admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:14:57 +00:00
parent e644a41ec5
commit 809bfb3322
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
64 changed files with 4163 additions and 4163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

320
2004/0xxx/CVE-2004-0234.json
View File

@ -1,162 +1,162 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0234", "ID": "CVE-2004-0234",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040501 LHa buffer overflows and directory traversal problems", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html" "lang": "eng",
}, "value": "Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive."
{ }
"name" : "20040502 Lha local stack overflow Proof Of Concept Code", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020778.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20040510 [Ulf Harnhammar]: LHA Advisory + Patch", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=108422737918885&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20060403 Barracuda LHA archiver security bug leads to remote compromise", ]
"refsource" : "BUGTRAQ", }
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-04/0059.html" ]
}, },
{ "references": {
"name" : "http://www.guay-leroux.com/projects/barracuda-advisory-LHA.txt", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.guay-leroux.com/projects/barracuda-advisory-LHA.txt" "name": "1015866",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015866"
"name" : "CLA-2004:840", },
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840" "name": "CLA-2004:840",
}, "refsource": "CONECTIVA",
{ "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840"
"name" : "DSA-515", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2004/dsa-515" "name": "5753",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/5753"
"name" : "FLSA:1833", },
"refsource" : "FEDORA", {
"url" : "https://bugzilla.fedora.us/show_bug.cgi?id=1833" "name": "oval:org.mitre.oval:def:977",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A977"
"name" : "RHSA-2004:178", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-178.html" "name": "FEDORA-2004-119",
}, "refsource": "FEDORA",
{ "url": "http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html"
"name" : "RHSA-2004:179", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-179.html" "name": "20060403 Barracuda LHA archiver security bug leads to remote compromise",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0059.html"
"name" : "GLSA-200405-02", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200405-02.xml" "name": "10243",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/10243"
"name" : "FEDORA-2004-119", },
"refsource" : "FEDORA", {
"url" : "http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html" "name": "ADV-2006-1220",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/1220"
"name" : "10243", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10243" "name": "20040501 LHa buffer overflows and directory traversal problems",
}, "refsource": "FULLDISC",
{ "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html"
"name" : "oval:org.mitre.oval:def:9881", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9881" "name": "19514",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19514"
"name" : "ADV-2006-1220", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1220" "name": "5754",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/5754"
"name" : "5753", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/5753" "name": "RHSA-2004:179",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2004-179.html"
"name" : "5754", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/5754" "name": "http://www.guay-leroux.com/projects/barracuda-advisory-LHA.txt",
}, "refsource": "MISC",
{ "url": "http://www.guay-leroux.com/projects/barracuda-advisory-LHA.txt"
"name" : "oval:org.mitre.oval:def:977", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A977" "name": "FLSA:1833",
}, "refsource": "FEDORA",
{ "url": "https://bugzilla.fedora.us/show_bug.cgi?id=1833"
"name" : "1015866", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015866" "name": "DSA-515",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2004/dsa-515"
"name" : "19514", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19514" "name": "oval:org.mitre.oval:def:9881",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9881"
"name" : "lha-multiple-bo(16012)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16012" "name": "20040510 [Ulf Harnhammar]: LHA Advisory + Patch",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=108422737918885&w=2"
} },
} {
"name": "GLSA-200405-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200405-02.xml"
},
{
"name": "RHSA-2004:178",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-178.html"
},
{
"name": "lha-multiple-bo(16012)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16012"
},
{
"name": "20040502 Lha local stack overflow Proof Of Concept Code",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020778.html"
}
]
}
}

150
2004/0xxx/CVE-2004-0246.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0246", "ID": "CVE-2004-0246",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in (1) fonctions.lib.php, (2) derniers_commentaires.php, and (3) admin.php in Les Commentaires 2.0 allow remote attackers to execute arbitrary PHP code via the rep parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040203 Les Commentaires (PHP) Include file", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=107584083719763&w=2" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in (1) fonctions.lib.php, (2) derniers_commentaires.php, and (3) admin.php in Les Commentaires 2.0 allow remote attackers to execute arbitrary PHP code via the rep parameter."
{ }
"name" : "9536", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/9536" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "10768", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/10768/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "lescommentaires-multiple-file-include(15010)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15010" ]
} },
] "references": {
} "reference_data": [
} {
"name": "10768",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10768/"
},
{
"name": "lescommentaires-multiple-file-include(15010)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15010"
},
{
"name": "9536",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9536"
},
{
"name": "20040203 Les Commentaires (PHP) Include file",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107584083719763&w=2"
}
]
}
}

200
2004/0xxx/CVE-2004-0699.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0699", "ID": "CVE-2004-0699",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allows remote attackers to execute arbitrary code by initiating an IKE negotiation and then sending an IKE packet with malformed ASN.1 data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040728 Check Point VPN-1 ASN.1 Decoding Remote Compromise", "description_data": [
"refsource" : "ISS", {
"url" : "http://xforce.iss.net/xforce/alerts/id/178" "lang": "eng",
}, "value": "Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allows remote attackers to execute arbitrary code by initiating an IKE negotiation and then sending an IKE packet with malformed ASN.1 data."
{ }
"name" : "http://www.checkpoint.com/techsupport/alerts/asn1.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.checkpoint.com/techsupport/alerts/asn1.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#435358", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/435358" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "O-190", ]
"refsource" : "CIAC", }
"url" : "http://www.ciac.org/ciac/bulletins/o-190.shtml" ]
}, },
{ "references": {
"name" : "10820", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10820" "name": "http://www.checkpoint.com/techsupport/alerts/asn1.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.checkpoint.com/techsupport/alerts/asn1.html"
"name" : "8290", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=8290" "name": "1010799",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/alerts/2004/Jul/1010799.html"
"name" : "1010799", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/alerts/2004/Jul/1010799.html" "name": "VU#435358",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/435358"
"name" : "12177", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12177/" "name": "8290",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=8290"
"name" : "vpn1-asn1-decoding-bo(16824)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16824" "name": "10820",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/10820"
} },
} {
"name": "12177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12177/"
},
{
"name": "20040728 Check Point VPN-1 ASN.1 Decoding Remote Compromise",
"refsource": "ISS",
"url": "http://xforce.iss.net/xforce/alerts/id/178"
},
{
"name": "O-190",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-190.shtml"
},
{
"name": "vpn1-asn1-decoding-bo(16824)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16824"
}
]
}
}

180
2004/0xxx/CVE-2004-0983.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0983", "ID": "CVE-2004-0983",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-586", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2004/dsa-586" "lang": "eng",
}, "value": "The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request."
{ }
"name" : "MDKSA-2004:128", ]
"refsource" : "MANDRAKE", },
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:128" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2004:635", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-635.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-20-1", ]
"refsource" : "UBUNTU", }
"url" : "https://usn.ubuntu.com/20-1/" ]
}, },
{ "references": {
"name" : "11618", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11618" "name": "RHSA-2004:635",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2004-635.html"
"name" : "oval:org.mitre.oval:def:10268", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10268" "name": "MDKSA-2004:128",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:128"
"name" : "ruby-cgi-dos(17985)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17985" "name": "11618",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/11618"
} },
} {
"name": "oval:org.mitre.oval:def:10268",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10268"
},
{
"name": "USN-20-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/20-1/"
},
{
"name": "DSA-586",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-586"
},
{
"name": "ruby-cgi-dos(17985)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17985"
}
]
}
}

34
2004/1xxx/CVE-2004-1041.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1041", "ID": "CVE-2004-1041",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

210
2004/1xxx/CVE-2004-1065.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1065", "ID": "CVE-2004-1065",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.php.net/release_4_3_10.php", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.php.net/release_4_3_10.php" "lang": "eng",
}, "value": "Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file."
{ }
"name" : "OpenPKG-SA-2004.053", ]
"refsource" : "OPENPKG", },
"url" : "http://msgs.securepoint.com/cgi-bin/get/bugtraq0412/157.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FLSA:2344", "description": [
"refsource" : "FEDORA", {
"url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2344" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBMA01212", ]
"refsource" : "HP", }
"url" : "http://www.securityfocus.com/advisories/9028" ]
}, },
{ "references": {
"name" : "MDKSA-2004:151", "reference_data": [
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:151" "name": "RHSA-2005:032",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2005-032.html"
"name" : "RHSA-2004:687", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-687.html" "name": "SUSE-SA:2005:002",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2005_02_php4_mod_php4.html"
"name" : "RHSA-2005:032", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-032.html" "name": "http://www.php.net/release_4_3_10.php",
}, "refsource": "CONFIRM",
{ "url": "http://www.php.net/release_4_3_10.php"
"name" : "SUSE-SA:2005:002", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2005_02_php4_mod_php4.html" "name": "oval:org.mitre.oval:def:10877",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10877"
"name" : "oval:org.mitre.oval:def:10877", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10877" "name": "MDKSA-2004:151",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:151"
"name" : "php-exifreaddata-bo(18517)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18517" "name": "FLSA:2344",
} "refsource": "FEDORA",
] "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2344"
} },
} {
"name": "php-exifreaddata-bo(18517)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18517"
},
{
"name": "OpenPKG-SA-2004.053",
"refsource": "OPENPKG",
"url": "http://msgs.securepoint.com/cgi-bin/get/bugtraq0412/157.html"
},
{
"name": "HPSBMA01212",
"refsource": "HP",
"url": "http://www.securityfocus.com/advisories/9028"
},
{
"name": "RHSA-2004:687",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-687.html"
}
]
}
}

130
2004/1xxx/CVE-2004-1502.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1502", "ID": "CVE-2004-1502",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (socket exhaustion) via a Telnet request to an IP address of the proxy's network interface, which causes a loop."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041106 Resources consumption in 602 Lan Suite 2004.0.04.0909", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109976745017459&w=2" "lang": "eng",
}, "value": "The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (socket exhaustion) via a Telnet request to an IP address of the proxy's network interface, which causes a loop."
{ }
"name" : "602pro-telnet-loopback-dos(17979)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17979" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "602pro-telnet-loopback-dos(17979)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17979"
},
{
"name": "20041106 Resources consumption in 602 Lan Suite 2004.0.04.0909",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109976745017459&w=2"
}
]
}
}

170
2004/1xxx/CVE-2004-1983.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1983", "ID": "CVE-2004-1983",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization (ASLR) is enabled, allows local users to cause a denial of service (infinite loop) via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040502 PaX Linux Kernel 2.6 Patches DoS Advisory", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=108360001130312&w=2" "lang": "eng",
}, "value": "The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization (ASLR) is enabled, allows local users to cause a denial of service (infinite loop) via unknown attack vectors."
{ }
"name" : "20040509 PaX DoS proof-of-concept", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=108420555920369&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-200407-02", "description": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200407-02.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://pax.grsecurity.net/", ]
"refsource" : "CONFIRM", }
"url" : "http://pax.grsecurity.net/" ]
}, },
{ "references": {
"name" : "10264", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10264" "name": "20040509 PaX DoS proof-of-concept",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=108420555920369&w=2"
"name" : "pax-aslr-enabled-dos(16037)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16037" "name": "pax-aslr-enabled-dos(16037)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16037"
} },
} {
"name": "http://pax.grsecurity.net/",
"refsource": "CONFIRM",
"url": "http://pax.grsecurity.net/"
},
{
"name": "20040502 PaX Linux Kernel 2.6 Patches DoS Advisory",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108360001130312&w=2"
},
{
"name": "GLSA-200407-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200407-02.xml"
},
{
"name": "10264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10264"
}
]
}
}

140
2008/2xxx/CVE-2008-2216.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2216", "ID": "CVE-2008-2216",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in src/yopy_upload.php in Project-Based Calendaring System (PBCS) 0.7.1 allows remote authenticated users to upload arbitrary files to tmp/uploads."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5523", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5523" "lang": "eng",
}, "value": "Unrestricted file upload vulnerability in src/yopy_upload.php in Project-Based Calendaring System (PBCS) 0.7.1 allows remote authenticated users to upload arbitrary files to tmp/uploads."
{ }
"name" : "28991", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28991" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "pbcs-yopyupload-file-upload(42105)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42105" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "5523",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5523"
},
{
"name": "pbcs-yopyupload-file-upload(42105)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42105"
},
{
"name": "28991",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28991"
}
]
}
}

160
2008/2xxx/CVE-2008-2223.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2223", "ID": "CVE-2008-2223",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in group_posts.php in vShare YouTube Clone 2.6 allows remote attackers to execute arbitrary SQL commands via the tid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5565", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5565" "lang": "eng",
}, "value": "SQL injection vulnerability in group_posts.php in vShare YouTube Clone 2.6 allows remote attackers to execute arbitrary SQL commands via the tid parameter."
{ }
"name" : "http://forums.buyscripts.in/viewtopic.php?f=7&t=3389", ]
"refsource" : "CONFIRM", },
"url" : "http://forums.buyscripts.in/viewtopic.php?f=7&t=3389" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "29114", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29114" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "30144", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/30144" ]
}, },
{ "references": {
"name" : "youtubeclone-groupposts-sql-injection(42285)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42285" "name": "30144",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/30144"
} },
} {
"name": "5565",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5565"
},
{
"name": "youtubeclone-groupposts-sql-injection(42285)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42285"
},
{
"name": "29114",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29114"
},
{
"name": "http://forums.buyscripts.in/viewtopic.php?f=7&t=3389",
"refsource": "CONFIRM",
"url": "http://forums.buyscripts.in/viewtopic.php?f=7&t=3389"
}
]
}
}

200
2008/2xxx/CVE-2008-2582.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2582", "ID": "CVE-2008-2582",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 has unknown impact and remote attack vectors."
{ }
"name" : "HPSBMA02133", ]
"refsource" : "HP", },
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT061201", "description": [
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-2115", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/2115" ]
}, },
{ "references": {
"name" : "ADV-2008-2109", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2109/references" "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
"name" : "1020498", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020498" "name": "ADV-2008-2115",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2115"
"name" : "31113", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31113" "name": "SSRT061201",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
"name" : "31087", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31087" "name": "HPSBMA02133",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
"name" : "oracle-weblogic-dos(43825)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43825" "name": "ADV-2008-2109",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2008/2109/references"
} },
} {
"name": "oracle-weblogic-dos(43825)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43825"
},
{
"name": "31087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31087"
},
{
"name": "31113",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31113"
},
{
"name": "1020498",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020498"
}
]
}
}

170
2008/2xxx/CVE-2008-2889.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2889", "ID": "CVE-2008-2889",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the FTP client in AceBIT WISE-FTP 4.1.0 and 5.5.8 allows remote FTP servers to create or overwrite arbitrary files via a ..\\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://vuln.sg/wiseftp558-en.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://vuln.sg/wiseftp558-en.html" "lang": "eng",
}, "value": "Directory traversal vulnerability in the FTP client in AceBIT WISE-FTP 4.1.0 and 5.5.8 allows remote FTP servers to create or overwrite arbitrary files via a ..\\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345."
{ }
"name" : "http://www.wise-ftp.com/news/index.htm", ]
"refsource" : "CONFIRM", },
"url" : "http://www.wise-ftp.com/news/index.htm" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "29844", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29844" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-1898", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/1898/references" ]
}, },
{ "references": {
"name" : "30663", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30663" "name": "30663",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30663"
"name" : "30788", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30788" "name": "29844",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/29844"
} },
} {
"name": "ADV-2008-1898",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1898/references"
},
{
"name": "30788",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30788"
},
{
"name": "http://www.wise-ftp.com/news/index.htm",
"refsource": "CONFIRM",
"url": "http://www.wise-ftp.com/news/index.htm"
},
{
"name": "http://vuln.sg/wiseftp558-en.html",
"refsource": "MISC",
"url": "http://vuln.sg/wiseftp558-en.html"
}
]
}
}

140
2008/3xxx/CVE-2008-3439.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3439", "ID": "CVE-2008-3439",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SpeedBit Video Acceleration before 2.2.1.8 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html" "lang": "eng",
}, "value": "SpeedBit Video Acceleration before 2.2.1.8 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning."
{ }
"name" : "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf", ]
"refsource" : "MISC", },
"url" : "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz", "description": [
"refsource" : "MISC", {
"url" : "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf",
"refsource": "MISC",
"url": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf"
},
{
"name": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz",
"refsource": "MISC",
"url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz"
},
{
"name": "20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html"
}
]
}
}

150
2008/3xxx/CVE-2008-3559.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3559", "ID": "CVE-2008-3559",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice allow remote attackers to inject arbitrary web script or HTML via the (1) filename parameter to search.asp and the (2) page parameter to order.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30567.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30567.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice allow remote attackers to inject arbitrary web script or HTML via the (1) filename parameter to search.asp and the (2) page parameter to order.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "30567", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30567" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31369", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31369" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "kaphotoservice-search-order-xss(44271)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44271" ]
} },
] "references": {
} "reference_data": [
} {
"name": "31369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31369"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/30567.html",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/30567.html"
},
{
"name": "30567",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30567"
},
{
"name": "kaphotoservice-search-order-xss(44271)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44271"
}
]
}
}

290
2008/3xxx/CVE-2008-3691.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3691", "ID": "CVE-2008-3691",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/495869/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696."
{ }
"name" : "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.vmware.com/support/ace/doc/releasenotes_ace.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/support/ace/doc/releasenotes_ace.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html" ]
}, },
{ "references": {
"name" : "http://www.vmware.com/support/player/doc/releasenotes_player.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/support/player/doc/releasenotes_player.html" "name": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2008-0014.html"
"name" : "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/support/player2/doc/releasenotes_player2.html" "name": "31709",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31709"
"name" : "http://www.vmware.com/support/server/doc/releasenotes_server.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/support/server/doc/releasenotes_server.html" "name": "http://www.vmware.com/support/server/doc/releasenotes_server.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/support/server/doc/releasenotes_server.html"
"name" : "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html" "name": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"
"name" : "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html" "name": "1020791",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1020791"
"name" : "http://www.vmware.com/security/advisories/VMSA-2008-0014.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2008-0014.html" "name": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html"
"name" : "30934", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30934" "name": "31710",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31710"
"name" : "ADV-2008-2466", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2466" "name": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/support/ace/doc/releasenotes_ace.html"
"name" : "1020791", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020791" "name": "30934",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/30934"
"name" : "31707", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31707" "name": "http://www.vmware.com/support/player/doc/releasenotes_player.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/support/player/doc/releasenotes_player.html"
"name" : "31708", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31708" "name": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"
"name" : "31709", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31709" "name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/495869/100/0/threaded"
"name" : "31710", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31710" "name": "20080830 VMSA-2008-0014 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Server, VMware ESX address information disclosure, privilege escalation and other security issues.",
}, "refsource": "FULLDISC",
{ "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064118.html"
"name" : "4202", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4202" "name": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html",
} "refsource": "CONFIRM",
] "url": "http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html"
} },
} {
"name": "31707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31707"
},
{
"name": "31708",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31708"
},
{
"name": "4202",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4202"
},
{
"name": "ADV-2008-2466",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2466"
}
]
}
}

140
2008/4xxx/CVE-2008-4540.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4540", "ID": "CVE-2008-4540",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081008 Windows Mobile 6 insecure password handling and too short WLAN-password", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/497151/100/0/threaded" "lang": "eng",
}, "value": "Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access."
{ }
"name" : "4402", ]
"refsource" : "SREASON", },
"url" : "http://securityreason.com/securityalert/4402" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "windowsmobile-hermes-security-bypass(45857)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45857" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "4402",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4402"
},
{
"name": "windowsmobile-hermes-security-bypass(45857)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45857"
},
{
"name": "20081008 Windows Mobile 6 insecure password handling and too short WLAN-password",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497151/100/0/threaded"
}
]
}
}

140
2008/6xxx/CVE-2008-6088.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6088", "ID": "CVE-2008-6088",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Joomtracker (com_joomtracker) 1.01 module for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tordetails action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6709", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6709" "lang": "eng",
}, "value": "SQL injection vulnerability in the Joomtracker (com_joomtracker) 1.01 module for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tordetails action to index.php."
{ }
"name" : "31676", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31676" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "joomtracker-index-sql-injection(45798)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45798" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "joomtracker-index-sql-injection(45798)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45798"
},
{
"name": "6709",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6709"
},
{
"name": "31676",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31676"
}
]
}
}

150
2008/6xxx/CVE-2008-6151.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6151", "ID": "CVE-2008-6151",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in shpdetails.asp in SepCity Shopping Mall allows remote attackers to execute arbitrary SQL commands via the ID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7609", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7609" "lang": "eng",
}, "value": "SQL injection vulnerability in shpdetails.asp in SepCity Shopping Mall allows remote attackers to execute arbitrary SQL commands via the ID parameter."
{ }
"name" : "33039", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/33039" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33358", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33358" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "shoppingmall-shpdetails-sql-injection(47622)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47622" ]
} },
] "references": {
} "reference_data": [
} {
"name": "shoppingmall-shpdetails-sql-injection(47622)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47622"
},
{
"name": "7609",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7609"
},
{
"name": "33358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33358"
},
{
"name": "33039",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33039"
}
]
}
}

150
2008/6xxx/CVE-2008-6416.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6416", "ID": "CVE-2008-6416",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL-Console before 0.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"internal pages.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.greensql.net/node/70", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.greensql.net/node/70" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL-Console before 0.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"internal pages.\""
{ }
"name" : "45870", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/45870" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30475", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30475" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "greensqlconsole-unspecified-xss(42771)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42771" ]
} },
] "references": {
} "reference_data": [
} {
"name": "45870",
"refsource": "OSVDB",
"url": "http://osvdb.org/45870"
},
{
"name": "http://www.greensql.net/node/70",
"refsource": "CONFIRM",
"url": "http://www.greensql.net/node/70"
},
{
"name": "30475",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30475"
},
{
"name": "greensqlconsole-unspecified-xss(42771)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42771"
}
]
}
}

190
2008/6xxx/CVE-2008-6614.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6614", "ID": "CVE-2008-6614",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in microcms-admin-login.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) allow remote attackers to execute arbitrary SQL commands via (1) the administrators_username parameter (aka the Username field) or (2) the administrators_pass parameter (aka the Password field)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080512 [SkyOut/Wired Security] SQL Injection in IDB Micro CMS 3.5 (Login Bypass)", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0344.html" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in microcms-admin-login.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) allow remote attackers to execute arbitrary SQL commands via (1) the administrators_username parameter (aka the Username field) or (2) the administrators_pass parameter (aka the Password field)."
{ }
"name" : "9699", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/9699" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://wired-security.net/texts/advisories/IBD_Micro_CMS_3.5_SQL_Injection_Login_Bypass_Advisory.txt", "description": [
"refsource" : "MISC", {
"url" : "http://wired-security.net/texts/advisories/IBD_Micro_CMS_3.5_SQL_Injection_Login_Bypass_Advisory.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.securityfocus.com/bid/29159/exploit", ]
"refsource" : "MISC", }
"url" : "http://www.securityfocus.com/bid/29159/exploit" ]
}, },
{ "references": {
"name" : "29159", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29159" "name": "9699",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/9699"
"name" : "51298", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/51298" "name": "20080512 [SkyOut/Wired Security] SQL Injection in IDB Micro CMS 3.5 (Login Bypass)",
}, "refsource": "FULLDISC",
{ "url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0344.html"
"name" : "ibdmicrocms-microcmsadmin-sql-injection(42539)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42539" "name": "29159",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/29159"
"name" : "microcms-microcmsadmin-sql-injection(53272)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53272" "name": "http://wired-security.net/texts/advisories/IBD_Micro_CMS_3.5_SQL_Injection_Login_Bypass_Advisory.txt",
} "refsource": "MISC",
] "url": "http://wired-security.net/texts/advisories/IBD_Micro_CMS_3.5_SQL_Injection_Login_Bypass_Advisory.txt"
} },
} {
"name": "51298",
"refsource": "OSVDB",
"url": "http://osvdb.org/51298"
},
{
"name": "http://www.securityfocus.com/bid/29159/exploit",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/29159/exploit"
},
{
"name": "ibdmicrocms-microcmsadmin-sql-injection(42539)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42539"
},
{
"name": "microcms-microcmsadmin-sql-injection(53272)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53272"
}
]
}
}

160
2008/6xxx/CVE-2008-6642.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6642", "ID": "CVE-2008-6642",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in view.php in DotContent FluentCMS 4.x allows remote attackers to execute arbitrary SQL commands via the sid parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5509", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5509" "lang": "eng",
}, "value": "SQL injection vulnerability in view.php in DotContent FluentCMS 4.x allows remote attackers to execute arbitrary SQL commands via the sid parameter. NOTE: some of these details are obtained from third party information."
{ }
"name" : "28965", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28965" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "44831", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/44831" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "29970", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/29970" ]
}, },
{ "references": {
"name" : "fluentcms-view-sql-injection(42048)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42048" "name": "29970",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/29970"
} },
} {
"name": "5509",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5509"
},
{
"name": "28965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28965"
},
{
"name": "44831",
"refsource": "OSVDB",
"url": "http://osvdb.org/44831"
},
{
"name": "fluentcms-view-sql-injection(42048)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42048"
}
]
}
}

160
2008/6xxx/CVE-2008-6743.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6743", "ID": "CVE-2008-6743",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RSMScript 1.21 allows remote attackers to bypass authentication and gain administrative privileges by setting the verified cookie to an arbitrary value and performing a direct request to (1) delete.php, (2) edit-submit.php, (3) edit.php, (4) submit.php, and (5) update.php, which bypasses the security check that is performed by verify.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7497", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7497" "lang": "eng",
}, "value": "RSMScript 1.21 allows remote attackers to bypass authentication and gain administrative privileges by setting the verified cookie to an arbitrary value and performing a direct request to (1) delete.php, (2) edit-submit.php, (3) edit.php, (4) submit.php, and (5) update.php, which bypasses the security check that is performed by verify.php."
{ }
"name" : "32886", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32886" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "50802", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/50802" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "33150", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/33150" ]
}, },
{ "references": {
"name" : "rsmscript-verify-security-bypass(47451)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47451" "name": "rsmscript-verify-security-bypass(47451)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47451"
} },
} {
"name": "50802",
"refsource": "OSVDB",
"url": "http://osvdb.org/50802"
},
{
"name": "32886",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32886"
},
{
"name": "7497",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7497"
},
{
"name": "33150",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33150"
}
]
}
}

150
2013/2xxx/CVE-2013-2004.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-2004", "ID": "CVE-2013-2004",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/05/23/3" "lang": "eng",
}, "value": "The (1) GetDatabase and (2) _XimParseStringFile functions in X.org libX11 1.5.99.901 (1.6 RC1) and earlier do not restrict the recursion depth when processing directives to include files, which allows X servers to cause a denial of service (stack consumption) via a crafted file."
{ }
"name" : "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23", ]
"refsource" : "CONFIRM", },
"url" : "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-2693", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2693" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-1854-1", ]
"refsource" : "UBUNTU", }
"url" : "http://www.ubuntu.com/usn/USN-1854-1" ]
} },
] "references": {
} "reference_data": [
} {
"name": "USN-1854-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1854-1"
},
{
"name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"
},
{
"name": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23",
"refsource": "CONFIRM",
"url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
},
{
"name": "DSA-2693",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2693"
}
]
}
}

430
2013/2xxx/CVE-2013-2424.json
View File

@ -1,217 +1,217 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-2424", "ID": "CVE-2013-2424",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"insufficient class access checks\" when \"creating new instances\" using MBeanInstantiator."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released!", "description_data": [
"refsource" : "MLIST", {
"url" : "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"insufficient class access checks\" when \"creating new instances\" using MBeanInstantiator."
{ }
"name" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/da1867780fc9", ]
"refsource" : "MISC", },
"url" : "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/da1867780fc9" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=952509", "description": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=952509" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" ]
}, },
{ "references": {
"name" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/" "name": "oval:org.mitre.oval:def:19594",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19594"
"name" : "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/", },
"refsource" : "CONFIRM", {
"url" : "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/" "name": "SUSE-SU-2013:0835",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html"
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124", },
"refsource" : "CONFIRM", {
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124" "name": "GLSA-201406-32",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130", },
"refsource" : "CONFIRM", {
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130" "name": "[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released!",
}, "refsource": "MLIST",
{ "url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html"
"name" : "APPLE-SA-2013-04-16-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html" "name": "SUSE-SU-2013:0871",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html"
"name" : "GLSA-201406-32", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" "name": "RHSA-2013:0758",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0758.html"
"name" : "HPSBUX02889", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=952509",
}, "refsource": "MISC",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=952509"
"name" : "SSRT101252", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2" "name": "APPLE-SA-2013-04-16-2",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html"
"name" : "HPSBUX02922", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" "name": "MDVSA-2013:145",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145"
"name" : "SSRT101305", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880" "name": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/da1867780fc9",
}, "refsource": "MISC",
{ "url": "http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/da1867780fc9"
"name" : "MDVSA-2013:145", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145" "name": "TA13-107A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/ncas/alerts/TA13-107A"
"name" : "MDVSA-2013:161", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161" "name": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/",
}, "refsource": "CONFIRM",
{ "url": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/"
"name" : "RHSA-2013:0752", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0752.html" "name": "SSRT101252",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2"
"name" : "RHSA-2013:0757", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0757.html" "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130",
}, "refsource": "CONFIRM",
{ "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130"
"name" : "RHSA-2013:0758", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0758.html" "name": "RHSA-2013:1455",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
"name" : "RHSA-2013:1455", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" "name": "SSRT101305",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880"
"name" : "RHSA-2013:1456", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" "name": "RHSA-2013:0757",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html"
"name" : "SUSE-SU-2013:0814", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html" "name": "HPSBUX02922",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880"
"name" : "openSUSE-SU-2013:0777", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html" "name": "oval:org.mitre.oval:def:16314",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16314"
"name" : "SUSE-SU-2013:0835", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html" "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124",
}, "refsource": "CONFIRM",
{ "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124"
"name" : "SUSE-SU-2013:0871", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html" "name": "openSUSE-SU-2013:0777",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html"
"name" : "openSUSE-SU-2013:0964", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html" "name": "MDVSA-2013:161",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161"
"name" : "USN-1806-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1806-1" "name": "openSUSE-SU-2013:0964",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html"
"name" : "TA13-107A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-107A" "name": "RHSA-2013:0752",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0752.html"
"name" : "59159", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/59159" "name": "oval:org.mitre.oval:def:19656",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19656"
"name" : "oval:org.mitre.oval:def:16314", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16314" "name": "59159",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/59159"
"name" : "oval:org.mitre.oval:def:19594", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19594" "name": "USN-1806-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1806-1"
"name" : "oval:org.mitre.oval:def:19656", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19656" "name": "RHSA-2013:1456",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
} },
} {
"name": "SUSE-SU-2013:0814",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html"
},
{
"name": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/",
"refsource": "CONFIRM",
"url": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/"
},
{
"name": "HPSBUX02889",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2"
}
]
}
}

120
2013/2xxx/CVE-2013-2645.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2645", "ID": "CVE-2013-2645",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka \"FTP directory traversal\") to /tmp via the shareEntire parameter to userRpm/NasFtpCfgRpm.htm, (2) change the FTP administrative password via the nas_admin_pwd parameter to userRpm/NasUserAdvRpm.htm, (3) enable FTP on the WAN interface via the internetA parameter to userRpm/NasFtpCfgRpm.htm, (4) launch the FTP service via the startFtp parameter to userRpm/NasFtpCfgRpm.htm, or (5) enable or disable bandwidth limits via the QoSCtrl parameter to userRpm/QoSCfgRpm.htm."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://securityevaluators.com/knowledge/case_studies/routers/tp-link_wr1043n.php", "description_data": [
"refsource" : "MISC", {
"url" : "http://securityevaluators.com/knowledge/case_studies/routers/tp-link_wr1043n.php" "lang": "eng",
} "value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka \"FTP directory traversal\") to /tmp via the shareEntire parameter to userRpm/NasFtpCfgRpm.htm, (2) change the FTP administrative password via the nas_admin_pwd parameter to userRpm/NasUserAdvRpm.htm, (3) enable FTP on the WAN interface via the internetA parameter to userRpm/NasFtpCfgRpm.htm, (4) launch the FTP service via the startFtp parameter to userRpm/NasFtpCfgRpm.htm, or (5) enable or disable bandwidth limits via the QoSCtrl parameter to userRpm/QoSCfgRpm.htm."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://securityevaluators.com/knowledge/case_studies/routers/tp-link_wr1043n.php",
"refsource": "MISC",
"url": "http://securityevaluators.com/knowledge/case_studies/routers/tp-link_wr1043n.php"
}
]
}
}

34
2017/11xxx/CVE-2017-11138.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11138", "ID": "CVE-2017-11138",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/11xxx/CVE-2017-11167.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11167", "ID": "CVE-2017-11167",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager \"Add Site\" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.03sec.com/3169.shtml", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.03sec.com/3169.shtml" "lang": "eng",
} "value": "FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager \"Add Site\" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.03sec.com/3169.shtml",
"refsource": "MISC",
"url": "http://www.03sec.com/3169.shtml"
}
]
}
}

150
2017/11xxx/CVE-2017-11383.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@trendmicro.com", "ASSIGNER": "security@trendmicro.com",
"ID" : "CVE-2017-11383", "ID": "CVE-2017-11383",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-493", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-493" "lang": "eng",
}, "value": "SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560."
{ }
"name" : "https://success.trendmicro.com/solution/1117722", ]
"refsource" : "MISC", },
"url" : "https://success.trendmicro.com/solution/1117722" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "100078", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100078" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1039049", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1039049" ]
} },
] "references": {
} "reference_data": [
} {
"name": "100078",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100078"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-17-493",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-17-493"
},
{
"name": "1039049",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039049"
},
{
"name": "https://success.trendmicro.com/solution/1117722",
"refsource": "MISC",
"url": "https://success.trendmicro.com/solution/1117722"
}
]
}
}

120
2017/11xxx/CVE-2017-11500.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11500", "ID": "CVE-2017-11500",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blackwolfsec.cc/2017/07/20/Metinfo-directory-traversal-bypass/", "description_data": [
"refsource" : "MISC", {
"url" : "http://blackwolfsec.cc/2017/07/20/Metinfo-directory-traversal-bypass/" "lang": "eng",
} "value": "A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blackwolfsec.cc/2017/07/20/Metinfo-directory-traversal-bypass/",
"refsource": "MISC",
"url": "http://blackwolfsec.cc/2017/07/20/Metinfo-directory-traversal-bypass/"
}
]
}
}

150
2017/14xxx/CVE-2017-14225.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14225", "ID": "CVE-2017-14225",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.)"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2" "lang": "eng",
}, "value": "The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.)"
{ }
"name" : "https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2017-August/215198.html", ]
"refsource" : "MISC", },
"url" : "https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2017-August/215198.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3996", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3996" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "100704", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/100704" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2",
"refsource": "MISC",
"url": "https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2"
},
{
"name": "100704",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100704"
},
{
"name": "https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2017-August/215198.html",
"refsource": "MISC",
"url": "https://lists.ffmpeg.org/pipermail/ffmpeg-devel/2017-August/215198.html"
},
{
"name": "DSA-3996",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3996"
}
]
}
}

120
2017/14xxx/CVE-2017-14307.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14307", "ID": "CVE-2017-14307",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77400000!TpAllocCleanupGroup+0x0000000000000402.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14307", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14307" "lang": "eng",
} "value": "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77400000!TpAllocCleanupGroup+0x0000000000000402.\""
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14307",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14307"
}
]
}
}

140
2017/14xxx/CVE-2017-14322.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14322", "ID": "CVE-2017-14322",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44513", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44513/" "lang": "eng",
}, "value": "The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a specially crafted value."
{ }
"name" : "20171017 [CVE-2017-14322] Interspire Email Marketer - Remote Admin Authentication Bypass", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2017/Oct/39" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://security.infoteam.ch/en/blog/posts/narrative-of-an-incident-response-from-compromise-to-the-publication-of-the-weakness.html", "description": [
"refsource" : "MISC", {
"url" : "https://security.infoteam.ch/en/blog/posts/narrative-of-an-incident-response-from-compromise-to-the-publication-of-the-weakness.html" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "44513",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44513/"
},
{
"name": "20171017 [CVE-2017-14322] Interspire Email Marketer - Remote Admin Authentication Bypass",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Oct/39"
},
{
"name": "https://security.infoteam.ch/en/blog/posts/narrative-of-an-incident-response-from-compromise-to-the-publication-of-the-weakness.html",
"refsource": "MISC",
"url": "https://security.infoteam.ch/en/blog/posts/narrative-of-an-incident-response-from-compromise-to-the-publication-of-the-weakness.html"
}
]
}
}

140
2017/14xxx/CVE-2017-14369.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security_alert@emc.com", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2017-14369", "ID": "CVE-2017-14369",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "RSA Archer GRC Platform prior to 6.2.0.5", "product_name": "RSA Archer GRC Platform prior to 6.2.0.5",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "RSA Archer GRC Platform prior to 6.2.0.5" "version_value": "RSA Archer GRC Platform prior to 6.2.0.5"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege Escalation Vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://seclists.org/fulldisclosure/2017/Oct/12", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://seclists.org/fulldisclosure/2017/Oct/12" "lang": "eng",
}, "value": "RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records."
{ }
"name" : "101195", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101195" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039518", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039518" "lang": "eng",
} "value": "Privilege Escalation Vulnerability"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "101195",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101195"
},
{
"name": "1039518",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039518"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Oct/12",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Oct/12"
}
]
}
}

140
2017/14xxx/CVE-2017-14378.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security_alert@emc.com", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2017-14378", "ID": "CVE-2017-14378",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "RSA Authentication Agent SDK RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C", "product_name": "RSA Authentication Agent SDK RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "RSA Authentication Agent SDK RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C" "version_value": "RSA Authentication Agent SDK RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an \"Error Handling Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Error Handling Vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://seclists.org/fulldisclosure/2017/Nov/48", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://seclists.org/fulldisclosure/2017/Nov/48" "lang": "eng",
}, "value": "EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an \"Error Handling Vulnerability.\""
{ }
"name" : "101979", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101979" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039877", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039877" "lang": "eng",
} "value": "Error Handling Vulnerability"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1039877",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039877"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Nov/48",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Nov/48"
},
{
"name": "101979",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101979"
}
]
}
}

180
2017/14xxx/CVE-2017-14489.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14489", "ID": "CVE-2017-14489",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42932", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42932/" "lang": "eng",
}, "value": "The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1490421", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1490421" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://patchwork.kernel.org/patch/9923803/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://patchwork.kernel.org/patch/9923803/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3981", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2017/dsa-3981" ]
}, },
{ "references": {
"name" : "USN-3583-1", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3583-1/" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1490421",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490421"
"name" : "USN-3583-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3583-2/" "name": "USN-3583-2",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3583-2/"
"name" : "101011", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/101011" "name": "https://patchwork.kernel.org/patch/9923803/",
} "refsource": "CONFIRM",
] "url": "https://patchwork.kernel.org/patch/9923803/"
} },
} {
"name": "DSA-3981",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3981"
},
{
"name": "USN-3583-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-1/"
},
{
"name": "101011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101011"
},
{
"name": "42932",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42932/"
}
]
}
}

120
2017/14xxx/CVE-2017-14561.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14561", "ID": "CVE-2017-14561",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an \"Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000048c024d called from STDUXPSFile!DllUnregisterServer+0x0000000000025638.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14561", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14561" "lang": "eng",
} "value": "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an \"Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000048c024d called from STDUXPSFile!DllUnregisterServer+0x0000000000025638.\""
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14561",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14561"
}
]
}
}

120
2017/15xxx/CVE-2017-15044.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15044", "ID": "CVE-2017-15044",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access control features of the DocuWare user interfaces and API. An attacker can also gain privileges by modifying text. The default installation is unsafe because the server listens on the network interface, not the localhost interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.securityfocus.com/archive/1/541548", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.securityfocus.com/archive/1/541548" "lang": "eng",
} "value": "The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access control features of the DocuWare user interfaces and API. An attacker can also gain privileges by modifying text. The default installation is unsafe because the server listens on the network interface, not the localhost interface."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/archive/1/541548",
"refsource": "MISC",
"url": "http://www.securityfocus.com/archive/1/541548"
}
]
}
}

120
2017/15xxx/CVE-2017-15251.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15251", "ID": "CVE-2017-15251",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to \"Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x00000000000e7326.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15251", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15251" "lang": "eng",
} "value": "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to \"Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x00000000000e7326.\""
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15251",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15251"
}
]
}
}

34
2017/15xxx/CVE-2017-15421.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15421", "ID": "CVE-2017-15421",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

134
2017/15xxx/CVE-2017-15717.json
View File

@ -1,69 +1,69 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"DATE_PUBLIC" : "2018-01-10T00:00:00", "DATE_PUBLIC": "2018-01-10T00:00:00",
"ID" : "CVE-2017-15717", "ID": "CVE-2017-15717",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache Sling", "product_name": "Apache Sling",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "XSS Protection API 1.0.4 to 1.0.18" "version_value": "XSS Protection API 1.0.4 to 1.0.18"
}, },
{ {
"version_value" : "XSS Protection API Compat 1.1.0" "version_value": "XSS Protection API Compat 1.1.0"
}, },
{ {
"version_value" : "XSS Protection API 2.0.0" "version_value": "XSS Protection API 2.0.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient XSS protection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[users] 20180110 CVE-2017-15717: Insufficient XSS protection for HREF attributes in Apache Sling XSS Protection API", "description_data": [
"refsource" : "MLIST", {
"url" : "https://s.apache.org/CVE-2017-15717" "lang": "eng",
} "value": "A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient XSS protection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[users] 20180110 CVE-2017-15717: Insufficient XSS protection for HREF attributes in Apache Sling XSS Protection API",
"refsource": "MLIST",
"url": "https://s.apache.org/CVE-2017-15717"
}
]
}
}

34
2017/15xxx/CVE-2017-15819.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15819", "ID": "CVE-2017-15819",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/8xxx/CVE-2017-8019.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security_alert@emc.com", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2017-8019", "ID": "CVE-2017-8019",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "EMC ScaleIO EMC ScaleIO 2.0.1.x version family (2.0.1.3, 2.0.1.2, 2.0.1.1, 2.0.1)", "product_name": "EMC ScaleIO EMC ScaleIO 2.0.1.x version family (2.0.1.3, 2.0.1.2, 2.0.1.1, 2.0.1)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "EMC ScaleIO EMC ScaleIO 2.0.1.x version family (2.0.1.3, 2.0.1.2, 2.0.1.1, 2.0.1)" "version_value": "EMC ScaleIO EMC ScaleIO 2.0.1.x version family (2.0.1.3, 2.0.1.2, 2.0.1.1, 2.0.1)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://seclists.org/fulldisclosure/2017/Nov/35", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://seclists.org/fulldisclosure/2017/Nov/35" "lang": "eng",
}, "value": "An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation."
{ }
"name" : "101991", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101991" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101991",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101991"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Nov/35",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Nov/35"
}
]
}
}

122
2017/8xxx/CVE-2017-8183.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00", "DATE_PUBLIC": "2017-11-15T00:00:00",
"ID" : "CVE-2017-8183", "ID": "CVE-2017-8183",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Nice-AL00", "product_name": "Nice-AL00",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Earlier than Nice-AL00C00B160 versions, Earlier than Nice-AL10C00B140 versions" "version_value": "Earlier than Nice-AL00C00B160 versions, Earlier than Nice-AL10C00B140 versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to cause to any memory access vulnerabilities, leading to sensitive information leakage."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "any memory access"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-mtk-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-mtk-en" "lang": "eng",
} "value": "MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given parameter to cause to any memory access vulnerabilities, leading to sensitive information leakage."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "any memory access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-mtk-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-mtk-en"
}
]
}
}

34
2017/8xxx/CVE-2017-8429.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8429", "ID": "CVE-2017-8429",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2017/9xxx/CVE-2017-9037.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9037", "ID": "CVE-2017-9037",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) S44, (2) S5, (3) S_action_fail, (4) S_ptn_update, (5) T113, (6) T114, (7) T115, (8) T117117, (9) T118, (10) T_action_fail, (11) T_ptn_update, (12) textarea, (13) textfield5, or (14) tmLastConfigFileModifiedDate parameter to notification.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20170523 [CORE-2017-0002] - Trend Micro ServerProtect Multiple Vulnerabilities", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2017/May/91" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) S44, (2) S5, (3) S_action_fail, (4) S_ptn_update, (5) T113, (6) T114, (7) T115, (8) T117117, (9) T118, (10) T_action_fail, (11) T_ptn_update, (12) textarea, (13) textfield5, or (14) tmLastConfigFileModifiedDate parameter to notification.cgi."
{ }
"name" : "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities", "description": [
"refsource" : "MISC", {
"url" : "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://success.trendmicro.com/solution/1117411", ]
"refsource" : "CONFIRM", }
"url" : "https://success.trendmicro.com/solution/1117411" ]
}, },
{ "references": {
"name" : "1038548", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038548" "name": "1038548",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1038548"
} },
} {
"name": "https://success.trendmicro.com/solution/1117411",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1117411"
},
{
"name": "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities"
},
{
"name": "20170523 [CORE-2017-0002] - Trend Micro ServerProtect Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/May/91"
},
{
"name": "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html"
}
]
}
}

34
2017/9xxx/CVE-2017-9322.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-9322", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-9322",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

124
2018/1000xxx/CVE-2018-1000032.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-02-01 0:00:00", "DATE_ASSIGNED": "2018-02-01 0:00:00",
"ID" : "CVE-2018-1000032", "ID": "CVE-2018-1000032",
"REQUESTER" : "research@sec-consult.com", "REQUESTER": "research@sec-consult.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "UnZip", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.10c22" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "InfoZip" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap-based Buffer Overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html" "lang": "eng",
} "value": "A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html",
"refsource": "MISC",
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html"
}
]
}
}

124
2018/1000xxx/CVE-2018-1000143.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-04-05", "DATE_ASSIGNED": "2018-04-05",
"ID" : "CVE-2018-1000143", "ID": "CVE-2018-1000143",
"REQUESTER" : "ml@beckweb.net", "REQUESTER": "ml@beckweb.net",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Jenkins GitHub Pull Request Builder Plugin", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.32.0 and older" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Jenkins project" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-260"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-262", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-262" "lang": "eng",
} "value": "An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system access to obtain GitHub credentials."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-262",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-262"
}
]
}
}

136
2018/1000xxx/CVE-2018-1000827.json
View File

@ -1,70 +1,70 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-11-27T13:54:33.464248", "DATE_ASSIGNED": "2018-11-27T13:54:33.464248",
"DATE_REQUESTED" : "2018-10-28T03:56:49", "DATE_REQUESTED": "2018-10-28T03:56:49",
"ID" : "CVE-2018-1000827", "ID": "CVE-2018-1000827",
"REQUESTER" : "sajeeb@0dd.zone", "REQUESTER": "sajeeb@0dd.zone",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Ubilling", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "<= 0.9.2" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Ubilling" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ubilling version <= 0.9.2 contains a Other/Unknown vulnerability in user-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Other/Unknown"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://0dd.zone/2018/10/28/ubilling-Object-Injection/", "description_data": [
"refsource" : "MISC", {
"url" : "https://0dd.zone/2018/10/28/ubilling-Object-Injection/" "lang": "eng",
}, "value": "Ubilling version <= 0.9.2 contains a Other/Unknown vulnerability in user-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution."
{ }
"name" : "https://github.com/nightflyza/Ubilling/issues/330", ]
"refsource" : "MISC", },
"url" : "https://github.com/nightflyza/Ubilling/issues/330" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://0dd.zone/2018/10/28/ubilling-Object-Injection/",
"refsource": "MISC",
"url": "https://0dd.zone/2018/10/28/ubilling-Object-Injection/"
},
{
"name": "https://github.com/nightflyza/Ubilling/issues/330",
"refsource": "MISC",
"url": "https://github.com/nightflyza/Ubilling/issues/330"
}
]
}
}

34
2018/12xxx/CVE-2018-12297.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12297", "ID": "CVE-2018-12297",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2018/12xxx/CVE-2018-12564.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12564", "ID": "CVE-2018-12564",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180628 [SECURITY] [DLA 1404-1] lava-server security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00011.html" "lang": "eng",
}, "value": "An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml."
{ }
"name" : "https://git.linaro.org/lava/lava.git/commit/?id=95a9a77b144ced24d7425d6544ab03ca7f6c75d3", ]
"refsource" : "CONFIRM", },
"url" : "https://git.linaro.org/lava/lava.git/commit/?id=95a9a77b144ced24d7425d6544ab03ca7f6c75d3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4234", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4234" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180628 [SECURITY] [DLA 1404-1] lava-server security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00011.html"
},
{
"name": "DSA-4234",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4234"
},
{
"name": "https://git.linaro.org/lava/lava.git/commit/?id=95a9a77b144ced24d7425d6544ab03ca7f6c75d3",
"refsource": "CONFIRM",
"url": "https://git.linaro.org/lava/lava.git/commit/?id=95a9a77b144ced24d7425d6544ab03ca7f6c75d3"
}
]
}
}

34
2018/12xxx/CVE-2018-12570.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12570", "ID": "CVE-2018-12570",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/13xxx/CVE-2018-13269.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-13269", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-13269",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
} }
] ]
} }
} }

130
2018/13xxx/CVE-2018-13465.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13465", "ID": "CVE-2018-13465",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for PaulyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for PaulyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PaulyCoin", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PaulyCoin" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PaulyCoin",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PaulyCoin"
}
]
}
}

130
2018/13xxx/CVE-2018-13669.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13669", "ID": "CVE-2018-13669",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for NCU, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for NCU, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NCU", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NCU" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NCU",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NCU"
}
]
}
}

130
2018/16xxx/CVE-2018-16007.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-16007", "ID": "CVE-2018-16007",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure."
{ }
"name" : "106160", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106160" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
},
{
"name": "106160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106160"
}
]
}
}

130
2018/16xxx/CVE-2018-16040.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-16040", "ID": "CVE-2018-16040",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution."
{ }
"name" : "106164", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106164" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106164",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106164"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
}
]
}
}

34
2018/16xxx/CVE-2018-16086.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16086", "ID": "CVE-2018-16086",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/16xxx/CVE-2018-16402.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16402", "ID": "CVE-2018-16402",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23528", "description_data": [
"refsource" : "MISC", {
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23528" "lang": "eng",
} "value": "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23528",
"refsource": "MISC",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23528"
}
]
}
}

120
2018/16xxx/CVE-2018-16548.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16548", "ID": "CVE-2018-16548",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/gdraheim/zziplib/issues/58", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/gdraheim/zziplib/issues/58" "lang": "eng",
} "value": "An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gdraheim/zziplib/issues/58",
"refsource": "MISC",
"url": "https://github.com/gdraheim/zziplib/issues/58"
}
]
}
}

34
2018/16xxx/CVE-2018-16690.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16690", "ID": "CVE-2018-16690",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/4xxx/CVE-2018-4575.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4575", "ID": "CVE-2018-4575",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/4xxx/CVE-2018-4694.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4694", "ID": "CVE-2018-4694",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/4xxx/CVE-2018-4710.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4710", "ID": "CVE-2018-4710",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }