admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:59:06 +00:00
parent 0ace82a322
commit 8c5571b4a9
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
48 changed files with 3123 additions and 3123 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2003/0xxx/CVE-2003-0187.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0187",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030802 [SECURITY] Netfilter Security Advisory: Conntrack list_del() DoS",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105986028426824&w=2"
},
{
"name" : "oval:org.mitre.oval:def:260",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A260"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:260",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A260"
},
{
"name": "20030802 [SECURITY] Netfilter Security Advisory: Conntrack list_del() DoS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105986028426824&w=2"
}
]
}
}

130
2003/0xxx/CVE-2003-0995.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0995",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "win2k-message-queue-bo(13131)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13131"
},
{
"name" : "MS03-039",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-039"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "win2k-message-queue-bo(13131)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13131"
},
{
"name": "MS03-039",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-039"
}
]
}
}

150
2003/1xxx/CVE-2003-1507.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1507",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a default \"superuser\" account with the \"planet\" password, which allows remote attackers to gain administrative access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20031015 Few issues previously unpublished in English",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/341329"
},
{
"name" : "8837",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8837"
},
{
"name" : "1007924",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1007924"
},
{
"name" : "wgsd-default-admin-account(13446)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13446"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a default \"superuser\" account with the \"planet\" password, which allows remote attackers to gain administrative access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wgsd-default-admin-account(13446)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13446"
},
{
"name": "8837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8837"
},
{
"name": "20031015 Few issues previously unpublished in English",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/341329"
},
{
"name": "1007924",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1007924"
}
]
}
}

140
2003/1xxx/CVE-2003-1542.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1542",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in plugins/file.php in phpWebFileManager before 0.4.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the fm_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://platon.sk/projects/release_view_page.php?release_id=2",
"refsource" : "CONFIRM",
"url" : "http://platon.sk/projects/release_view_page.php?release_id=2"
},
{
"name" : "6933",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6933"
},
{
"name" : "8183",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/8183"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in plugins/file.php in phpWebFileManager before 0.4.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the fm_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6933",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6933"
},
{
"name": "8183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8183"
},
{
"name": "http://platon.sk/projects/release_view_page.php?release_id=2",
"refsource": "CONFIRM",
"url": "http://platon.sk/projects/release_view_page.php?release_id=2"
}
]
}
}

34
2004/0xxx/CVE-2004-0410.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0410",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2004-0410",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

170
2004/2xxx/CVE-2004-2456.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2456",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in miniBB 1.7f and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a userinfo action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.minibb.net/forums/index.php?action=vthread&forum=1&topic=1767",
"refsource" : "MISC",
"url" : "http://www.minibb.net/forums/index.php?action=vthread&forum=1&topic=1767"
},
{
"name" : "http://www.minibb.net/forums/index.php?action=vthread&forum=9&topic=1854",
"refsource" : "CONFIRM",
"url" : "http://www.minibb.net/forums/index.php?action=vthread&forum=9&topic=1854"
},
{
"name" : "11688",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11688"
},
{
"name" : "11711",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/11711"
},
{
"name" : "1012164",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1012164"
},
{
"name" : "minibb-user-sql-injection(18080)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18080"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in miniBB 1.7f and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a userinfo action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.minibb.net/forums/index.php?action=vthread&forum=1&topic=1767",
"refsource": "MISC",
"url": "http://www.minibb.net/forums/index.php?action=vthread&forum=1&topic=1767"
},
{
"name": "11688",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11688"
},
{
"name": "1012164",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012164"
},
{
"name": "minibb-user-sql-injection(18080)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18080"
},
{
"name": "http://www.minibb.net/forums/index.php?action=vthread&forum=9&topic=1854",
"refsource": "CONFIRM",
"url": "http://www.minibb.net/forums/index.php?action=vthread&forum=9&topic=1854"
},
{
"name": "11711",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11711"
}
]
}
}

190
2004/2xxx/CVE-2004-2543.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2543",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote attackers to cause a denial of service (proxy failure) via invalid traffic to the (1) T.120 or (2) RTSP proxy, or (3) invalid MIME messages to the mail filter. NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts after the failure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.securecomputing.com/pdf/SW61002Rel_Notes_0512.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.securecomputing.com/pdf/SW61002Rel_Notes_0512.pdf"
},
{
"name" : "6232",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/6232"
},
{
"name" : "6233",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/6233"
},
{
"name" : "6234",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/6234"
},
{
"name" : "11632",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11632"
},
{
"name" : "sidewinder-mail-filter-dos(16186)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16186"
},
{
"name" : "sidewinder-rtsp-dos(16184)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16184"
},
{
"name" : "sidewinder-t120-dos(16183)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16183"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote attackers to cause a denial of service (proxy failure) via invalid traffic to the (1) T.120 or (2) RTSP proxy, or (3) invalid MIME messages to the mail filter. NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts after the failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6234",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6234"
},
{
"name": "6233",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6233"
},
{
"name": "sidewinder-mail-filter-dos(16186)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16186"
},
{
"name": "http://www.securecomputing.com/pdf/SW61002Rel_Notes_0512.pdf",
"refsource": "CONFIRM",
"url": "http://www.securecomputing.com/pdf/SW61002Rel_Notes_0512.pdf"
},
{
"name": "sidewinder-rtsp-dos(16184)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16184"
},
{
"name": "11632",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11632"
},
{
"name": "6232",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6232"
},
{
"name": "sidewinder-t120-dos(16183)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16183"
}
]
}
}

170
2004/2xxx/CVE-2004-2686.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2686",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.immunitysec.com/downloads/solaris_kernel_vfs.sxw.pdf",
"refsource" : "MISC",
"url" : "http://www.immunitysec.com/downloads/solaris_kernel_vfs.sxw.pdf"
},
{
"name" : "20040407 Solaris vfs_getvfssw() local kernel exploit",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2004/Apr/0081.html"
},
{
"name" : "20040407 Solaris vfs_getvfssw() local kernel exploit",
"refsource" : "FULLDISC",
"url" : "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2004-04/0297.html"
},
{
"name" : "9962",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9962"
},
{
"name" : "oval:org.mitre.oval:def:1381",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1381"
},
{
"name" : "1008833",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1008833"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9962",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9962"
},
{
"name": "20040407 Solaris vfs_getvfssw() local kernel exploit",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2004/Apr/0081.html"
},
{
"name": "20040407 Solaris vfs_getvfssw() local kernel exploit",
"refsource": "FULLDISC",
"url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2004-04/0297.html"
},
{
"name": "oval:org.mitre.oval:def:1381",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1381"
},
{
"name": "http://www.immunitysec.com/downloads/solaris_kernel_vfs.sxw.pdf",
"refsource": "MISC",
"url": "http://www.immunitysec.com/downloads/solaris_kernel_vfs.sxw.pdf"
},
{
"name": "1008833",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1008833"
}
]
}
}

360
2008/2xxx/CVE-2008-2237.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2237",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.openoffice.org/security/cves/CVE-2008-2237.html",
"refsource" : "CONFIRM",
"url" : "http://www.openoffice.org/security/cves/CVE-2008-2237.html"
},
{
"name" : "http://neowiki.neooffice.org/index.php/NeoOffice_2.2.5_Patch_3_New_Features#Security_fixes",
"refsource" : "CONFIRM",
"url" : "http://neowiki.neooffice.org/index.php/NeoOffice_2.2.5_Patch_3_New_Features#Security_fixes"
},
{
"name" : "DSA-1661",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1661"
},
{
"name" : "FEDORA-2008-9313",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00905.html"
},
{
"name" : "FEDORA-2008-9333",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00923.html"
},
{
"name" : "GLSA-200812-13",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200812-13.xml"
},
{
"name" : "RHSA-2008:0939",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0939.html"
},
{
"name" : "242627",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242627-1"
},
{
"name" : "SUSE-SR:2008:026",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
},
{
"name" : "USN-677-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-677-2"
},
{
"name" : "USN-677-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-677-1"
},
{
"name" : "31962",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31962"
},
{
"name" : "oval:org.mitre.oval:def:10784",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10784"
},
{
"name" : "32463",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32463"
},
{
"name" : "32856",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32856"
},
{
"name" : "ADV-2008-2947",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2947"
},
{
"name" : "ADV-2008-3103",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3103"
},
{
"name" : "1021120",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021120"
},
{
"name" : "32419",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32419"
},
{
"name" : "32461",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32461"
},
{
"name" : "32489",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32489"
},
{
"name" : "32676",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32676"
},
{
"name" : "32872",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32872"
},
{
"name" : "33140",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33140"
},
{
"name" : "openoffice-wmf-bo(46165)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46165"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-677-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-677-2"
},
{
"name": "32856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32856"
},
{
"name": "31962",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31962"
},
{
"name": "openoffice-wmf-bo(46165)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46165"
},
{
"name": "32461",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32461"
},
{
"name": "32419",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32419"
},
{
"name": "oval:org.mitre.oval:def:10784",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10784"
},
{
"name": "FEDORA-2008-9333",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00923.html"
},
{
"name": "32872",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32872"
},
{
"name": "http://neowiki.neooffice.org/index.php/NeoOffice_2.2.5_Patch_3_New_Features#Security_fixes",
"refsource": "CONFIRM",
"url": "http://neowiki.neooffice.org/index.php/NeoOffice_2.2.5_Patch_3_New_Features#Security_fixes"
},
{
"name": "USN-677-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-677-1"
},
{
"name": "GLSA-200812-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-13.xml"
},
{
"name": "32676",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32676"
},
{
"name": "ADV-2008-3103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3103"
},
{
"name": "ADV-2008-2947",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2947"
},
{
"name": "http://www.openoffice.org/security/cves/CVE-2008-2237.html",
"refsource": "CONFIRM",
"url": "http://www.openoffice.org/security/cves/CVE-2008-2237.html"
},
{
"name": "32489",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32489"
},
{
"name": "32463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32463"
},
{
"name": "242627",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-242627-1"
},
{
"name": "1021120",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021120"
},
{
"name": "RHSA-2008:0939",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0939.html"
},
{
"name": "DSA-1661",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1661"
},
{
"name": "SUSE-SR:2008:026",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
},
{
"name": "33140",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33140"
},
{
"name": "FEDORA-2008-9313",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00905.html"
}
]
}
}

130
2008/2xxx/CVE-2008-2425.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2425",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in FicHive 1.0 allows remote attackers to execute arbitrary SQL commands via the letter parameter in a Search action, a different vector than CVE-2008-2416. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "30281",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30281"
},
{
"name" : "fichive-letter-sql-injection(42800)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42800"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in FicHive 1.0 allows remote attackers to execute arbitrary SQL commands via the letter parameter in a Search action, a different vector than CVE-2008-2416. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30281",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30281"
},
{
"name": "fichive-letter-sql-injection(42800)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42800"
}
]
}
}

140
2008/2xxx/CVE-2008-2856.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2856",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5860",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5860"
},
{
"name" : "29818",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29818"
},
{
"name" : "ownrs-clanek-sql-injection(43185)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43185"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29818",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29818"
},
{
"name": "5860",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5860"
},
{
"name": "ownrs-clanek-sql-injection(43185)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43185"
}
]
}
}

180
2008/2xxx/CVE-2008-2863.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2863",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple absolute path traversal vulnerabilities in eLineStudio Site Composer (ESC) 2.6 allow remote attackers to create or delete arbitrary directories via a full pathname in the inpCurrFolder parameter to (1) folderdel_.asp or (2) foldernew.asp in cms/assetmanager/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080619 eLineStudio Site Composer (ESC) <=2.6 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/493473/100/0/threaded"
},
{
"name" : "5859",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5859"
},
{
"name" : "http://www.bugreport.ir/?/45",
"refsource" : "MISC",
"url" : "http://www.bugreport.ir/?/45"
},
{
"name" : "29812",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29812"
},
{
"name" : "30762",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30762"
},
{
"name" : "3957",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3957"
},
{
"name" : "esc-inpcurrfolder-unauthorized-access(43193)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43193"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple absolute path traversal vulnerabilities in eLineStudio Site Composer (ESC) 2.6 allow remote attackers to create or delete arbitrary directories via a full pathname in the inpCurrFolder parameter to (1) folderdel_.asp or (2) foldernew.asp in cms/assetmanager/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3957",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3957"
},
{
"name": "5859",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5859"
},
{
"name": "esc-inpcurrfolder-unauthorized-access(43193)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43193"
},
{
"name": "http://www.bugreport.ir/?/45",
"refsource": "MISC",
"url": "http://www.bugreport.ir/?/45"
},
{
"name": "29812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29812"
},
{
"name": "20080619 eLineStudio Site Composer (ESC) <=2.6 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493473/100/0/threaded"
},
{
"name": "30762",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30762"
}
]
}
}

120
2012/0xxx/CVE-2012-0996.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0996",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.htbridge.ch/advisory/HTB23071",
"refsource" : "MISC",
"url" : "https://www.htbridge.ch/advisory/HTB23071"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.ch/advisory/HTB23071",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/HTB23071"
}
]
}
}

34
2012/1xxx/CVE-2012-1169.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1169",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1169",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/1xxx/CVE-2012-1257.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1257",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1257",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2012/1xxx/CVE-2012-1911.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1911",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18578",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18578"
},
{
"name" : "http://sourceforge.net/tracker/?func=detail&aid=3496653&group_id=157964&atid=805929",
"refsource" : "MISC",
"url" : "http://sourceforge.net/tracker/?func=detail&aid=3496653&group_id=157964&atid=805929"
},
{
"name" : "http://sourceforge.net/tracker/?func=detail&aid=3501716&group_id=157964&atid=805929",
"refsource" : "MISC",
"url" : "http://sourceforge.net/tracker/?func=detail&aid=3501716&group_id=157964&atid=805929"
},
{
"name" : "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt",
"refsource" : "MISC",
"url" : "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
},
{
"name" : "52396",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52396"
},
{
"name" : "phpaddressbook-multiple-sql-injection(73943)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73943"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18578",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18578"
},
{
"name": "phpaddressbook-multiple-sql-injection(73943)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73943"
},
{
"name": "52396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52396"
},
{
"name": "http://sourceforge.net/tracker/?func=detail&aid=3501716&group_id=157964&atid=805929",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail&aid=3501716&group_id=157964&atid=805929"
},
{
"name": "http://sourceforge.net/tracker/?func=detail&aid=3496653&group_id=157964&atid=805929",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/?func=detail&aid=3496653&group_id=157964&atid=805929"
},
{
"name": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt",
"refsource": "MISC",
"url": "http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt"
}
]
}
}

34
2012/5xxx/CVE-2012-5577.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5577",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5577",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

320
2012/5xxx/CVE-2012-5836.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5836",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-94.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-94.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=792857",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=792857"
},
{
"name" : "openSUSE-SU-2012:1583",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
},
{
"name" : "openSUSE-SU-2012:1585",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
},
{
"name" : "openSUSE-SU-2012:1586",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
},
{
"name" : "SUSE-SU-2012:1592",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
},
{
"name" : "openSUSE-SU-2013:0175",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
},
{
"name" : "USN-1638-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1638-1"
},
{
"name" : "USN-1638-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1638-3"
},
{
"name" : "USN-1638-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1638-2"
},
{
"name" : "USN-1636-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1636-1"
},
{
"name" : "56616",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56616"
},
{
"name" : "87593",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/87593"
},
{
"name" : "oval:org.mitre.oval:def:16336",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16336"
},
{
"name" : "51369",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51369"
},
{
"name" : "51381",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51381"
},
{
"name" : "51434",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51434"
},
{
"name" : "51439",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51439"
},
{
"name" : "51440",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51440"
},
{
"name" : "51370",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51370"
},
{
"name" : "firefox-svg-dos(80172)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80172"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1638-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1638-3"
},
{
"name": "51370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51370"
},
{
"name": "USN-1638-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1638-2"
},
{
"name": "oval:org.mitre.oval:def:16336",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16336"
},
{
"name": "openSUSE-SU-2012:1586",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
},
{
"name": "USN-1636-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1636-1"
},
{
"name": "openSUSE-SU-2013:0175",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
},
{
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-94.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-94.html"
},
{
"name": "51434",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51434"
},
{
"name": "openSUSE-SU-2012:1583",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
},
{
"name": "51439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51439"
},
{
"name": "51440",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51440"
},
{
"name": "56616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56616"
},
{
"name": "USN-1638-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1638-1"
},
{
"name": "SUSE-SU-2012:1592",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
},
{
"name": "openSUSE-SU-2012:1585",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
},
{
"name": "51381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51381"
},
{
"name": "firefox-svg-dos(80172)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80172"
},
{
"name": "51369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51369"
},
{
"name": "87593",
"refsource": "OSVDB",
"url": "http://osvdb.org/87593"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=792857",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=792857"
}
]
}
}

130
2017/11xxx/CVE-2017-11111.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11111",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392415",
"refsource" : "MISC",
"url" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392415"
},
{
"name" : "USN-3694-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3694-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.nasm.us/show_bug.cgi?id=3392415",
"refsource": "MISC",
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392415"
},
{
"name": "USN-3694-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3694-1/"
}
]
}
}

150
2017/11xxx/CVE-2017-11503.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11503",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHPMailer 5.2.23 has XSS in the \"From Email Address\" and \"To Email Address\" fields of code_generator.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://cxsecurity.com/issue/WLB-2017060181",
"refsource" : "MISC",
"url" : "https://cxsecurity.com/issue/WLB-2017060181"
},
{
"name" : "https://packetstormsecurity.com/files/143138/phpmailer-xss.txt",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/143138/phpmailer-xss.txt"
},
{
"name" : "99293",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99293/"
},
{
"name" : "1039026",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039026"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHPMailer 5.2.23 has XSS in the \"From Email Address\" and \"To Email Address\" fields of code_generator.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99293",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99293/"
},
{
"name": "https://packetstormsecurity.com/files/143138/phpmailer-xss.txt",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/143138/phpmailer-xss.txt"
},
{
"name": "https://cxsecurity.com/issue/WLB-2017060181",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2017060181"
},
{
"name": "1039026",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039026"
}
]
}
}

130
2017/11xxx/CVE-2017-11529.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11529",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867823",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867823"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/525",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/525"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/525",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/525"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867823",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867823"
}
]
}
}

34
2017/11xxx/CVE-2017-11959.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11959",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11959",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2017/3xxx/CVE-2017-3060.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-3060",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Flash Player 25.0.0.127 and earlier.",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Flash Player 25.0.0.127 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player 25.0.0.127 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player 25.0.0.127 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name" : "GLSA-201704-04",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201704-04"
},
{
"name" : "RHSA-2017:0934",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:0934"
},
{
"name" : "97557",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97557"
},
{
"name" : "1038225",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038225"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201704-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-04"
},
{
"name": "1038225",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038225"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name": "97557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97557"
},
{
"name": "RHSA-2017:0934",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0934"
}
]
}
}

34
2017/3xxx/CVE-2017-3674.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3674",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-3674",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2017/3xxx/CVE-2017-3837.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-3837",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Meeting Server",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Meeting Server"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. In addition, the attacker could potentially cause the application to crash unexpectedly, resulting in a denial of service (DoS) condition. The attacker would need to be authenticated and have a valid session with the Web Bridge. Affected Products: This vulnerability affects Cisco Meeting Server software releases prior to 2.1.2. This product was previously known as Acano Conferencing Server. More Information: CSCvc89551. Known Affected Releases: 2.0 2.0.7 2.1. Known Fixed Releases: 2.1.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "HTTP Packet Processing Vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-3837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Meeting Server",
"version": {
"version_data": [
{
"version_value": "Cisco Meeting Server"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cms1",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cms1"
},
{
"name" : "96243",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96243"
},
{
"name" : "1037834",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037834"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. In addition, the attacker could potentially cause the application to crash unexpectedly, resulting in a denial of service (DoS) condition. The attacker would need to be authenticated and have a valid session with the Web Bridge. Affected Products: This vulnerability affects Cisco Meeting Server software releases prior to 2.1.2. This product was previously known as Acano Conferencing Server. More Information: CSCvc89551. Known Affected Releases: 2.0 2.0.7 2.1. Known Fixed Releases: 2.1.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP Packet Processing Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037834",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037834"
},
{
"name": "96243",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96243"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cms1",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cms1"
}
]
}
}

152
2017/3xxx/CVE-2017-3897.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2017-08-31T00:00:00",
"ID" : "CVE-2017-3897",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Live Safe",
"version" : {
"version_data" : [
{
"version_value" : "16.0.3"
}
]
}
},
{
"product_name" : "Security Scan Plus",
"version" : {
"version_data" : [
{
"version_value" : "3.11.599.3"
}
]
}
}
]
},
"vendor_name" : "McAfee"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Code Injection vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2017-08-31T00:00:00",
"ID": "CVE-2017-3897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Live Safe",
"version": {
"version_data": [
{
"version_value": "16.0.3"
}
]
}
},
{
"product_name": "Security Scan Plus",
"version": {
"version_data": [
{
"version_value": "3.11.599.3"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://service.mcafee.com/FAQDocument.aspx?lc=1033&id=TS102723",
"refsource" : "CONFIRM",
"url" : "http://service.mcafee.com/FAQDocument.aspx?lc=1033&id=TS102723"
},
{
"name" : "100100",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100100"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100100"
},
{
"name": "http://service.mcafee.com/FAQDocument.aspx?lc=1033&id=TS102723",
"refsource": "CONFIRM",
"url": "http://service.mcafee.com/FAQDocument.aspx?lc=1033&id=TS102723"
}
]
}
}

140
2017/7xxx/CVE-2017-7126.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-7126",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party \"file\" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-7126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT208144",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208144"
},
{
"name" : "100993",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100993"
},
{
"name" : "1038249",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038249"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the third-party \"file\" product. Versions before 5.30 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100993"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "1038249",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038249"
}
]
}
}

120
2017/7xxx/CVE-2017-7312.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7312",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames and passwords)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://amswoes.wordpress.com/2017/06/06/first-blog-post/",
"refsource" : "MISC",
"url" : "https://amswoes.wordpress.com/2017/06/06/first-blog-post/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames and passwords)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://amswoes.wordpress.com/2017/06/06/first-blog-post/",
"refsource": "MISC",
"url": "https://amswoes.wordpress.com/2017/06/06/first-blog-post/"
}
]
}
}

214
2017/7xxx/CVE-2017-7562.json
View File

@ -1,110 +1,110 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "anemec@redhat.com",
"ID" : "CVE-2017-7562",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "krb5",
"version" : {
"version_data" : [
{
"version_value" : "1.16.1"
}
]
}
}
]
},
"vendor_name" : "MIT"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-295"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "krb5",
"version": {
"version_data": [
{
"version_value": "1.16.1"
}
]
}
}
]
},
"vendor_name": "MIT"
}
]
},
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-287"
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7562",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7562"
},
{
"name" : "https://github.com/krb5/krb5/pull/694",
"refsource" : "CONFIRM",
"url" : "https://github.com/krb5/krb5/pull/694"
},
{
"name" : "https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196",
"refsource" : "CONFIRM",
"url" : "https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196"
},
{
"name" : "https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2",
"refsource" : "CONFIRM",
"url" : "https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2"
},
{
"name" : "https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627d",
"refsource" : "CONFIRM",
"url" : "https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627d"
},
{
"name" : "RHSA-2018:0666",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0666"
},
{
"name" : "100511",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100511"
}
]
}
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2",
"refsource": "CONFIRM",
"url": "https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2"
},
{
"name": "100511",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100511"
},
{
"name": "https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196",
"refsource": "CONFIRM",
"url": "https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196"
},
{
"name": "https://github.com/krb5/krb5/pull/694",
"refsource": "CONFIRM",
"url": "https://github.com/krb5/krb5/pull/694"
},
{
"name": "RHSA-2018:0666",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0666"
},
{
"name": "https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627d",
"refsource": "CONFIRM",
"url": "https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627d"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7562",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7562"
}
]
}
}

160
2017/7xxx/CVE-2017-7725.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7725",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a \"canonical\" URL on installation of concrete5 using the \"Advanced Options\" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored and allows for arbitrary domains to be set for certain links displayed to subsequent visitors, potentially an XSS vector."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41885",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41885/"
},
{
"name" : "https://hackerone.com/reports/148300",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/148300"
},
{
"name" : "http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt",
"refsource" : "MISC",
"url" : "http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt"
},
{
"name" : "https://packetstormsecurity.com/files/142145/concrete5-8.1.0-Host-Header-Injection.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/142145/concrete5-8.1.0-Host-Header-Injection.html"
},
{
"name" : "97649",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97649"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a \"canonical\" URL on installation of concrete5 using the \"Advanced Options\" settings. Remote attackers can make a GET request with any domain name in the Host header; this is stored and allows for arbitrary domains to be set for certain links displayed to subsequent visitors, potentially an XSS vector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41885",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41885/"
},
{
"name": "http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt",
"refsource": "MISC",
"url": "http://hyp3rlinx.altervista.org/advisories/CONCRETE5-v8.1.0-HOST-HEADER-INJECTION.txt"
},
{
"name": "https://packetstormsecurity.com/files/142145/concrete5-8.1.0-Host-Header-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/142145/concrete5-8.1.0-Host-Header-Injection.html"
},
{
"name": "97649",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97649"
},
{
"name": "https://hackerone.com/reports/148300",
"refsource": "MISC",
"url": "https://hackerone.com/reports/148300"
}
]
}
}

266
2017/7xxx/CVE-2017-7753.json
View File

@ -1,135 +1,135 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-7753",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52.3"
}
]
}
},
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52.3"
}
]
}
},
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "55"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read with cached style data and pseudo-elements"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-7753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52.3"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52.3"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "55"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1353312",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1353312"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-18/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-18/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-19/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-19/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-20/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-20/"
},
{
"name" : "DSA-3928",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3928"
},
{
"name" : "DSA-3968",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3968"
},
{
"name" : "GLSA-201803-14",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201803-14"
},
{
"name" : "RHSA-2017:2456",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2456"
},
{
"name" : "RHSA-2017:2534",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2534"
},
{
"name" : "100315",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100315"
},
{
"name" : "1039124",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039124"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read with cached style data and pseudo-elements"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-19/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-19/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-20/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-20/"
},
{
"name": "DSA-3968",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3968"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-18/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-18/"
},
{
"name": "RHSA-2017:2456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2456"
},
{
"name": "RHSA-2017:2534",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2534"
},
{
"name": "100315",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100315"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1353312",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1353312"
},
{
"name": "1039124",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039124"
},
{
"name": "GLSA-201803-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201803-14"
},
{
"name": "DSA-3928",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3928"
}
]
}
}

140
2017/8xxx/CVE-2017-8051.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8051",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41892",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41892/"
},
{
"name" : "https://vulndb.cyberriskanalytics.com/153135",
"refsource" : "MISC",
"url" : "https://vulndb.cyberriskanalytics.com/153135"
},
{
"name" : "http://www.tenable.com/security/tns-2017-07",
"refsource" : "CONFIRM",
"url" : "http://www.tenable.com/security/tns-2017-07"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vulndb.cyberriskanalytics.com/153135",
"refsource": "MISC",
"url": "https://vulndb.cyberriskanalytics.com/153135"
},
{
"name": "http://www.tenable.com/security/tns-2017-07",
"refsource": "CONFIRM",
"url": "http://www.tenable.com/security/tns-2017-07"
},
{
"name": "41892",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41892/"
}
]
}
}

160
2017/8xxx/CVE-2017-8061.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8061",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x and 4.10.x before 4.10.7 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170416 Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/04/16/4"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.7",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.7"
},
{
"name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67b0503db9c29b04eadfeede6bebbfe5ddad94ef",
"refsource" : "CONFIRM",
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67b0503db9c29b04eadfeede6bebbfe5ddad94ef"
},
{
"name" : "https://github.com/torvalds/linux/commit/67b0503db9c29b04eadfeede6bebbfe5ddad94ef",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/67b0503db9c29b04eadfeede6bebbfe5ddad94ef"
},
{
"name" : "97972",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97972"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x and 4.10.x before 4.10.7 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.7",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.7"
},
{
"name": "[oss-security] 20170416 Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/04/16/4"
},
{
"name": "https://github.com/torvalds/linux/commit/67b0503db9c29b04eadfeede6bebbfe5ddad94ef",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/67b0503db9c29b04eadfeede6bebbfe5ddad94ef"
},
{
"name": "97972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97972"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67b0503db9c29b04eadfeede6bebbfe5ddad94ef",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67b0503db9c29b04eadfeede6bebbfe5ddad94ef"
}
]
}
}

130
2017/8xxx/CVE-2017-8385.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8385",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://craftcms.com/changelog#2-6-2976",
"refsource" : "CONFIRM",
"url" : "https://craftcms.com/changelog#2-6-2976"
},
{
"name" : "https://twitter.com/CraftCMS/status/857743080224473088",
"refsource" : "CONFIRM",
"url" : "https://twitter.com/CraftCMS/status/857743080224473088"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://craftcms.com/changelog#2-6-2976",
"refsource": "CONFIRM",
"url": "https://craftcms.com/changelog#2-6-2976"
},
{
"name": "https://twitter.com/CraftCMS/status/857743080224473088",
"refsource": "CONFIRM",
"url": "https://twitter.com/CraftCMS/status/857743080224473088"
}
]
}
}

34
2018/10xxx/CVE-2018-10047.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10047",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10047",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2018/10xxx/CVE-2018-10322.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10322",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.kernel.org/show_bug.cgi?id=199377",
"refsource" : "MISC",
"url" : "https://bugzilla.kernel.org/show_bug.cgi?id=199377"
},
{
"name" : "https://www.spinics.net/lists/linux-xfs/msg17215.html",
"refsource" : "MISC",
"url" : "https://www.spinics.net/lists/linux-xfs/msg17215.html"
},
{
"name" : "RHSA-2018:2948",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name" : "RHSA-2018:3083",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name" : "RHSA-2018:3096",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name" : "103960",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103960"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3083",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name": "https://www.spinics.net/lists/linux-xfs/msg17215.html",
"refsource": "MISC",
"url": "https://www.spinics.net/lists/linux-xfs/msg17215.html"
},
{
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "103960",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103960"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=199377",
"refsource": "MISC",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=199377"
},
{
"name": "RHSA-2018:3096",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
}
]
}
}

122
2018/12xxx/CVE-2018-12188.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2019-03-12T00:00:00",
"ID" : "CVE-2018-12188",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Intel(R) CSME, Server Platform Services, Trusted Execution Engine and Intel(R) Active Management Technology",
"version" : {
"version_data" : [
{
"version_value" : "Multiple versions."
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insufficient input validation in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before version 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially modify data via physical access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Escalation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2019-03-12T00:00:00",
"ID": "CVE-2018-12188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) CSME, Server Platform Services, Trusted Execution Engine and Intel(R) Active Management Technology",
"version": {
"version_data": [
{
"version_value": "Multiple versions."
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html",
"refsource" : "CONFIRM",
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient input validation in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before version 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially modify data via physical access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00185.html"
}
]
}
}

224
2018/12xxx/CVE-2018-12386.json
View File

@ -1,114 +1,114 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2018-12386",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "60.2.2"
}
]
}
},
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "62.0.3"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Type confusion in JavaScript"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-12386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "60.2.2"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "62.0.3"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1493900",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1493900"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-24/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-24/"
},
{
"name" : "DSA-4310",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4310"
},
{
"name" : "GLSA-201810-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201810-01"
},
{
"name" : "RHSA-2018:2881",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2881"
},
{
"name" : "RHSA-2018:2884",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2884"
},
{
"name" : "USN-3778-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3778-1/"
},
{
"name" : "105460",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105460"
},
{
"name" : "1041770",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041770"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Type confusion in JavaScript"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201810-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "105460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105460"
},
{
"name": "USN-3778-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3778-1/"
},
{
"name": "DSA-4310",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4310"
},
{
"name": "RHSA-2018:2884",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2884"
},
{
"name": "1041770",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041770"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1493900",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1493900"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-24/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-24/"
},
{
"name": "RHSA-2018:2881",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2881"
}
]
}
}

130
2018/12xxx/CVE-2018-12601.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12601",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180810 [SECURITY] [DLA 1463-1] sam2p security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00010.html"
},
{
"name" : "https://github.com/pts/sam2p/issues/41",
"refsource" : "MISC",
"url" : "https://github.com/pts/sam2p/issues/41"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180810 [SECURITY] [DLA 1463-1] sam2p security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00010.html"
},
{
"name": "https://github.com/pts/sam2p/issues/41",
"refsource": "MISC",
"url": "https://github.com/pts/sam2p/issues/41"
}
]
}
}

130
2018/13xxx/CVE-2018-13483.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13483",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for mkethToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/mkethToken",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/mkethToken"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for mkethToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/mkethToken",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/mkethToken"
}
]
}
}

130
2018/13xxx/CVE-2018-13816.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "productcert@siemens.com",
"ID" : "CVE-2018-13816",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "TIM 1531 IRC",
"version" : {
"version_data" : [
{
"version_value" : "TIM 1531 IRC : All version < V2.0"
}
]
}
}
]
},
"vendor_name" : "Siemens AG"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 102/tcp, although configured. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. At the time of advisory publication no public exploitation of this vulnerability was known."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-284: Improper Access Control"
}
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-13816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIM 1531 IRC",
"version": {
"version_data": [
{
"version_value": "TIM 1531 IRC : All version < V2.0"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-982399.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-982399.pdf"
},
{
"name" : "106194",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106194"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 102/tcp, although configured. Successful exploitation requires an attacker to be able to send packets to port 102/tcp of the affected device. No user interaction and no user privileges are required to exploit the vulnerability. At the time of advisory publication no public exploitation of this vulnerability was known."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-982399.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-982399.pdf"
},
{
"name": "106194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106194"
}
]
}
}

34
2018/13xxx/CVE-2018-13940.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13940",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13940",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/13xxx/CVE-2018-13958.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13958",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13958",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/17xxx/CVE-2018-17078.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17078",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17078",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/17xxx/CVE-2018-17108.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17108",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow attackers to perform Account Takeover attacks by intercepting a security-question response during the initial configuration of the application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/magicj3lly/appexploits/blob/master/SBI_Buddy_AuthenticationBypass.pdf",
"refsource" : "MISC",
"url" : "https://github.com/magicj3lly/appexploits/blob/master/SBI_Buddy_AuthenticationBypass.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow attackers to perform Account Takeover attacks by intercepting a security-question response during the initial configuration of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/magicj3lly/appexploits/blob/master/SBI_Buddy_AuthenticationBypass.pdf",
"refsource": "MISC",
"url": "https://github.com/magicj3lly/appexploits/blob/master/SBI_Buddy_AuthenticationBypass.pdf"
}
]
}
}

120
2018/17xxx/CVE-2018-17439.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17439",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#stack-overflow-in-h5s_extent_get_dims",
"refsource" : "MISC",
"url" : "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#stack-overflow-in-h5s_extent_get_dims"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#stack-overflow-in-h5s_extent_get_dims",
"refsource": "MISC",
"url": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#stack-overflow-in-h5s_extent_get_dims"
}
]
}
}

34
2018/17xxx/CVE-2018-17603.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17603",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17603",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9293.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9293",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9293",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}