV-2008-0150",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0150"
"name" : "28556", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28556" "name": "ADV-2008-0180",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0180"
"name" : "ADV-2008-0150", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0150" "name": "40296",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/40296"
"name" : "ADV-2008-0180", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0180" "name": "SSRT061201",
} "refsource": "HP",
] "url": "http://marc.info/?l=bugtraq&m=120058413923005&w=2"
} },
} {
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=120058413923005&w=2"
},
{
"name": "28556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28556"
},
{
"name": "28518",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28518"
}
]
}
}

180
2013/2xxx/CVE-2013-2434.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-2434", "ID": "CVE-2013-2434",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D."
{ }
"name" : "HPSBUX02889", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT101252", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2013:0757", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0757.html" ]
}, },
{ "references": {
"name" : "TA13-107A", "reference_data": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-107A" "name": "oval:org.mitre.oval:def:19462",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19462"
"name" : "oval:org.mitre.oval:def:16201", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16201" "name": "oval:org.mitre.oval:def:16201",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16201"
"name" : "oval:org.mitre.oval:def:19462", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19462" "name": "TA13-107A",
} "refsource": "CERT",
] "url": "http://www.us-cert.gov/ncas/alerts/TA13-107A"
} },
} {
"name": "SSRT101252",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2"
},
{
"name": "RHSA-2013:0757",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html"
},
{
"name": "HPSBUX02889",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2"
}
]
}
}

130
2013/2xxx/CVE-2013-2643.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2643", "ID": "CVE-2013-2643",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component."
{ }
"name" : "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx", ]
"refsource" : "CONFIRM", },
"url" : "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130403-0_Sophos_Web_Protection_Appliance_Multiple_Vulnerabilities.txt"
},
{
"name": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx",
"refsource": "CONFIRM",
"url": "http://www.sophos.com/en-us/support/knowledgebase/118969.aspx"
}
]
}
}

122
2017/11xxx/CVE-2017-11044.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-12-04T00:00:00", "DATE_PUBLIC": "2017-12-04T00:00:00",
"ID" : "CVE-2017-11044", "ID": "CVE-2017-11044",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a KGSL driver function, a race condition exists which can lead to a Use After Free condition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free in Graphics"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/pixel/2017-12-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/pixel/2017-12-01" "lang": "eng",
} "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a KGSL driver function, a race condition exists which can lead to a Use After Free condition."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free in Graphics"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2017-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2017-12-01"
}
]
}
}

160
2017/11xxx/CVE-2017-11227.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00", "DATE_PUBLIC": "2017-08-08T00:00:00",
"ID" : "CVE-2017-11227", "ID": "CVE-2017-11227",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Acrobat Reader", "product_name": "Acrobat Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2017.009.20058 and earlier" "version_value": "2017.009.20058 and earlier"
}, },
{ {
"version_value" : "2017.008.30051 and earlier" "version_value": "2017.008.30051 and earlier"
}, },
{ {
"version_value" : "2015.006.30306 and earlier" "version_value": "2015.006.30306 and earlier"
}, },
{ {
"version_value" : "11.0.20 and earlier" "version_value": "11.0.20 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Adobe Systems Incorporated" "vendor_name": "Adobe Systems Incorporated"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" "lang": "eng",
}, "value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution."
{ }
"name" : "100179", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100179" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039098", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039098" "lang": "eng",
} "value": "Memory Corruption"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
},
{
"name": "1039098",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039098"
},
{
"name": "100179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100179"
}
]
}
}

34
2017/11xxx/CVE-2017-11740.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11740", "ID": "CVE-2017-11740",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

152
2017/11xxx/CVE-2017-11907.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-12-12T00:00:00", "DATE_PUBLIC": "2017-12-12T00:00:00",
"ID" : "CVE-2017-11907", "ID": "CVE-2017-11907",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Internet Explorer", "product_name": "Internet Explorer",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." "version_value": "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43370", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43370/" "lang": "eng",
}, "value": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930."
{ }
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11907", ]
"refsource" : "CONFIRM", },
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11907" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "102045", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/102045" "lang": "eng",
}, "value": "Remote Code Execution"
{ }
"name" : "1039991", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1039991" ]
} },
] "references": {
} "reference_data": [
} {
"name": "102045",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102045"
},
{
"name": "1039991",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039991"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11907",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11907"
},
{
"name": "43370",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43370/"
}
]
}
}

34
2017/11xxx/CVE-2017-11979.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11979", "ID": "CVE-2017-11979",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/14xxx/CVE-2017-14113.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-14113", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-14113",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-13067. Reason: This candidate is a reservation duplicate of CVE-2017-13067. Notes: All CVE users should reference CVE-2017-13067 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-13067. Reason: This candidate is a reservation duplicate of CVE-2017-13067. Notes: All CVE users should reference CVE-2017-13067 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

34
2017/14xxx/CVE-2017-14367.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14367", "ID": "CVE-2017-14367",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/14xxx/CVE-2017-14786.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-14786", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-14786",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

130
2017/14xxx/CVE-2017-14831.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2017-14831", "ID": "CVE-2017-14831",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit Reader", "product_name": "Foxit Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.3.1.21155" "version_value": "8.3.1.21155"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the author attribute of Circle Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5023."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416-Use After Free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://zerodayinitiative.com/advisories/ZDI-17-875", "description_data": [
"refsource" : "MISC", {
"url" : "https://zerodayinitiative.com/advisories/ZDI-17-875" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the author attribute of Circle Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5023."
{ }
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", ]
"refsource" : "CONFIRM", },
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-416-Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-17-875",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-875"
}
]
}
}

130
2017/14xxx/CVE-2017-14970.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14970", "ID": "CVE-2017-14970",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating \"it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html" "lang": "eng",
}, "value": "In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating \"it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table.\""
{ }
"name" : "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html", ]
"refsource" : "CONFIRM", },
"url" : "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html",
"refsource": "CONFIRM",
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html"
},
{
"name": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html",
"refsource": "CONFIRM",
"url": "https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html"
}
]
}
}

120
2017/15xxx/CVE-2017-15018.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15018", "ID": "CVE-2017-15018",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LAME 3.99.5 has a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://sourceforge.net/p/lame/bugs/480/", "description_data": [
"refsource" : "MISC", {
"url" : "https://sourceforge.net/p/lame/bugs/480/" "lang": "eng",
} "value": "LAME 3.99.5 has a heap-based buffer over-read when handling a malformed file in k_34_4 in vbrquantize.c."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/lame/bugs/480/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/lame/bugs/480/"
}
]
}
}

140
2017/15xxx/CVE-2017-15298.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15298", "ID": "CVE-2017-15298",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/Katee/git-bomb", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/Katee/git-bomb" "lang": "eng",
}, "value": "Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk."
{ }
"name" : "https://kate.io/blog/git-bomb/", ]
"refsource" : "MISC", },
"url" : "https://kate.io/blog/git-bomb/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "USN-3829-1", "description": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3829-1/" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Katee/git-bomb",
"refsource": "MISC",
"url": "https://github.com/Katee/git-bomb"
},
{
"name": "https://kate.io/blog/git-bomb/",
"refsource": "MISC",
"url": "https://kate.io/blog/git-bomb/"
},
{
"name": "USN-3829-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3829-1/"
}
]
}
}

130
2017/15xxx/CVE-2017-15970.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15970", "ID": "CVE-2017-15970",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43089", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43089/" "lang": "eng",
}, "value": "PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter."
{ }
"name" : "https://packetstormsecurity.com/files/144440/PHP-CityPortal-2.0-SQL-Injection.html", ]
"refsource" : "MISC", },
"url" : "https://packetstormsecurity.com/files/144440/PHP-CityPortal-2.0-SQL-Injection.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/144440/PHP-CityPortal-2.0-SQL-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/144440/PHP-CityPortal-2.0-SQL-Injection.html"
},
{
"name": "43089",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43089/"
}
]
}
}

150
2017/8xxx/CVE-2017-8310.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@checkpoint.com", "ASSIGNER": "cve@checkpoint.com",
"ID" : "CVE-2017-8310", "ID": "CVE-2017-8310",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "VLC", "product_name": "VLC",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.2.*" "version_value": "2.2.*"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "VideoLAN" "vendor_name": "VideoLAN"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=blobdiff;f=modules/codec/subsdec.c;h=addd8c71f30d53558fffd19059b374be45cf0f8e;hp=1b4276e299a2a6668047231d29ac705ae93076ba;hb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328;hpb=3477dba3d506de8d95bccef2c6b67861188f6c29", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=blobdiff;f=modules/codec/subsdec.c;h=addd8c71f30d53558fffd19059b374be45cf0f8e;hp=1b4276e299a2a6668047231d29ac705ae93076ba;hb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328;hpb=3477dba3d506de8d95bccef2c6b67861188f6c29" "lang": "eng",
}, "value": "Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond allocated memory and potentially crash the process (causing a denial of service) via a crafted subtitles file."
{ }
"name" : "DSA-3899", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2017/dsa-3899" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201707-10", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201707-10" "lang": "eng",
}, "value": "Allows attacker to read data beyond allocated memory and potentially crash the process (causing a denial of service)"
{ }
"name" : "98638", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/98638" ]
} },
] "references": {
} "reference_data": [
} {
"name": "GLSA-201707-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-10"
},
{
"name": "98638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98638"
},
{
"name": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=blobdiff;f=modules/codec/subsdec.c;h=addd8c71f30d53558fffd19059b374be45cf0f8e;hp=1b4276e299a2a6668047231d29ac705ae93076ba;hb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328;hpb=3477dba3d506de8d95bccef2c6b67861188f6c29",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc/vlc-2.2.git;a=blobdiff;f=modules/codec/subsdec.c;h=addd8c71f30d53558fffd19059b374be45cf0f8e;hp=1b4276e299a2a6668047231d29ac705ae93076ba;hb=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328;hpb=3477dba3d506de8d95bccef2c6b67861188f6c29"
},
{
"name": "DSA-3899",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3899"
}
]
}
}

142
2017/8xxx/CVE-2017-8589.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-07-11T00:00:00", "DATE_PUBLIC": "2017-07-11T00:00:00",
"ID" : "CVE-2017-8589", "ID": "CVE-2017-8589",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016.", "product_name": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016.",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Windows" "version_value": "Microsoft Windows"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way that Windows Search handles objects in memory, aka \"Windows Search Remote Code Execution Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8589", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8589" "lang": "eng",
}, "value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way that Windows Search handles objects in memory, aka \"Windows Search Remote Code Execution Vulnerability\"."
{ }
"name" : "99425", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99425" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038866", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038866" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1038866",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038866"
},
{
"name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8589",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8589"
},
{
"name": "99425",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99425"
}
]
}
}

130
2017/8xxx/CVE-2017-8843.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8843", "ID": "CVE-2017-8843",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-join_pthread-stream-c/", "description_data": [
"refsource" : "MISC", {
"url" : "https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-join_pthread-stream-c/" "lang": "eng",
}, "value": "The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive."
{ }
"name" : "https://github.com/ckolivas/lrzip/issues/69", ]
"refsource" : "MISC", },
"url" : "https://github.com/ckolivas/lrzip/issues/69" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ckolivas/lrzip/issues/69",
"refsource": "MISC",
"url": "https://github.com/ckolivas/lrzip/issues/69"
},
{
"name": "https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-join_pthread-stream-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-join_pthread-stream-c/"
}
]
}
}

180
2017/9xxx/CVE-2017-9061.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9061", "ID": "CVE-2017-9061",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://wpvulndb.com/vulnerabilities/8819", "description_data": [
"refsource" : "MISC", {
"url" : "https://wpvulndb.com/vulnerabilities/8819" "lang": "eng",
}, "value": "In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename."
{ }
"name" : "https://codex.wordpress.org/Version_4.7.5", ]
"refsource" : "CONFIRM", },
"url" : "https://codex.wordpress.org/Version_4.7.5" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://wordpress.org/news/2017/05/wordpress-4-7-5/", ]
"refsource" : "CONFIRM", }
"url" : "https://wordpress.org/news/2017/05/wordpress-4-7-5/" ]
}, },
{ "references": {
"name" : "DSA-3870", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3870" "name": "1038520",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1038520"
"name" : "98509", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98509" "name": "https://wordpress.org/news/2017/05/wordpress-4-7-5/",
}, "refsource": "CONFIRM",
{ "url": "https://wordpress.org/news/2017/05/wordpress-4-7-5/"
"name" : "1038520", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038520" "name": "DSA-3870",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2017/dsa-3870"
} },
} {
"name": "https://wpvulndb.com/vulnerabilities/8819",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8819"
},
{
"name": "98509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98509"
},
{
"name": "https://codex.wordpress.org/Version_4.7.5",
"refsource": "CONFIRM",
"url": "https://codex.wordpress.org/Version_4.7.5"
},
{
"name": "https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6",
"refsource": "CONFIRM",
"url": "https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6"
}
]
}
}

126
2018/1000xxx/CVE-2018-1000844.json
View File

@ -1,65 +1,65 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-11-27T13:54:33.481816", "DATE_ASSIGNED": "2018-11-27T13:54:33.481816",
"DATE_REQUESTED" : "2018-11-05T16:23:59", "DATE_REQUESTED": "2018-11-05T16:23:59",
"ID" : "CVE-2018-1000844", "ID": "CVE-2018-1000844",
"REQUESTER" : "zacharymillerconsulting@gmail.com", "REQUESTER": "zacharymillerconsulting@gmail.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Retrofit", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Square Open Source " "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML External Entity (XXE) vulnerability in JAXB that can result in An attacker could use this to remotely read files from the file system or to perform SSRF.. This vulnerability appears to have been fixed in After commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XML External Entity (XXE)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/square/retrofit/pull/2735", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/square/retrofit/pull/2735" "lang": "eng",
} "value": "Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML External Entity (XXE) vulnerability in JAXB that can result in An attacker could use this to remotely read files from the file system or to perform SSRF.. This vulnerability appears to have been fixed in After commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/square/retrofit/pull/2735",
"refsource": "MISC",
"url": "https://github.com/square/retrofit/pull/2735"
}
]
}
}

120
2018/12xxx/CVE-2018-12263.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12263", "ID": "CVE-2018-12263",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/oyeahtime/test/issues/3", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/oyeahtime/test/issues/3" "lang": "eng",
} "value": "portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/oyeahtime/test/issues/3",
"refsource": "MISC",
"url": "https://github.com/oyeahtime/test/issues/3"
}
]
}
}

34
2018/12xxx/CVE-2018-12677.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12677", "ID": "CVE-2018-12677",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/12xxx/CVE-2018-12967.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12967", "ID": "CVE-2018-12967",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/13xxx/CVE-2018-13312.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13312", "ID": "CVE-2018-13312",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the \"Input your notice URL\" field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154", "description_data": [
"refsource" : "MISC", {
"url" : "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154" "lang": "eng",
} "value": "Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the \"Input your notice URL\" field."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/new-vulnerabilities-in-totolink-a3002ru-d6f42a081154"
}
]
}
}

34
2018/13xxx/CVE-2018-13382.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13382", "ID": "CVE-2018-13382",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/13xxx/CVE-2018-13977.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13977", "ID": "CVE-2018-13977",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/16xxx/CVE-2018-16108.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-16108", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-16108",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
} }
] ]
} }
} }

34
2018/16xxx/CVE-2018-16156.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16156", "ID": "CVE-2018-16156",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/16xxx/CVE-2018-16729.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16729", "ID": "CVE-2018-16729",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/pluck-cms/pluck/issues/63", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/pluck-cms/pluck/issues/63" "lang": "eng",
} "value": "Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pluck-cms/pluck/issues/63",
"refsource": "MISC",
"url": "https://github.com/pluck-cms/pluck/issues/63"
}
]
}
}

34
2018/16xxx/CVE-2018-16902.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16902", "ID": "CVE-2018-16902",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2018/4xxx/CVE-2018-4111.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2018-4111", "ID": "CVE-2018-4111",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the \"Mail\" component. It allows man-in-the-middle attackers to read S/MIME encrypted message content by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT208692", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208692" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the \"Mail\" component. It allows man-in-the-middle attackers to read S/MIME encrypted message content by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature."
{ }
"name" : "103582", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103582" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040608", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040608" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208692",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208692"
},
{
"name": "103582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103582"
},
{
"name": "1040608",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040608"
}
]
}
}

34
2018/4xxx/CVE-2018-4619.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4619", "ID": "CVE-2018-4619",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/4xxx/CVE-2018-4759.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4759", "ID": "CVE-2018-4759",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }