admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:35:54 +00:00
parent 4d78789d60
commit 81235666a4
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
63 changed files with 4021 additions and 4021 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

350
2004/0xxx/CVE-2004-0177.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0177",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "CLA-2004:846",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846"
},
{
"name" : "DSA-479",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-479"
},
{
"name" : "DSA-480",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-480"
},
{
"name" : "DSA-481",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-481"
},
{
"name" : "DSA-482",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-482"
},
{
"name" : "DSA-489",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-489"
},
{
"name" : "DSA-491",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-491"
},
{
"name" : "DSA-495",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-495"
},
{
"name" : "ESA-20040428-004",
"refsource" : "ENGARDE",
"url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html"
},
{
"name" : "FLSA:2336",
"refsource" : "FEDORA",
"url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2336"
},
{
"name" : "GLSA-200407-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200407-02.xml"
},
{
"name" : "MDKSA-2004:029",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:029"
},
{
"name" : "RHSA-2004:166",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2004-166.html"
},
{
"name" : "RHSA-2005:293",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-293.html"
},
{
"name" : "RHSA-2004:504",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-504.html"
},
{
"name" : "RHSA-2004:505",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-505.html"
},
{
"name" : "2004-0020",
"refsource" : "TRUSTIX",
"url" : "http://marc.info/?l=bugtraq&m=108213675028441&w=2"
},
{
"name" : "http://linux.bkbits.net:8080/linux-2.4/cset@4056b368s6vpJbGWxDD_LhQNYQrdzQ",
"refsource" : "MISC",
"url" : "http://linux.bkbits.net:8080/linux-2.4/cset@4056b368s6vpJbGWxDD_LhQNYQrdzQ"
},
{
"name" : "O-121",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/o-121.shtml"
},
{
"name" : "O-126",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/o-126.shtml"
},
{
"name" : "O-127",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/o-127.shtml"
},
{
"name" : "10152",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10152"
},
{
"name" : "oval:org.mitre.oval:def:10556",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556"
},
{
"name" : "linux-ext3-info-disclosure(15867)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15867"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "O-127",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-127.shtml"
},
{
"name": "2004-0020",
"refsource": "TRUSTIX",
"url": "http://marc.info/?l=bugtraq&m=108213675028441&w=2"
},
{
"name": "FLSA:2336",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2336"
},
{
"name": "DSA-482",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-482"
},
{
"name": "DSA-495",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-495"
},
{
"name": "DSA-479",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-479"
},
{
"name": "linux-ext3-info-disclosure(15867)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15867"
},
{
"name": "DSA-480",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-480"
},
{
"name": "10152",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10152"
},
{
"name": "CLA-2004:846",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846"
},
{
"name": "DSA-489",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-489"
},
{
"name": "DSA-481",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-481"
},
{
"name": "oval:org.mitre.oval:def:10556",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10556"
},
{
"name": "RHSA-2005:293",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-293.html"
},
{
"name": "ESA-20040428-004",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html"
},
{
"name": "RHSA-2004:505",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-505.html"
},
{
"name": "O-121",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-121.shtml"
},
{
"name": "O-126",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-126.shtml"
},
{
"name": "RHSA-2004:504",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-504.html"
},
{
"name": "MDKSA-2004:029",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:029"
},
{
"name": "GLSA-200407-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200407-02.xml"
},
{
"name": "RHSA-2004:166",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2004-166.html"
},
{
"name": "http://linux.bkbits.net:8080/linux-2.4/cset@4056b368s6vpJbGWxDD_LhQNYQrdzQ",
"refsource": "MISC",
"url": "http://linux.bkbits.net:8080/linux-2.4/cset@4056b368s6vpJbGWxDD_LhQNYQrdzQ"
},
{
"name": "DSA-491",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-491"
}
]
}
}

34
2004/1xxx/CVE-2004-1246.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1246",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1246",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2004/1xxx/CVE-2004-1466.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1466",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted, if the temporary directory is under the web root."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040817 Gallery 1.4.4 save_photos.php PHP Insertion Proof of Concept",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0757.html"
},
{
"name" : "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=134&mode=thread&order=0&thold=0",
"refsource" : "CONFIRM",
"url" : "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=134&mode=thread&order=0&thold=0"
},
{
"name" : "GLSA-200409-05",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200409-05.xml"
},
{
"name" : "10968",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10968"
},
{
"name" : "gallery-savephotos-file-upload(17021)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17021"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted, if the temporary directory is under the web root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10968"
},
{
"name": "gallery-savephotos-file-upload(17021)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17021"
},
{
"name": "20040817 Gallery 1.4.4 save_photos.php PHP Insertion Proof of Concept",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0757.html"
},
{
"name": "GLSA-200409-05",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-05.xml"
},
{
"name": "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=134&mode=thread&order=0&thold=0",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=134&mode=thread&order=0&thold=0"
}
]
}
}

160
2004/1xxx/CVE-2004-1847.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1847",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040322 Vulnerabilities in News Manager Lite 2.5 & News Manager Lite administration",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107999733503496&w=2"
},
{
"name" : "9935",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9935"
},
{
"name" : "1009507",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1009507"
},
{
"name" : "11180",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11180"
},
{
"name" : "news-manager-admin-access(15550)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15550"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11180",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11180"
},
{
"name": "9935",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9935"
},
{
"name": "1009507",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009507"
},
{
"name": "news-manager-admin-access(15550)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15550"
},
{
"name": "20040322 Vulnerabilities in News Manager Lite 2.5 & News Manager Lite administration",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107999733503496&w=2"
}
]
}
}

150
2004/1xxx/CVE-2004-1874.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1874",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user information forms."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040329 A-CART Pro & A-CART 2.0 Input Validation Holes",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108057887008983&w=2"
},
{
"name" : "9997",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9997"
},
{
"name" : "11236",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11236"
},
{
"name" : "acart-deliverasp-billingasp-xss(15660)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15660"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user information forms."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040329 A-CART Pro & A-CART 2.0 Input Validation Holes",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108057887008983&w=2"
},
{
"name": "11236",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11236"
},
{
"name": "9997",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9997"
},
{
"name": "acart-deliverasp-billingasp-xss(15660)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15660"
}
]
}
}

120
2004/1xxx/CVE-2004-1891.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1891",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ftp_syslog function in ftpd in SGI IRIX 6.5.20 \"doesn't work with anonymous FTP,\" which has an unknown impact, possibly preventing the actions of anonymous users from being logged."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040401-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040401-01-P.asc"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ftp_syslog function in ftpd in SGI IRIX 6.5.20 \"doesn't work with anonymous FTP,\" which has an unknown impact, possibly preventing the actions of anonymous users from being logged."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040401-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040401-01-P.asc"
}
]
}
}

180
2008/3xxx/CVE-2008-3317.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3317",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6066",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6066"
},
{
"name" : "http://www.maianscriptworld.co.uk/free-php-scripts/maian-search/development/index.html",
"refsource" : "CONFIRM",
"url" : "http://www.maianscriptworld.co.uk/free-php-scripts/maian-search/development/index.html"
},
{
"name" : "http://www.maianscriptworld.co.uk/news.html",
"refsource" : "CONFIRM",
"url" : "http://www.maianscriptworld.co.uk/news.html"
},
{
"name" : "30211",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30211"
},
{
"name" : "31075",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31075"
},
{
"name" : "4042",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4042"
},
{
"name" : "maiansearch-index-security-bypass(43753)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43753"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.maianscriptworld.co.uk/news.html",
"refsource": "CONFIRM",
"url": "http://www.maianscriptworld.co.uk/news.html"
},
{
"name": "6066",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6066"
},
{
"name": "31075",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31075"
},
{
"name": "4042",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4042"
},
{
"name": "http://www.maianscriptworld.co.uk/free-php-scripts/maian-search/development/index.html",
"refsource": "CONFIRM",
"url": "http://www.maianscriptworld.co.uk/free-php-scripts/maian-search/development/index.html"
},
{
"name": "30211",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30211"
},
{
"name": "maiansearch-index-security-bypass(43753)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43753"
}
]
}
}

210
2008/3xxx/CVE-2008-3631.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3631",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3129",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3129"
},
{
"name" : "http://support.apple.com/kb/HT3026",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3026"
},
{
"name" : "APPLE-SA-2008-09-09",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
},
{
"name" : "APPLE-SA-2008-09-12",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
},
{
"name" : "31092",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31092"
},
{
"name" : "ADV-2008-2558",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2558"
},
{
"name" : "ADV-2008-2525",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2525"
},
{
"name" : "1020846",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020846"
},
{
"name" : "31900",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31900"
},
{
"name" : "31823",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31823"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2525",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2525"
},
{
"name": "1020846",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020846"
},
{
"name": "http://support.apple.com/kb/HT3026",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3026"
},
{
"name": "http://support.apple.com/kb/HT3129",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3129"
},
{
"name": "APPLE-SA-2008-09-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
},
{
"name": "31823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31823"
},
{
"name": "ADV-2008-2558",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2558"
},
{
"name": "31900",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31900"
},
{
"name": "31092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31092"
},
{
"name": "APPLE-SA-2008-09-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
}
]
}
}

210
2008/3xxx/CVE-2008-3794.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3794",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6293",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6293"
},
{
"name" : "[oss-security] 20080824 Re: CVE id request: vlc",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/08/24/3"
},
{
"name" : "[vlc-devel] 20080824 commit: MMS integers handling fixes, including buffer overflow ( Rémi Denis-Courmont )",
"refsource" : "MLIST",
"url" : "http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488.html"
},
{
"name" : "http://www.orange-bat.com/adv/2008/adv.08.24.txt",
"refsource" : "MISC",
"url" : "http://www.orange-bat.com/adv/2008/adv.08.24.txt"
},
{
"name" : "GLSA-200809-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200809-06.xml"
},
{
"name" : "30806",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30806"
},
{
"name" : "oval:org.mitre.oval:def:14531",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14531"
},
{
"name" : "1020759",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020759"
},
{
"name" : "4190",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4190"
},
{
"name" : "vlcmediaplayer-memmove-bo(44659)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44659"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.orange-bat.com/adv/2008/adv.08.24.txt",
"refsource": "MISC",
"url": "http://www.orange-bat.com/adv/2008/adv.08.24.txt"
},
{
"name": "30806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30806"
},
{
"name": "oval:org.mitre.oval:def:14531",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14531"
},
{
"name": "[vlc-devel] 20080824 commit: MMS integers handling fixes, including buffer overflow ( R\u00e9mi Denis-Courmont )",
"refsource": "MLIST",
"url": "http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048488.html"
},
{
"name": "6293",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6293"
},
{
"name": "vlcmediaplayer-memmove-bo(44659)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44659"
},
{
"name": "1020759",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020759"
},
{
"name": "4190",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4190"
},
{
"name": "[oss-security] 20080824 Re: CVE id request: vlc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/08/24/3"
},
{
"name": "GLSA-200809-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200809-06.xml"
}
]
}
}

330
2008/3xxx/CVE-2008-3873.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3873",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blogs.zdnet.com/security/?p=1733",
"refsource" : "MISC",
"url" : "http://blogs.zdnet.com/security/?p=1733"
},
{
"name" : "http://blogs.zdnet.com/security/?p=1759",
"refsource" : "MISC",
"url" : "http://blogs.zdnet.com/security/?p=1759"
},
{
"name" : "http://blogs.adobe.com/psirt/2008/08/clipboard_attack.html",
"refsource" : "CONFIRM",
"url" : "http://blogs.adobe.com/psirt/2008/08/clipboard_attack.html"
},
{
"name" : "http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb08-18.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb08-18.html"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
},
{
"name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=",
"refsource" : "CONFIRM",
"url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid="
},
{
"name" : "GLSA-200903-23",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200903-23.xml"
},
{
"name" : "RHSA-2008:0945",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0945.html"
},
{
"name" : "RHSA-2008:0980",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
},
{
"name" : "248586",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
},
{
"name" : "SUSE-SR:2008:025",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
},
{
"name" : "31117",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31117"
},
{
"name" : "34226",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34226"
},
{
"name" : "ADV-2008-2838",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2838"
},
{
"name" : "1020724",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1020724"
},
{
"name" : "32448",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32448"
},
{
"name" : "32759",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32759"
},
{
"name" : "32702",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32702"
},
{
"name" : "33390",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33390"
},
{
"name" : "adobe-flash-setclipboard-hijacking(44584)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44584"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=",
"refsource": "CONFIRM",
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid="
},
{
"name": "33390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33390"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb08-18.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb08-18.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
},
{
"name": "32702",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32702"
},
{
"name": "adobe-flash-setclipboard-hijacking(44584)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44584"
},
{
"name": "http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes.html"
},
{
"name": "http://blogs.adobe.com/psirt/2008/08/clipboard_attack.html",
"refsource": "CONFIRM",
"url": "http://blogs.adobe.com/psirt/2008/08/clipboard_attack.html"
},
{
"name": "34226",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34226"
},
{
"name": "ADV-2008-2838",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2838"
},
{
"name": "http://blogs.zdnet.com/security/?p=1733",
"refsource": "MISC",
"url": "http://blogs.zdnet.com/security/?p=1733"
},
{
"name": "GLSA-200903-23",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
},
{
"name": "1020724",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020724"
},
{
"name": "32759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32759"
},
{
"name": "RHSA-2008:0945",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0945.html"
},
{
"name": "RHSA-2008:0980",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
},
{
"name": "31117",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31117"
},
{
"name": "248586",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
},
{
"name": "32448",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32448"
},
{
"name": "SUSE-SR:2008:025",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
},
{
"name": "http://blogs.zdnet.com/security/?p=1759",
"refsource": "MISC",
"url": "http://blogs.zdnet.com/security/?p=1759"
}
]
}
}

250
2008/4xxx/CVE-2008-4178.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4178",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6946",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6946"
},
{
"name" : "6947",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6947"
},
{
"name" : "6951",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6951"
},
{
"name" : "6950",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6950"
},
{
"name" : "http://packetstorm.linuxsecurity.com/0809-exploits/categoryaddon-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstorm.linuxsecurity.com/0809-exploits/categoryaddon-sql.txt"
},
{
"name" : "http://packetstorm.linuxsecurity.com/0809-exploits/downline-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstorm.linuxsecurity.com/0809-exploits/downline-sql.txt"
},
{
"name" : "http://packetstormsecurity.org/0809-exploits/newdownline-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0809-exploits/newdownline-sql.txt"
},
{
"name" : "31169",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31169"
},
{
"name" : "ADV-2008-2992",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2992"
},
{
"name" : "ADV-2008-2994",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2994"
},
{
"name" : "ADV-2008-2995",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2995"
},
{
"name" : "31812",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31812"
},
{
"name" : "ADV-2008-2993",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2993"
},
{
"name" : "downlinegoldmine-tr-sql-injection(45128)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45128"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6947",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6947"
},
{
"name": "ADV-2008-2993",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2993"
},
{
"name": "ADV-2008-2992",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2992"
},
{
"name": "downlinegoldmine-tr-sql-injection(45128)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45128"
},
{
"name": "http://packetstorm.linuxsecurity.com/0809-exploits/downline-sql.txt",
"refsource": "MISC",
"url": "http://packetstorm.linuxsecurity.com/0809-exploits/downline-sql.txt"
},
{
"name": "31169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31169"
},
{
"name": "6950",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6950"
},
{
"name": "http://packetstorm.linuxsecurity.com/0809-exploits/categoryaddon-sql.txt",
"refsource": "MISC",
"url": "http://packetstorm.linuxsecurity.com/0809-exploits/categoryaddon-sql.txt"
},
{
"name": "6951",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6951"
},
{
"name": "ADV-2008-2995",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2995"
},
{
"name": "6946",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6946"
},
{
"name": "31812",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31812"
},
{
"name": "ADV-2008-2994",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2994"
},
{
"name": "http://packetstormsecurity.org/0809-exploits/newdownline-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0809-exploits/newdownline-sql.txt"
}
]
}
}

270
2008/4xxx/CVE-2008-4609.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4609",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[dailydave] 20081002 TCP Resource Exhaustion DoS Attack Speculation",
"refsource" : "MLIST",
"url" : "http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html"
},
{
"name" : "http://blog.robertlee.name/2008/10/conjecture-speculation.html",
"refsource" : "MISC",
"url" : "http://blog.robertlee.name/2008/10/conjecture-speculation.html"
},
{
"name" : "http://insecure.org/stf/tcp-dos-attack-explained.html",
"refsource" : "MISC",
"url" : "http://insecure.org/stf/tcp-dos-attack-explained.html"
},
{
"name" : "http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked",
"refsource" : "MISC",
"url" : "http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked"
},
{
"name" : "http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf",
"refsource" : "MISC",
"url" : "http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf"
},
{
"name" : "http://www.outpost24.com/news/news-2008-10-02.html",
"refsource" : "MISC",
"url" : "http://www.outpost24.com/news/news-2008-10-02.html"
},
{
"name" : "https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html",
"refsource" : "MISC",
"url" : "https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name" : "20081017 Cisco Response to Outpost24 TCP State Table Manipulation Denial of Service Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html"
},
{
"name" : "20090908 TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml"
},
{
"name" : "HPSBMI02473",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=125856010926699&w=2"
},
{
"name" : "SSRT080138",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=125856010926699&w=2"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "MS09-048",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048"
},
{
"name" : "TA09-251A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
},
{
"name" : "oval:org.mitre.oval:def:6340",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6340"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.robertlee.name/2008/10/conjecture-speculation.html",
"refsource": "MISC",
"url": "http://blog.robertlee.name/2008/10/conjecture-speculation.html"
},
{
"name": "https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html",
"refsource": "MISC",
"url": "https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html"
},
{
"name": "HPSBMI02473",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=125856010926699&w=2"
},
{
"name": "[dailydave] 20081002 TCP Resource Exhaustion DoS Attack Speculation",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html"
},
{
"name": "http://insecure.org/stf/tcp-dos-attack-explained.html",
"refsource": "MISC",
"url": "http://insecure.org/stf/tcp-dos-attack-explained.html"
},
{
"name": "http://www.outpost24.com/news/news-2008-10-02.html",
"refsource": "MISC",
"url": "http://www.outpost24.com/news/news-2008-10-02.html"
},
{
"name": "http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf",
"refsource": "MISC",
"url": "http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf"
},
{
"name": "20090908 TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml"
},
{
"name": "TA09-251A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name": "20081017 Cisco Response to Outpost24 TCP State Table Manipulation Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html"
},
{
"name": "MS09-048",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048"
},
{
"name": "http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked",
"refsource": "MISC",
"url": "http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked"
},
{
"name": "oval:org.mitre.oval:def:6340",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6340"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "SSRT080138",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=125856010926699&w=2"
}
]
}
}

120
2008/4xxx/CVE-2008-4724.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4724",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "31855",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31855"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31855",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31855"
}
]
}
}

150
2008/6xxx/CVE-2008-6011.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6011",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in SG Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6631",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6631"
},
{
"name" : "6634",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6634"
},
{
"name" : "31489",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31489"
},
{
"name" : "sgrealestateportal-index-sql-injection(45568)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45568"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in SG Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6631",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6631"
},
{
"name": "31489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31489"
},
{
"name": "sgrealestateportal-index-sql-injection(45568)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45568"
},
{
"name": "6634",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6634"
}
]
}
}

170
2008/6xxx/CVE-2008-6213.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6213",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in mypage.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the trg parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081030 harlandscripts Mypage.php Sql Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/497946"
},
{
"name" : "6874",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6874"
},
{
"name" : "31986",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31986"
},
{
"name" : "32467",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32467"
},
{
"name" : "ADV-2008-2964",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2964"
},
{
"name" : "protrafficone-mypage-sql-injection(46207)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46207"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in mypage.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the trg parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31986"
},
{
"name": "protrafficone-mypage-sql-injection(46207)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46207"
},
{
"name": "ADV-2008-2964",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2964"
},
{
"name": "32467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32467"
},
{
"name": "6874",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6874"
},
{
"name": "20081030 harlandscripts Mypage.php Sql Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497946"
}
]
}
}

150
2008/6xxx/CVE-2008-6245.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6245",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in track.php in Scripts For Sites (SFS) EZ BIZ PRO allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6910",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6910"
},
{
"name" : "32033",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32033"
},
{
"name" : "32552",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32552"
},
{
"name" : "ezbizpro-track-sql-injection(46280)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46280"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in track.php in Scripts For Sites (SFS) EZ BIZ PRO allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ezbizpro-track-sql-injection(46280)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46280"
},
{
"name": "6910",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6910"
},
{
"name": "32033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32033"
},
{
"name": "32552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32552"
}
]
}
}

130
2008/6xxx/CVE-2008-6344.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6344",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4"
},
{
"name" : "32981",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32981"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4"
},
{
"name": "32981",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32981"
}
]
}
}

140
2008/6xxx/CVE-2008-6837.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6837",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-3258. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.securityfocus.com/bid/30116/exploit",
"refsource" : "MISC",
"url" : "http://www.securityfocus.com/bid/30116/exploit"
},
{
"name" : "30116",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30116"
},
{
"name" : "zoph-login-sql-injection(43693)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43693"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-3258. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30116",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30116"
},
{
"name": "http://www.securityfocus.com/bid/30116/exploit",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/30116/exploit"
},
{
"name": "zoph-login-sql-injection(43693)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43693"
}
]
}
}

160
2008/6xxx/CVE-2008-6844.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6844",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7406",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7406"
},
{
"name" : "http://ez.no/developer/security/security_advisories/ez_publish_4_0/ezsa_2008_003_insufficient_form_handling_made_privilege_escalation_possible",
"refsource" : "CONFIRM",
"url" : "http://ez.no/developer/security/security_advisories/ez_publish_4_0/ezsa_2008_003_insufficient_form_handling_made_privilege_escalation_possible"
},
{
"name" : "32762",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32762"
},
{
"name" : "52708",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/52708"
},
{
"name" : "ezpublish-registration-privilege-escalation(47216)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47216"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ezpublish-registration-privilege-escalation(47216)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47216"
},
{
"name": "52708",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/52708"
},
{
"name": "32762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32762"
},
{
"name": "http://ez.no/developer/security/security_advisories/ez_publish_4_0/ezsa_2008_003_insufficient_form_handling_made_privilege_escalation_possible",
"refsource": "CONFIRM",
"url": "http://ez.no/developer/security/security_advisories/ez_publish_4_0/ezsa_2008_003_insufficient_form_handling_made_privilege_escalation_possible"
},
{
"name": "7406",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7406"
}
]
}
}

34
2008/7xxx/CVE-2008-7308.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7308",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7308",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

210
2013/2xxx/CVE-2013-2023.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2023",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to incomplete blacklists, a different vulnerability than CVE-2013-1942 and CVE-2013-2022."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130421 Vulnerabilities in jPlayer",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2013/Apr/192"
},
{
"name" : "[oss-security] 20130411 CVE-2013-1942 jPlayer 2.2.19 XSS",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=136570964825921&w=2"
},
{
"name" : "[oss-security] 20130429 Re: CVE-2013-1942 jPlayer 2.2.19 XSS",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=136726705917858&w=2"
},
{
"name" : "[oss-security] 20130505 Re: CVE-2013-1942 jPlayer 2.2.19 XSS",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=136773622321563&w=2"
},
{
"name" : "[oss-security] 20130627 Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/06/27/7"
},
{
"name" : "[oss-security] 20130704 Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/07/04/5"
},
{
"name" : "http://www.jplayer.org/latest/release-notes/",
"refsource" : "CONFIRM",
"url" : "http://www.jplayer.org/latest/release-notes/"
},
{
"name" : "https://github.com/happyworm/jPlayer/commit/8ccc429598d62eebe9f65a0a4e6fd406a123c8b4",
"refsource" : "CONFIRM",
"url" : "https://github.com/happyworm/jPlayer/commit/8ccc429598d62eebe9f65a0a4e6fd406a123c8b4"
},
{
"name" : "https://github.com/happyworm/jPlayer/commit/c2417972af1295be8dcc07470b0e3d25b0a77e0b",
"refsource" : "CONFIRM",
"url" : "https://github.com/happyworm/jPlayer/commit/c2417972af1295be8dcc07470b0e3d25b0a77e0b"
},
{
"name" : "https://github.com/happyworm/jPlayer/issues/162",
"refsource" : "CONFIRM",
"url" : "https://github.com/happyworm/jPlayer/issues/162"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to incomplete blacklists, a different vulnerability than CVE-2013-1942 and CVE-2013-2022."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/happyworm/jPlayer/commit/8ccc429598d62eebe9f65a0a4e6fd406a123c8b4",
"refsource": "CONFIRM",
"url": "https://github.com/happyworm/jPlayer/commit/8ccc429598d62eebe9f65a0a4e6fd406a123c8b4"
},
{
"name": "https://github.com/happyworm/jPlayer/commit/c2417972af1295be8dcc07470b0e3d25b0a77e0b",
"refsource": "CONFIRM",
"url": "https://github.com/happyworm/jPlayer/commit/c2417972af1295be8dcc07470b0e3d25b0a77e0b"
},
{
"name": "[oss-security] 20130505 Re: CVE-2013-1942 jPlayer 2.2.19 XSS",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=136773622321563&w=2"
},
{
"name": "[oss-security] 20130627 Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/06/27/7"
},
{
"name": "https://github.com/happyworm/jPlayer/issues/162",
"refsource": "CONFIRM",
"url": "https://github.com/happyworm/jPlayer/issues/162"
},
{
"name": "[oss-security] 20130411 CVE-2013-1942 jPlayer 2.2.19 XSS",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=136570964825921&w=2"
},
{
"name": "http://www.jplayer.org/latest/release-notes/",
"refsource": "CONFIRM",
"url": "http://www.jplayer.org/latest/release-notes/"
},
{
"name": "[oss-security] 20130704 Re: Re: CVE-2013-1942 jPlayer 2.2.19 XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/07/04/5"
},
{
"name": "20130421 Vulnerabilities in jPlayer",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Apr/192"
},
{
"name": "[oss-security] 20130429 Re: CVE-2013-1942 jPlayer 2.2.19 XSS",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=136726705917858&w=2"
}
]
}
}

34
2013/2xxx/CVE-2013-2267.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2267",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2267",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2013/2xxx/CVE-2013-2696.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2696",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-2696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://wordpress.org/extend/plugins/all-in-one-webmaster/changelog/",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/extend/plugins/all-in-one-webmaster/changelog/"
},
{
"name" : "52877",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/52877"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wordpress.org/extend/plugins/all-in-one-webmaster/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/all-in-one-webmaster/changelog/"
},
{
"name": "52877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52877"
}
]
}
}

34
2013/6xxx/CVE-2013-6269.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6269",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6269",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2013/6xxx/CVE-2013-6365.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6365",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6365",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2013/6xxx/CVE-2013-6508.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6508",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6508",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

150
2017/10xxx/CVE-2017-10092.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10092",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Agile PLM Framework",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "9.3.5"
},
{
"version_affected" : "=",
"version_value" : "9.3.6"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Agile PLM Framework",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.3.5"
},
{
"version_affected": "=",
"version_value": "9.3.6"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name" : "99677",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99677"
},
{
"name" : "1038947",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038947"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038947",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038947"
},
{
"name": "99677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99677"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

130
2017/14xxx/CVE-2017-14337.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14337",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/MISP/MISP/commit/be111a470204a974c50682054c9c7d4b94396ed9",
"refsource" : "CONFIRM",
"url" : "https://github.com/MISP/MISP/commit/be111a470204a974c50682054c9c7d4b94396ed9"
},
{
"name" : "https://www.circl.lu/advisory/CVE-2017-14337/",
"refsource" : "CONFIRM",
"url" : "https://www.circl.lu/advisory/CVE-2017-14337/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/MISP/MISP/commit/be111a470204a974c50682054c9c7d4b94396ed9",
"refsource": "CONFIRM",
"url": "https://github.com/MISP/MISP/commit/be111a470204a974c50682054c9c7d4b94396ed9"
},
{
"name": "https://www.circl.lu/advisory/CVE-2017-14337/",
"refsource": "CONFIRM",
"url": "https://www.circl.lu/advisory/CVE-2017-14337/"
}
]
}
}

160
2017/14xxx/CVE-2017-14718.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14718",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://core.trac.wordpress.org/changeset/41393",
"refsource" : "MISC",
"url" : "https://core.trac.wordpress.org/changeset/41393"
},
{
"name" : "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/",
"refsource" : "MISC",
"url" : "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/"
},
{
"name" : "DSA-3997",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3997"
},
{
"name" : "100912",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100912"
},
{
"name" : "1039553",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039553"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3997",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3997"
},
{
"name": "100912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100912"
},
{
"name": "https://core.trac.wordpress.org/changeset/41393",
"refsource": "MISC",
"url": "https://core.trac.wordpress.org/changeset/41393"
},
{
"name": "1039553",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039553"
},
{
"name": "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/",
"refsource": "MISC",
"url": "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/"
}
]
}
}

170
2017/14xxx/CVE-2017-14719.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14719",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://core.trac.wordpress.org/changeset/41457",
"refsource" : "MISC",
"url" : "https://core.trac.wordpress.org/changeset/41457"
},
{
"name" : "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/",
"refsource" : "MISC",
"url" : "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8911",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8911"
},
{
"name" : "DSA-3997",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3997"
},
{
"name" : "100912",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100912"
},
{
"name" : "1039553",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039553"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Before version 4.8.2, WordPress was vulnerable to a directory traversal attack during unzip operations in the ZipArchive and PclZip components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3997",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3997"
},
{
"name": "100912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100912"
},
{
"name": "1039553",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039553"
},
{
"name": "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/",
"refsource": "MISC",
"url": "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8911",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8911"
},
{
"name": "https://core.trac.wordpress.org/changeset/41457",
"refsource": "MISC",
"url": "https://core.trac.wordpress.org/changeset/41457"
}
]
}
}

34
2017/15xxx/CVE-2017-15165.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15165",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15165",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2017/15xxx/CVE-2017-15200.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15200",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource" : "MISC",
"url" : "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name" : "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0",
"refsource" : "MISC",
"url" : "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"name" : "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524",
"refsource" : "MISC",
"url" : "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"name" : "https://kanboard.net/news/version-1.0.47",
"refsource" : "MISC",
"url" : "https://kanboard.net/news/version-1.0.47"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a private project of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
]
}
}

150
2017/15xxx/CVE-2017-15206.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15206",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource" : "MISC",
"url" : "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name" : "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0",
"refsource" : "MISC",
"url" : "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"name" : "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524",
"refsource" : "MISC",
"url" : "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
},
{
"name" : "https://kanboard.net/news/version-1.0.47",
"refsource" : "MISC",
"url" : "https://kanboard.net/news/version-1.0.47"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
]
}
}

140
2017/15xxx/CVE-2017-15272.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15272",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password \"ITsILLEGAL\"; however, this password is not required to extract the data. Cleartext is used for a user password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20171110 Advisory X41-2017-006: Multiple Vulnerabilities in PSFTPd Windows FTP Server",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/541518/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/144972/PSFTPd-Windows-FTP-Server-10.0.4-Build-729-Use-After-Free-Log-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/144972/PSFTPd-Windows-FTP-Server-10.0.4-Build-729-Use-After-Free-Log-Injection.html"
},
{
"name" : "https://www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd/",
"refsource" : "MISC",
"url" : "https://www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password \"ITsILLEGAL\"; however, this password is not required to extract the data. Cleartext is used for a user password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/144972/PSFTPd-Windows-FTP-Server-10.0.4-Build-729-Use-After-Free-Log-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/144972/PSFTPd-Windows-FTP-Server-10.0.4-Build-729-Use-After-Free-Log-Injection.html"
},
{
"name": "20171110 Advisory X41-2017-006: Multiple Vulnerabilities in PSFTPd Windows FTP Server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/541518/100/0/threaded"
},
{
"name": "https://www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd/",
"refsource": "MISC",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-006-psftpd/"
}
]
}
}

132
2017/15xxx/CVE-2017-15525.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@symantec.com",
"DATE_PUBLIC" : "2017-11-13T00:00:00",
"ID" : "CVE-2017-15525",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Symantec Endpoint Encryption",
"version" : {
"version_data" : [
{
"version_value" : "Prior to SEE v11.1.3MP1"
}
]
}
}
]
},
"vendor_name" : "Symantec Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2017-11-13T00:00:00",
"ID": "CVE-2017-15525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Endpoint Encryption",
"version": {
"version_data": [
{
"version_value": "Prior to SEE v11.1.3MP1"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171113_00",
"refsource" : "CONFIRM",
"url" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171113_00"
},
{
"name" : "101697",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101697"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101697",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101697"
},
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171113_00",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20171113_00"
}
]
}
}

120
2017/9xxx/CVE-2017-9090.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9090",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha']."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/s3131212/allendisk/issues/25",
"refsource" : "CONFIRM",
"url" : "https://github.com/s3131212/allendisk/issues/25"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha']."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/s3131212/allendisk/issues/25",
"refsource": "CONFIRM",
"url": "https://github.com/s3131212/allendisk/issues/25"
}
]
}
}

160
2017/9xxx/CVE-2017-9226.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9226",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a",
"refsource" : "CONFIRM",
"url" : "https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a"
},
{
"name" : "https://github.com/kkos/oniguruma/commit/f015fbdd95f76438cd86366467bb2b39870dd7c6",
"refsource" : "CONFIRM",
"url" : "https://github.com/kkos/oniguruma/commit/f015fbdd95f76438cd86366467bb2b39870dd7c6"
},
{
"name" : "https://github.com/kkos/oniguruma/issues/55",
"refsource" : "CONFIRM",
"url" : "https://github.com/kkos/oniguruma/issues/55"
},
{
"name" : "RHSA-2018:1296",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"name" : "101244",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101244"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kkos/oniguruma/issues/55",
"refsource": "CONFIRM",
"url": "https://github.com/kkos/oniguruma/issues/55"
},
{
"name": "RHSA-2018:1296",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1296"
},
{
"name": "https://github.com/kkos/oniguruma/commit/f015fbdd95f76438cd86366467bb2b39870dd7c6",
"refsource": "CONFIRM",
"url": "https://github.com/kkos/oniguruma/commit/f015fbdd95f76438cd86366467bb2b39870dd7c6"
},
{
"name": "https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a",
"refsource": "CONFIRM",
"url": "https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a"
},
{
"name": "101244",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101244"
}
]
}
}

130
2017/9xxx/CVE-2017-9297.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9297",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-114/",
"refsource" : "CONFIRM",
"url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-114/"
},
{
"name" : "98775",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98775"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98775",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98775"
},
{
"name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-114/",
"refsource": "CONFIRM",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-114/"
}
]
}
}

120
2017/9xxx/CVE-2017-9591.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9591",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The \"PCB Mobile\" by Phelps County Bank app 3.0.2 -- aka pcb-mobile/id436891295 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5",
"refsource" : "MISC",
"url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"PCB Mobile\" by Phelps County Bank app 3.0.2 -- aka pcb-mobile/id436891295 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5",
"refsource": "MISC",
"url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
}
]
}
}

150
2017/9xxx/CVE-2017-9619.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9619",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (Segmentation Violation and application crash) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c53183d4e7103e87368b7cfa15367a47d559e323",
"refsource" : "CONFIRM",
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c53183d4e7103e87368b7cfa15367a47d559e323"
},
{
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=698042",
"refsource" : "CONFIRM",
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=698042"
},
{
"name" : "GLSA-201811-12",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-12"
},
{
"name" : "99988",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99988"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (Segmentation Violation and application crash) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201811-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-12"
},
{
"name": "99988",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99988"
},
{
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=698042",
"refsource": "CONFIRM",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698042"
},
{
"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c53183d4e7103e87368b7cfa15367a47d559e323",
"refsource": "CONFIRM",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c53183d4e7103e87368b7cfa15367a47d559e323"
}
]
}
}

120
2017/9xxx/CVE-2017-9916.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9916",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlFreeHandle+0x00000000000001b6.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9916",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9916"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlFreeHandle+0x00000000000001b6.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9916",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9916"
}
]
}
}

34
2018/0xxx/CVE-2018-0070.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0070",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-0070",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/0xxx/CVE-2018-0576.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0576",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Events Manager",
"version" : {
"version_data" : [
{
"version_value" : "prior to version 5.9"
}
]
}
}
]
},
"vendor_name" : "NetWebLogic"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Events Manager",
"version": {
"version_data": [
{
"version_value": "prior to version 5.9"
}
]
}
}
]
},
"vendor_name": "NetWebLogic"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wordpress.org/plugins/events-manager/#developers",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/events-manager/#developers"
},
{
"name" : "JVN#85531148",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN85531148/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Events Manager plugin prior to version 5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/events-manager/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/events-manager/#developers"
},
{
"name": "JVN#85531148",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85531148/index.html"
}
]
}
}

130
2018/0xxx/CVE-2018-0630.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0630",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Aterm W300P",
"version" : {
"version_data" : [
{
"version_value" : "Ver1.0.13 and earlier"
}
]
}
}
]
},
"vendor_name" : "NEC Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "OS Command Injection"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aterm W300P",
"version": {
"version_data": [
{
"version_value": "Ver1.0.13 and earlier"
}
]
}
}
]
},
"vendor_name": "NEC Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jpn.nec.com/security-info/secinfo/nv18-011.html",
"refsource" : "MISC",
"url" : "https://jpn.nec.com/security-info/secinfo/nv18-011.html"
},
{
"name" : "JVN#26629618",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN26629618/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jpn.nec.com/security-info/secinfo/nv18-011.html",
"refsource": "MISC",
"url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html"
},
{
"name": "JVN#26629618",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN26629618/index.html"
}
]
}
}

142
2018/0xxx/CVE-2018-0879.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2018-03-14T00:00:00",
"ID" : "CVE-2018-0879",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 1709"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge in Windows 10 1709 allows information disclosure, due to how Edge handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-03-14T00:00:00",
"ID": "CVE-2018-0879",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "Windows 10 1709"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0879",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0879"
},
{
"name" : "103303",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103303"
},
{
"name" : "1040507",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040507"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Edge in Windows 10 1709 allows information disclosure, due to how Edge handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103303",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103303"
},
{
"name": "1040507",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040507"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0879",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0879"
}
]
}
}

124
2018/1000xxx/CVE-2018-1000108.json
View File

@ -1,64 +1,64 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-02-26",
"ID" : "CVE-2018-1000108",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins CppNCSS Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.1 and older"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin 1.1 and earlier in AbstractProjectAction/index.jelly that allow an attacker to craft links to Jenkins URLs that run arbitrary JavaScript in the user's browser when accessed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-02-26",
"ID": "CVE-2018-1000108",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-712",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-712"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin 1.1 and earlier in AbstractProjectAction/index.jelly that allow an attacker to craft links to Jenkins URLs that run arbitrary JavaScript in the user's browser when accessed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-712",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-712"
}
]
}
}

34
2018/1000xxx/CVE-2018-1000612.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1000612",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-12230. Reason: This candidate is a reservation duplicate of CVE-2018-12230. Notes: All CVE users should reference CVE-2018-12230 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-1000612",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-12230. Reason: This candidate is a reservation duplicate of CVE-2018-12230. Notes: All CVE users should reference CVE-2018-12230 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

126
2018/1000xxx/CVE-2018-1000860.json
View File

@ -1,65 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-05T14:18:48.097031",
"DATE_REQUESTED" : "2018-11-29T17:16:48",
"ID" : "CVE-2018-1000860",
"REQUESTER" : "Disgruntled3lf@gmail.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "phpipam",
"version" : {
"version_data" : [
{
"version_value" : "1.3.2 and earlier"
}
]
}
}
]
},
"vendor_name" : "phpipam"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'><script>alert(1)</script>quqtl exploits an XSS vulnerability. that can result in Arbitrary code executes in victims browser.. This attack appear to be exploitable via Needs to be chained with another exploit that allows an attacker to set or modify a cookie for the phpIPAM instance's domain.."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-12-05T14:18:48.097031",
"DATE_REQUESTED": "2018-11-29T17:16:48",
"ID": "CVE-2018-1000860",
"REQUESTER": "Disgruntled3lf@gmail.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/phpipam/phpipam/issues/2338",
"refsource" : "MISC",
"url" : "https://github.com/phpipam/phpipam/issues/2338"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single quotes. Editing the value of the cookie to r5zkh'><script>alert(1)</script>quqtl exploits an XSS vulnerability. that can result in Arbitrary code executes in victims browser.. This attack appear to be exploitable via Needs to be chained with another exploit that allows an attacker to set or modify a cookie for the phpIPAM instance's domain.."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/phpipam/phpipam/issues/2338",
"refsource": "MISC",
"url": "https://github.com/phpipam/phpipam/issues/2338"
}
]
}
}

140
2018/12xxx/CVE-2018-12113.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12113",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/148383/Core-FTP-LE-2.2-Buffer-Overflow.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/148383/Core-FTP-LE-2.2-Buffer-Overflow.html"
},
{
"name" : "https://gist.github.com/berkgoksel/a654c8cb661c7a27a3f763dee92016aa",
"refsource" : "MISC",
"url" : "https://gist.github.com/berkgoksel/a654c8cb661c7a27a3f763dee92016aa"
},
{
"name" : "https://gist.github.com/berkgoksel/e97b3f3b15e2f8293f649d4ebe6a6fc9",
"refsource" : "MISC",
"url" : "https://gist.github.com/berkgoksel/e97b3f3b15e2f8293f649d4ebe6a6fc9"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/berkgoksel/e97b3f3b15e2f8293f649d4ebe6a6fc9",
"refsource": "MISC",
"url": "https://gist.github.com/berkgoksel/e97b3f3b15e2f8293f649d4ebe6a6fc9"
},
{
"name": "https://gist.github.com/berkgoksel/a654c8cb661c7a27a3f763dee92016aa",
"refsource": "MISC",
"url": "https://gist.github.com/berkgoksel/a654c8cb661c7a27a3f763dee92016aa"
},
{
"name": "http://packetstormsecurity.com/files/148383/Core-FTP-LE-2.2-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148383/Core-FTP-LE-2.2-Buffer-Overflow.html"
}
]
}
}

120
2018/12xxx/CVE-2018-12258.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12258",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inserting an SD card containing the firmware with name 'ezviz.dav' and rebooting."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf",
"refsource" : "MISC",
"url" : "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inserting an SD card containing the firmware with name 'ezviz.dav' and rebooting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf",
"refsource": "MISC",
"url": "https://rchase.com/downloads/momentum-iot-penetration-test-report.pdf"
}
]
}
}

194
2018/12xxx/CVE-2018-12474.json
View File

@ -1,99 +1,99 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@suse.de",
"DATE_PUBLIC" : "2018-09-26T00:00:00.000Z",
"ID" : "CVE-2018-12474",
"STATE" : "PUBLIC",
"TITLE" : "Crafted service parameters allows to induce unexpected behaviour in obs-service-tar_scm"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Open Build Service",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "51a17c553b6ae2598820b7a90fd0c11502a49106"
}
]
}
}
]
},
"vendor_name" : "openSUSE"
}
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Matthias Gerstner of SUSE"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to 51a17c553b6ae2598820b7a90fd0c11502a49106."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 5.4,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20: Improper Input Validation"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2018-09-26T00:00:00.000Z",
"ID": "CVE-2018-12474",
"STATE": "PUBLIC",
"TITLE": "Crafted service parameters allows to induce unexpected behaviour in obs-service-tar_scm"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Open Build Service",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "51a17c553b6ae2598820b7a90fd0c11502a49106"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1107507",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1107507"
},
{
"name" : "https://github.com/openSUSE/obs-service-tar_scm/pull/254",
"refsource" : "CONFIRM",
"url" : "https://github.com/openSUSE/obs-service-tar_scm/pull/254"
}
]
},
"source" : {
"advisory" : "https://bugzilla.suse.com/show_bug.cgi?id=1107507",
"defect" : [
"https://bugzilla.suse.com/show_bug.cgi?id=1107507"
],
"discovery" : "INTERNAL"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Matthias Gerstner of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attacker controlled locations. Affected releases are openSUSE Open Build Service: versions prior to 51a17c553b6ae2598820b7a90fd0c11502a49106."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/openSUSE/obs-service-tar_scm/pull/254",
"refsource": "CONFIRM",
"url": "https://github.com/openSUSE/obs-service-tar_scm/pull/254"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1107507",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1107507"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1107507",
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1107507"
],
"discovery": "INTERNAL"
}
}

34
2018/12xxx/CVE-2018-12961.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12961",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12961",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/16xxx/CVE-2018-16138.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16138",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16138",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/16xxx/CVE-2018-16218.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16218",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16218",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/16xxx/CVE-2018-16380.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16380",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/n00dles/ogma-CMS/issues/39",
"refsource" : "MISC",
"url" : "https://github.com/n00dles/ogma-CMS/issues/39"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/n00dles/ogma-CMS/issues/39",
"refsource": "MISC",
"url": "https://github.com/n00dles/ogma-CMS/issues/39"
}
]
}
}

120
2018/16xxx/CVE-2018-16487.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"ID" : "CVE-2018-16487",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "lodash",
"version" : {
"version_data" : [
{
"version_value" : "<4.7.11"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service (CWE-400)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2018-16487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "lodash",
"version": {
"version_data": [
{
"version_value": "<4.7.11"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hackerone.com/reports/380873",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/380873"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/380873",
"refsource": "MISC",
"url": "https://hackerone.com/reports/380873"
}
]
}
}

180
2018/16xxx/CVE-2018-16585.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16585",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html"
},
{
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be",
"refsource" : "MISC",
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be"
},
{
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22",
"refsource" : "MISC",
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22"
},
{
"name" : "https://seclists.org/oss-sec/2018/q3/182",
"refsource" : "MISC",
"url" : "https://seclists.org/oss-sec/2018/q3/182"
},
{
"name" : "DSA-4288",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4288"
},
{
"name" : "GLSA-201811-12",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-12"
},
{
"name" : "USN-3768-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3768-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201811-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-12"
},
{
"name": "USN-3768-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3768-1/"
},
{
"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be",
"refsource": "MISC",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=1497d65039885a52b598b137dd8622bd4672f9be"
},
{
"name": "DSA-4288",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4288"
},
{
"name": "[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html"
},
{
"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22",
"refsource": "MISC",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=971472c83a345a16dac9f90f91258bb22dd77f22"
},
{
"name": "https://seclists.org/oss-sec/2018/q3/182",
"refsource": "MISC",
"url": "https://seclists.org/oss-sec/2018/q3/182"
}
]
}
}

34
2018/16xxx/CVE-2018-16926.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16926",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16926",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/4xxx/CVE-2018-4045.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"ID" : "CVE-2018-4045",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Clean My Mac",
"version" : {
"version_data" : [
{
"version_value" : "Clean My Mac X 4.04"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Input Validation"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2018-4045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Clean My Mac",
"version": {
"version_data": [
{
"version_value": "Clean My Mac X 4.04"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0719",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0719"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0719",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0719"
}
]
}
}

120
2018/4xxx/CVE-2018-4254.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2018-4254",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT208849",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208849"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In macOS High Sierra before 10.13.5, an input validation issue existed in the kernel. This issue was addressed with improved input validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208849",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208849"
}
]
}
}

34
2018/4xxx/CVE-2018-4529.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4529",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4529",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4670.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4670",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4670",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4740.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4740",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4740",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}