admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:32:28 +00:00
parent ac1894b4d0
commit 95b3c7e69c
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
61 changed files with 3708 additions and 3708 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
2003/1xxx/CVE-2003-1262.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1262",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1262",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request via a long (1) host, (2) referer, or (3) userAgent value."
"lang": "eng",
"value": "Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request via a long (1) host, (2) referer, or (3) userAgent value."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20030106 [INetCop Security Advisory] Buffer Overflow vulnerability in HTTP Fetcher Library.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/305340"
"name": "20030107 GLSA: http-fetcher",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104195613529429&w=2"
},
{
"name" : "20030107 GLSA: http-fetcher",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104195613529429&w=2"
"name": "http-fetcher-httpfetch-bo(11000)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11000.php"
},
{
"name" : "GLSA-200301-6",
"refsource" : "GENTOO",
"url" : "http://www.linuxsecurity.com/content/view/104480/104/"
"name": "6531",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6531"
},
{
"name" : "7823",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/7823"
"name": "GLSA-200301-6",
"refsource": "GENTOO",
"url": "http://www.linuxsecurity.com/content/view/104480/104/"
},
{
"name" : "http-fetcher-httpfetch-bo(11000)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/11000.php"
"name": "20030106 [INetCop Security Advisory] Buffer Overflow vulnerability in HTTP Fetcher Library.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/305340"
},
{
"name" : "6531",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6531"
"name": "7823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/7823"
}
]
}

22
2004/0xxx/CVE-2004-0508.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0508",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0508",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

92
2004/0xxx/CVE-2004-0529.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0529",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0529",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490."
"lang": "eng",
"value": "The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20040605 cPanel mod_php suEXEC Taint Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108663003608211&w=2"
"name": "1010411",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010411"
},
{
"name" : "http://bugzilla.cpanel.net/show_bug.cgi?id=668",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.cpanel.net/show_bug.cgi?id=668"
"name": "20040605 cPanel mod_php suEXEC Taint Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108663003608211&w=2"
},
{
"name" : "10478",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10478"
"name": "11798",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11798"
},
{
"name" : "1010411",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1010411"
"name": "http://bugzilla.cpanel.net/show_bug.cgi?id=668",
"refsource": "CONFIRM",
"url": "http://bugzilla.cpanel.net/show_bug.cgi?id=668"
},
{
"name" : "11798",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11798"
"name": "10478",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10478"
},
{
"name" : "cpanel-suexec-command-execute(16347)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16347"
"name": "cpanel-suexec-command-execute(16347)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16347"
}
]
}

68
2004/0xxx/CVE-2004-0741.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0741",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0741",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "LionMax Software WWW File Share Pro 2.60 allows remote attackers to cause a denial of service (crash or hang) via a long URL, possibly triggering a buffer overflow."
"lang": "eng",
"value": "LionMax Software WWW File Share Pro 2.60 allows remote attackers to cause a denial of service (crash or hang) via a long URL, possibly triggering a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20040720 dos_in_file_share_2.6",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109035774701051&w=2"
"name": "20040720 dos_in_file_share_2.6",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109035774701051&w=2"
},
{
"name" : "wwwfilesharepro-http-get-dos(16754)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16754"
"name": "wwwfilesharepro-http-get-dos(16754)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16754"
}
]
}

22
2004/0xxx/CVE-2004-0776.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0776",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0776",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

98
2004/1xxx/CVE-2004-1447.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1447",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1447",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Jetbox One 2.0.8 and possibly other versions stores passwords in the database in plaintext, which could allow attackers to gain sensitive information."
"lang": "eng",
"value": "Jetbox One 2.0.8 and possibly other versions stores passwords in the database in plaintext, which could allow attackers to gain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20040804 vulnerabilities in JetboxOne CMS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/370852"
"name": "http://echo.or.id/adv/adv03-y3dips-2004.txt",
"refsource": "MISC",
"url": "http://echo.or.id/adv/adv03-y3dips-2004.txt"
},
{
"name" : "http://echo.or.id/adv/adv03-y3dips-2004.txt",
"refsource" : "MISC",
"url" : "http://echo.or.id/adv/adv03-y3dips-2004.txt"
"name": "VU#586720",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/586720"
},
{
"name" : "VU#586720",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/586720"
"name": "jetbox-one-plaintext-password(16898)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16898"
},
{
"name" : "10858",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10858"
"name": "8325",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8325"
},
{
"name" : "8325",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/8325"
"name": "10858",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10858"
},
{
"name" : "12230",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12230"
"name": "20040804 vulnerabilities in JetboxOne CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/370852"
},
{
"name" : "jetbox-one-plaintext-password(16898)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16898"
"name": "12230",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12230"
}
]
}

74
2004/1xxx/CVE-2004-1700.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1700",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1700",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in SettingsBase.php in Pinnacle ShowCenter 1.51 build 121 allows remote attackers to inject arbitrary HTML or web script via the Skin parameter, which is echoed in an error message."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SettingsBase.php in Pinnacle ShowCenter 1.51 build 121 allows remote attackers to inject arbitrary HTML or web script via the Skin parameter, which is echoed in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "11415",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11415"
"name": "pinnacle-showcenter-xss(17708)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17708"
},
{
"name" : "12613",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12613"
"name": "11415",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11415"
},
{
"name" : "pinnacle-showcenter-xss(17708)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17708"
"name": "12613",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12613"
}
]
}

92
2004/2xxx/CVE-2004-2238.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2238",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2238",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** DISPUTED ** Format string vulnerability in vsybase.c in vpopmail 5.4.2 and earlier has unknown impact and attack vectors. NOTE: in a followup post, it was observed that the source code used constants that, when compiled, became static format strings. Thus this is not a vulnerability."
"lang": "eng",
"value": "** DISPUTED ** Format string vulnerability in vsybase.c in vpopmail 5.4.2 and earlier has unknown impact and attack vectors. NOTE: in a followup post, it was observed that the source code used constants that, when compiled, became static format strings. Thus this is not a vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20040817 vpopmail <= 5.4.2 (sybase vulnerability)",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-08/0226.html"
"name": "vpopmail-vsybase-format-string(17017)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17017"
},
{
"name" : "20040818 [2Cents on] vpopmail <= 5.4.2 (sybase vulnerability)",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-08/0264.html"
"name": "20040817 vpopmail <= 5.4.2 (sybase vulnerability)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-08/0226.html"
},
{
"name" : "20040819 [Fwd: Re: [vchkpw] vpopmail <= 5.4.2 (sybase vulnerability) (fwd)]",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html"
"name": "20040819 [Fwd: Re: [vchkpw] vpopmail <= 5.4.2 (sybase vulnerability) (fwd)]",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html"
},
{
"name" : "10962",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10962"
"name": "20040818 [2Cents on] vpopmail <= 5.4.2 (sybase vulnerability)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-08/0264.html"
},
{
"name" : "9147",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/9147"
"name": "9147",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9147"
},
{
"name" : "vpopmail-vsybase-format-string(17017)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17017"
"name": "10962",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10962"
}
]
}

74
2004/2xxx/CVE-2004-2545.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2545",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2545",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (SMTP proxy failure) via unknown attack vendors involving an \"extremely busy network.\" NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts after the failure."
"lang": "eng",
"value": "Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (SMTP proxy failure) via unknown attack vendors involving an \"extremely busy network.\" NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts after the failure."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.securecomputing.com/pdf/SW61002Rel_Notes_0512.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.securecomputing.com/pdf/SW61002Rel_Notes_0512.pdf"
"name": "http://www.securecomputing.com/pdf/SW61002Rel_Notes_0512.pdf",
"refsource": "CONFIRM",
"url": "http://www.securecomputing.com/pdf/SW61002Rel_Notes_0512.pdf"
},
{
"name" : "6236",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/6236"
"name": "6236",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6236"
},
{
"name" : "11632",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11632"
"name": "11632",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11632"
}
]
}

68
2004/2xxx/CVE-2004-2659.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2659",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2659",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407."
"lang": "eng",
"value": "Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20040407 Race conditions in security dialogs",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html"
"name": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/",
"refsource": "MISC",
"url": "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/"
},
{
"name" : "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/",
"refsource" : "MISC",
"url" : "http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/"
"name": "20040407 Race conditions in security dialogs",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html"
}
]
}

74
2008/2xxx/CVE-2008-2018.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2018",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2018",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a \"{user.password}\" comment in the profile of the admin user."
"lang": "eng",
"value": "The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a \"{user.password}\" comment in the profile of the admin user."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "5506",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5506"
"name": "phpizabi-templateclass-info-disclosure(42143)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42143"
},
{
"name" : "28954",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28954"
"name": "28954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28954"
},
{
"name" : "phpizabi-templateclass-info-disclosure(42143)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42143"
"name": "5506",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5506"
}
]
}

104
2008/2xxx/CVE-2008-2214.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2214",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2214",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long community string in an SNMP TRAP packet."
"lang": "eng",
"value": "Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long community string in an SNMP TRAP packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080430 Critical Vulnerability in SNMPc",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/491454/100/0/threaded"
"name": "3886",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3886"
},
{
"name" : "http://www.ngssoftware.com/advisories/critical-vulnerability-in-snmpc/",
"refsource" : "MISC",
"url" : "http://www.ngssoftware.com/advisories/critical-vulnerability-in-snmpc/"
"name": "28990",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28990"
},
{
"name" : "28990",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28990"
"name": "snmpc-snmptrap-bo(42104)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42104"
},
{
"name" : "ADV-2008-1403",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1403/references"
"name": "ADV-2008-1403",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1403/references"
},
{
"name" : "1019953",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019953"
"name": "20080430 Critical Vulnerability in SNMPc",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491454/100/0/threaded"
},
{
"name" : "30036",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30036"
"name": "30036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30036"
},
{
"name" : "3886",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3886"
"name": "1019953",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019953"
},
{
"name" : "snmpc-snmptrap-bo(42104)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42104"
"name": "http://www.ngssoftware.com/advisories/critical-vulnerability-in-snmpc/",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/critical-vulnerability-in-snmpc/"
}
]
}

68
2008/2xxx/CVE-2008-2535.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2535",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2535",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to execute arbitrary SQL commands via the del parameter to (1) gbuch.admin.php, (2) links.admin.php, (3) menue.admin.php, (4) news.admin.php, and (5) todo.admin.php in admin/module/."
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to execute arbitrary SQL commands via the del parameter to (1) gbuch.admin.php, (2) links.admin.php, (3) menue.admin.php, (4) news.admin.php, and (5) todo.admin.php in admin/module/."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "5578",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5578"
"name": "5578",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5578"
},
{
"name" : "phoenixview-del-sql-injection(42316)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42316"
"name": "phoenixview-del-sql-injection(42316)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42316"
}
]
}

80
2008/2xxx/CVE-2008-2979.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2979",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2979",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpi/login.php in Ourvideo CMS 9.5 allow remote attackers to inject arbitrary web script or HTML via the (1) top_page and (2) end_page parameters."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpi/login.php in Ourvideo CMS 9.5 allow remote attackers to inject arbitrary web script or HTML via the (1) top_page and (2) end_page parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "5920",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5920"
"name": "3968",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3968"
},
{
"name" : "29909",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29909"
"name": "ourvideocms-login-xss(43313)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43313"
},
{
"name" : "3968",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3968"
"name": "5920",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5920"
},
{
"name" : "ourvideocms-login-xss(43313)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43313"
"name": "29909",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29909"
}
]
}

74
2008/6xxx/CVE-2008-6014.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6014",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6014",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in scripts/links.php in Rianxosencabos CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter."
"lang": "eng",
"value": "SQL injection vulnerability in scripts/links.php in Rianxosencabos CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "6636",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6636"
"name": "6636",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6636"
},
{
"name" : "31502",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31502"
"name": "rianxosencabos-id-sql-injection(45552)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45552"
},
{
"name" : "rianxosencabos-id-sql-injection(45552)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45552"
"name": "31502",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31502"
}
]
}

74
2008/6xxx/CVE-2008-6376.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6376",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6376",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the password (pass parameter)."
"lang": "eng",
"value": "SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the password (pass parameter)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://packetstormsecurity.org/0812-exploits/jbook-disclosesql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0812-exploits/jbook-disclosesql.txt"
"name": "32599",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32599"
},
{
"name" : "32599",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32599"
"name": "jbook-unspecified-sql-injection(47033)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47033"
},
{
"name" : "jbook-unspecified-sql-injection(47033)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47033"
"name": "http://packetstormsecurity.org/0812-exploits/jbook-disclosesql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0812-exploits/jbook-disclosesql.txt"
}
]
}

74
2008/6xxx/CVE-2008-6485.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6485",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6485",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery allows remote attackers to execute arbitrary SQL commands via the ctg parameter."
"lang": "eng",
"value": "SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery allows remote attackers to execute arbitrary SQL commands via the ctg parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "7026",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7026"
"name": "32182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32182"
},
{
"name" : "32182",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32182"
"name": "phpimagegallery-ctg-sql-injection(46436)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46436"
},
{
"name" : "phpimagegallery-ctg-sql-injection(46436)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46436"
"name": "7026",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7026"
}
]
}

86
2008/6xxx/CVE-2008-6584.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6584",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6584",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/ user directory."
"lang": "eng",
"value": "html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/ user directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080418 BitTorrent Clients and CSRF",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/491066/100/0/threaded"
"name": "44645",
"refsource": "OSVDB",
"url": "http://osvdb.org/44645"
},
{
"name" : "28846",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28846"
"name": "29935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29935"
},
{
"name" : "44645",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/44645"
"name": "torrentflux-torrent-code-execution(41925)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41925"
},
{
"name" : "29935",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29935"
"name": "20080418 BitTorrent Clients and CSRF",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491066/100/0/threaded"
},
{
"name" : "torrentflux-torrent-code-execution(41925)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41925"
"name": "28846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28846"
}
]
}

86
2012/1xxx/CVE-2012-1236.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1236",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-1236",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Janetter before 3.3.0.0 (aka 3.3.0) allow remote attackers to hijack the authentication of arbitrary users for requests that (1) tweet, (2) upload an image file, or (3) execute arbitrary commands."
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Janetter before 3.3.0.0 (aka 3.3.0) allow remote attackers to hijack the authentication of arbitrary users for requests that (1) tweet, (2) upload an image file, or (3) execute arbitrary commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://blog.janetter.net/",
"refsource" : "CONFIRM",
"url" : "http://blog.janetter.net/"
"name": "JVNDB-2012-000027",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000027"
},
{
"name" : "http://janetter.net/history.html",
"refsource" : "CONFIRM",
"url" : "http://janetter.net/history.html"
"name": "http://janetter.net/history.html",
"refsource": "CONFIRM",
"url": "http://janetter.net/history.html"
},
{
"name" : "JVN#83459967",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN83459967/index.html"
"name": "48480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48480"
},
{
"name" : "JVNDB-2012-000027",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000027"
"name": "JVN#83459967",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN83459967/index.html"
},
{
"name" : "48480",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48480"
"name": "http://blog.janetter.net/",
"refsource": "CONFIRM",
"url": "http://blog.janetter.net/"
}
]
}

22
2012/1xxx/CVE-2012-1283.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1283",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1283",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

92
2012/5xxx/CVE-2012-5334.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5334",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5334",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter."
"lang": "eng",
"value": "SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "18616",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18616"
"name": "52551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52551"
},
{
"name" : "52551",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52551"
"name": "preprintingpress-multiple-sql-injection(74125)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74125"
},
{
"name" : "80191",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/80191"
"name": "80191",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/80191"
},
{
"name" : "48443",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48443"
"name": "18616",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18616"
},
{
"name" : "preprinting-multiple-sql-injection(74122)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74122"
"name": "48443",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48443"
},
{
"name" : "preprintingpress-multiple-sql-injection(74125)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74125"
"name": "preprinting-multiple-sql-injection(74122)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74122"
}
]
}

128
2012/5xxx/CVE-2012-5616.json
View File

@ -1,116 +1,116 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5616",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5616",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API."
"lang": "eng",
"value": "Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2013/Jan/65"
"name": "http://support.citrix.com/article/CTX136163",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX136163"
},
{
"name" : "[incubator-cloudstack-users] 20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability",
"refsource" : "MLIST",
"url" : "http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201301.mbox/%3C1BD2169F-BBFE-4E27-B50F-F17D7D08B565@stratosec.co%3E"
"name": "89146",
"refsource": "OSVDB",
"url": "http://osvdb.org/89146"
},
{
"name" : "http://support.citrix.com/article/CTX136163",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/article/CTX136163"
"name": "20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Jan/65"
},
{
"name" : "57225",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/57225"
"name": "89147",
"refsource": "OSVDB",
"url": "http://osvdb.org/89147"
},
{
"name" : "57259",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/57259"
"name": "57225",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57225"
},
{
"name" : "89070",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/89070"
"name": "[incubator-cloudstack-users] 20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201301.mbox/%3C1BD2169F-BBFE-4E27-B50F-F17D7D08B565@stratosec.co%3E"
},
{
"name" : "89146",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/89146"
"name": "51821",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51821"
},
{
"name" : "89147",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/89147"
"name": "57259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57259"
},
{
"name" : "1027978",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027978"
"name": "89070",
"refsource": "OSVDB",
"url": "http://osvdb.org/89070"
},
{
"name" : "51366",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51366"
"name": "51366",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51366"
},
{
"name" : "51821",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51821"
"name": "51827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51827"
},
{
"name" : "51827",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51827"
"name": "1027978",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027978"
}
]
}

22
2012/5xxx/CVE-2012-5722.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5722",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5722",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

70
2017/11xxx/CVE-2017-11052.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-10-02T00:00:00",
"ID" : "CVE-2017-11052",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2017-11052",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_NDP cfg80211 vendor command a buffer over-read can occur."
"lang": "eng",
"value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_NDP cfg80211 vendor command a buffer over-read can occur."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/pixel/2017-10-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2017-10-01"
"name": "https://source.android.com/security/bulletin/pixel/2017-10-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2017-10-01"
},
{
"name" : "101160",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101160"
"name": "101160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101160"
}
]
}

22
2017/11xxx/CVE-2017-11266.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11266",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-11266",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}

86
2017/11xxx/CVE-2017-11292.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-11292",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-11292",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Adobe Flash Player version 27.0.0.159 and earlier",
"version" : {
"version_data" : [
"product_name": "Adobe Flash Player version 27.0.0.159 and earlier",
"version": {
"version_data": [
{
"version_value" : "Adobe Flash Player version 27.0.0.159 and earlier"
"version_value": "Adobe Flash Player version 27.0.0.159 and earlier"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution."
"lang": "eng",
"value": "Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "arbitrary code execution"
"lang": "eng",
"value": "arbitrary code execution"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html"
"name": "1039582",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039582"
},
{
"name" : "GLSA-201710-22",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-22"
"name": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-32.html"
},
{
"name" : "RHSA-2017:2899",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2899"
"name": "GLSA-201710-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-22"
},
{
"name" : "101286",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101286"
"name": "101286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101286"
},
{
"name" : "1039582",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039582"
"name": "RHSA-2017:2899",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2899"
}
]
}

80
2017/11xxx/CVE-2017-11464.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11464",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11464",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero."
"lang": "eng",
"value": "A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=783835",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=783835"
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=783835",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=783835"
},
{
"name" : "https://git.gnome.org/browse/librsvg/commit/?id=ecf9267a24b2c3c0cd211dbdfa9ef2232511972a",
"refsource" : "CONFIRM",
"url" : "https://git.gnome.org/browse/librsvg/commit/?id=ecf9267a24b2c3c0cd211dbdfa9ef2232511972a"
"name": "https://git.gnome.org/browse/librsvg/commit/?id=ecf9267a24b2c3c0cd211dbdfa9ef2232511972a",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/librsvg/commit/?id=ecf9267a24b2c3c0cd211dbdfa9ef2232511972a"
},
{
"name" : "https://github.com/GNOME/librsvg/commit/ecf9267a24b2c3c0cd211dbdfa9ef2232511972a",
"refsource" : "CONFIRM",
"url" : "https://github.com/GNOME/librsvg/commit/ecf9267a24b2c3c0cd211dbdfa9ef2232511972a"
"name": "99956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99956"
},
{
"name" : "99956",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99956"
"name": "https://github.com/GNOME/librsvg/commit/ecf9267a24b2c3c0cd211dbdfa9ef2232511972a",
"refsource": "CONFIRM",
"url": "https://github.com/GNOME/librsvg/commit/ecf9267a24b2c3c0cd211dbdfa9ef2232511972a"
}
]
}

68
2017/11xxx/CVE-2017-11539.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11539",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11539",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c."
"lang": "eng",
"value": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/582",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/582"
"name": "99936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99936"
},
{
"name" : "99936",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99936"
"name": "https://github.com/ImageMagick/ImageMagick/issues/582",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/582"
}
]
}

62
2017/11xxx/CVE-2017-11652.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11652",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11652",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file."
"lang": "eng",
"value": "Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://packetstormsecurity.com/files/143516/Razer-Synapse-2.20-DLL-Hijacking.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/143516/Razer-Synapse-2.20-DLL-Hijacking.html"
"name": "http://packetstormsecurity.com/files/143516/Razer-Synapse-2.20-DLL-Hijacking.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/143516/Razer-Synapse-2.20-DLL-Hijacking.html"
}
]
}

76
2017/11xxx/CVE-2017-11815.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-10-10T00:00:00",
"ID" : "CVE-2017-11815",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-10-10T00:00:00",
"ID": "CVE-2017-11815",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Server Block Message (SMB)",
"version" : {
"version_data" : [
"product_name": "Server Block Message (SMB)",
"version": {
"version_data": [
{
"version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016"
"version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability in the way that it handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\"."
"lang": "eng",
"value": "The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability in the way that it handles certain requests, aka \"Windows SMB Information Disclosure Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Information Disclosure"
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11815",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11815"
"name": "1039528",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039528"
},
{
"name" : "101136",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101136"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11815",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11815"
},
{
"name" : "1039528",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039528"
"name": "101136",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101136"
}
]
}

104
2017/15xxx/CVE-2017-15299.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15299",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15299",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call."
"lang": "eng",
"value": "The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1498016",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1498016"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1498016",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1498016"
"name": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1499828.html",
"refsource": "MISC",
"url": "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1499828.html"
},
{
"name" : "https://marc.info/?t=150654188100001&r=1&w=2",
"refsource" : "MISC",
"url" : "https://marc.info/?t=150654188100001&r=1&w=2"
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html"
},
{
"name" : "https://marc.info/?t=150783958600011&r=1&w=2",
"refsource" : "MISC",
"url" : "https://marc.info/?t=150783958600011&r=1&w=2"
"name": "RHSA-2018:0654",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0654"
},
{
"name" : "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1499828.html",
"refsource" : "MISC",
"url" : "https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1499828.html"
"name": "https://marc.info/?t=150654188100001&r=1&w=2",
"refsource": "MISC",
"url": "https://marc.info/?t=150654188100001&r=1&w=2"
},
{
"name" : "RHSA-2018:0654",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0654"
"name": "USN-3798-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3798-1/"
},
{
"name" : "USN-3798-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3798-2/"
"name": "USN-3798-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3798-2/"
},
{
"name" : "USN-3798-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3798-1/"
"name": "https://marc.info/?t=150783958600011&r=1&w=2",
"refsource": "MISC",
"url": "https://marc.info/?t=150783958600011&r=1&w=2"
}
]
}

80
2017/3xxx/CVE-2017-3399.json
View File

@ -1,84 +1,84 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3399",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3399",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Advanced Outbound Telephony",
"version" : {
"version_data" : [
"product_name": "Advanced Outbound Telephony",
"version": {
"version_data": [
{
"version_value" : "12.1.1"
"version_value": "12.1.1"
},
{
"version_value" : "12.1.2"
"version_value": "12.1.2"
},
{
"version_value" : "12.1.3"
"version_value": "12.1.3"
},
{
"version_value" : "12.2.3"
"version_value": "12.2.3"
},
{
"version_value" : "12.2.4"
"version_value": "12.2.4"
},
{
"version_value" : "12.2.5"
"version_value": "12.2.5"
},
{
"version_value" : "12.2.6"
"version_value": "12.2.6"
}
]
}
}
]
},
"vendor_name" : "Oracle"
"vendor_name": "Oracle"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
"lang": "eng",
"value": "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
"name": "95531",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95531"
},
{
"name" : "95531",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95531"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}

162
2017/3xxx/CVE-2017-3509.json
View File

@ -1,145 +1,145 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3509",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3509",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Java",
"version" : {
"version_data" : [
"product_name": "Java",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "Java SE: 6u141"
"version_affected": "=",
"version_value": "Java SE: 6u141"
},
{
"version_affected" : "=",
"version_value" : "7u131"
"version_affected": "=",
"version_value": "7u131"
},
{
"version_affected" : "=",
"version_value" : "8u121; Java SE Embedded: 8u121"
"version_affected": "=",
"version_value": "8u121; Java SE Embedded: 8u121"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data."
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
"name": "RHSA-2017:1221",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1221"
},
{
"name" : "DSA-3858",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3858"
"name": "GLSA-201705-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-03"
},
{
"name" : "GLSA-201705-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201705-03"
"name": "RHSA-2017:1220",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1220"
},
{
"name" : "GLSA-201707-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201707-01"
"name": "RHSA-2017:1117",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1117"
},
{
"name" : "RHSA-2017:3453",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3453"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name" : "RHSA-2017:1108",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1108"
"name": "RHSA-2017:1109",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1109"
},
{
"name" : "RHSA-2017:1109",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1109"
"name": "1038286",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038286"
},
{
"name" : "RHSA-2017:1117",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1117"
"name": "DSA-3858",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3858"
},
{
"name" : "RHSA-2017:1118",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1118"
"name": "RHSA-2017:1108",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1108"
},
{
"name" : "RHSA-2017:1119",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1119"
"name": "RHSA-2017:1204",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1204"
},
{
"name" : "RHSA-2017:1204",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1204"
"name": "RHSA-2017:1118",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1118"
},
{
"name" : "RHSA-2017:1220",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1220"
"name": "GLSA-201707-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-01"
},
{
"name" : "RHSA-2017:1221",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1221"
"name": "RHSA-2017:1222",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1222"
},
{
"name" : "RHSA-2017:1222",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1222"
"name": "RHSA-2017:3453",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"name" : "97737",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97737"
"name": "97737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97737"
},
{
"name" : "1038286",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038286"
"name": "RHSA-2017:1119",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1119"
}
]
}

22
2017/3xxx/CVE-2017-3900.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3900",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-3900",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

104
2017/3xxx/CVE-2017-3960.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@mcafee.com",
"ID" : "CVE-2017-3960",
"STATE" : "PUBLIC",
"TITLE" : "McAfee Network Security Management (NSM) - Exploitation of Authorization vulnerability"
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2017-3960",
"STATE": "PUBLIC",
"TITLE": "McAfee Network Security Management (NSM) - Exploitation of Authorization vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Network Security Management (NSM)",
"version" : {
"version_data" : [
"product_name": "Network Security Management (NSM)",
"version": {
"version_data": [
{
"affected" : "<",
"platform" : "x86",
"version_name" : "8",
"version_value" : "8.2.7.42.2"
"affected": "<",
"platform": "x86",
"version_name": "8",
"version_value": "8.2.7.42.2"
}
]
}
}
]
},
"vendor_name" : "McAfee"
"vendor_name": "McAfee"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter."
"lang": "eng",
"value": "Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "LOW",
"baseScore" : 5.9,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "HIGH",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version" : "3.0"
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Exploitation of Authorization vulnerability"
"lang": "eng",
"value": "Exploitation of Authorization vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10192",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10192"
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192"
}
]
},
"source" : {
"advisory" : "SB10192",
"discovery" : "UNKNOWN"
"source": {
"advisory": "SB10192",
"discovery": "UNKNOWN"
}
}

70
2017/8xxx/CVE-2017-8191.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00",
"ID" : "CVE-2017-8191",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8191",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "FusionSphere OpenStack",
"version" : {
"version_data" : [
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value" : "V100R006C00SPC102(NFV)"
"version_value": "V100R006C00SPC102(NFV)"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links."
"lang": "eng",
"value": "FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "week cryptographic algorithm"
"lang": "eng",
"value": "week cryptographic algorithm"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
},
{
"name" : "102282",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102282"
"name": "102282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102282"
}
]
}

68
2017/8xxx/CVE-2017-8233.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2017-8233",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-8233",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "All Qualcomm products",
"version" : {
"version_data" : [
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array potentially leading to an out-of-bounds heap write."
"lang": "eng",
"value": "In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array potentially leading to an out-of-bounds heap write."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Improper Validation of Array Index in Camera"
"lang": "eng",
"value": "Improper Validation of Array Index in Camera"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/2017-06-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-06-01"
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name" : "1038623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038623"
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}

22
2017/8xxx/CVE-2017-8505.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8505",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8505",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

70
2017/8xxx/CVE-2017-8562.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-07-11T00:00:00",
"ID" : "CVE-2017-8562",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-8562",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703.",
"version" : {
"version_data" : [
"product_name": "Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703.",
"version": {
"version_data": [
{
"version_value" : "Microsoft Windows"
"version_value": "Microsoft Windows"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows improperly handling calls to Advanced Local Procedure Call (ALPC), aka \"Windows ALPC Elevation of Privilege Vulnerability\"."
"lang": "eng",
"value": "Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows improperly handling calls to Advanced Local Procedure Call (ALPC), aka \"Windows ALPC Elevation of Privilege Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8562",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8562"
"name": "99397",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99397"
},
{
"name" : "99397",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99397"
"name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8562",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8562"
}
]
}

76
2017/8xxx/CVE-2017-8642.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00",
"ID" : "CVE-2017-8642",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-8642",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value" : "Microsoft Windows 10 1703."
"version_value": "Microsoft Windows 10 1703."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka \"Microsoft Edge Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-8503."
"lang": "eng",
"value": "Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka \"Microsoft Edge Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-8503."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8642",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8642"
"name": "100046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100046"
},
{
"name" : "100046",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100046"
"name": "1039101",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039101"
},
{
"name" : "1039101",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039101"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8642",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8642"
}
]
}

62
2018/10xxx/CVE-2018-10075.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10075",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10075",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Zoho ManageEngine EventLog Analyzer 11.12 allows remote attackers to inject arbitrary web script or HTML via the import logs feature."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.manageengine.com/products/eventlog/release-notes.html",
"refsource" : "CONFIRM",
"url" : "https://www.manageengine.com/products/eventlog/release-notes.html"
"name": "https://www.manageengine.com/products/eventlog/release-notes.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/eventlog/release-notes.html"
}
]
}

64
2018/12xxx/CVE-2018-12173.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2018-10-09T00:00:00",
"ID" : "CVE-2018-12173",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-10-09T00:00:00",
"ID": "CVE-2018-12173",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Intel Server Boards Firmware",
"version" : {
"version_data" : [
"product_name": "Intel Server Boards Firmware",
"version": {
"version_data": [
{
"version_value" : "before 00.01.0014"
"version_value": "before 00.01.0014"
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access."
"lang": "eng",
"value": "Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Escalation of Privilege, Denial of Service, Information Disclosure"
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00179.html",
"refsource" : "CONFIRM",
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00179.html"
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00179.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00179.html"
}
]
}

62
2018/12xxx/CVE-2018-12353.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12353",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12353",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the \"Business Model's Catalogue\" catalogue."
"lang": "eng",
"value": "Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the \"Business Model's Catalogue\" catalogue."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://medium.com/stolabs/security-issue-on-knowage-spagobi-ec539a68e55",
"refsource" : "MISC",
"url" : "https://medium.com/stolabs/security-issue-on-knowage-spagobi-ec539a68e55"
"name": "https://medium.com/stolabs/security-issue-on-knowage-spagobi-ec539a68e55",
"refsource": "MISC",
"url": "https://medium.com/stolabs/security-issue-on-knowage-spagobi-ec539a68e55"
}
]
}

74
2018/12xxx/CVE-2018-12435.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12435",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12435",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host."
"lang": "eng",
"value": "Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/",
"refsource" : "MISC",
"url" : "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/"
"name": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/",
"refsource": "MISC",
"url": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/"
},
{
"name" : "https://botan.randombit.net/security.html",
"refsource" : "CONFIRM",
"url" : "https://botan.randombit.net/security.html"
"name": "https://botan.randombit.net/security.html",
"refsource": "CONFIRM",
"url": "https://botan.randombit.net/security.html"
},
{
"name" : "https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3",
"refsource" : "CONFIRM",
"url" : "https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3"
"name": "https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3",
"refsource": "CONFIRM",
"url": "https://github.com/randombit/botan/commit/48fc8df51d99f9d8ba251219367b3d629cc848e3"
}
]
}

62
2018/12xxx/CVE-2018-12501.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12501",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12501",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335."
"lang": "eng",
"value": "Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.nagios.com/downloads/nagios-fusion/change-log/",
"refsource" : "CONFIRM",
"url" : "https://www.nagios.com/downloads/nagios-fusion/change-log/"
"name": "https://www.nagios.com/downloads/nagios-fusion/change-log/",
"refsource": "CONFIRM",
"url": "https://www.nagios.com/downloads/nagios-fusion/change-log/"
}
]
}

62
2018/12xxx/CVE-2018-12920.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12920",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12920",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basic.html#datadelivery URI."
"lang": "eng",
"value": "Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basic.html#datadelivery URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.seebug.org/vuldb/ssvid-97370",
"refsource" : "MISC",
"url" : "https://www.seebug.org/vuldb/ssvid-97370"
"name": "https://www.seebug.org/vuldb/ssvid-97370",
"refsource": "MISC",
"url": "https://www.seebug.org/vuldb/ssvid-97370"
}
]
}

86
2018/13xxx/CVE-2018-13110.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13110",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13110",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks."
"lang": "eng",
"value": "All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20180704 SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/542118/100/0/threaded"
"name": "https://www.sec-consult.com/en/blog/advisories/privilege-escalation-via-linux-group-manipulation-in-all-adb-broadband-gateways-routers/",
"refsource": "MISC",
"url": "https://www.sec-consult.com/en/blog/advisories/privilege-escalation-via-linux-group-manipulation-in-all-adb-broadband-gateways-routers/"
},
{
"name" : "44984",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44984/"
"name": "20180704 SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/542118/100/0/threaded"
},
{
"name" : "20180704 SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Jul/19"
"name": "44984",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44984/"
},
{
"name" : "http://packetstormsecurity.com/files/148430/ADB-Group-Manipulation-Privilege-Escalation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/148430/ADB-Group-Manipulation-Privilege-Escalation.html"
"name": "http://packetstormsecurity.com/files/148430/ADB-Group-Manipulation-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148430/ADB-Group-Manipulation-Privilege-Escalation.html"
},
{
"name" : "https://www.sec-consult.com/en/blog/advisories/privilege-escalation-via-linux-group-manipulation-in-all-adb-broadband-gateways-routers/",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/en/blog/advisories/privilege-escalation-via-linux-group-manipulation-in-all-adb-broadband-gateways-routers/"
"name": "20180704 SEC Consult SA-20180704-2 :: Privilege escalation via linux group manipulation in all ADB Broadband Gateways / Routers",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jul/19"
}
]
}

22
2018/13xxx/CVE-2018-13141.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13141",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13141",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2018/13xxx/CVE-2018-13170.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13170",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13170",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for Snoqualmie Coin (SNOW), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for Snoqualmie Coin (SNOW), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SnoqualmieCoin",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SnoqualmieCoin"
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SnoqualmieCoin",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SnoqualmieCoin"
}
]
}

68
2018/13xxx/CVE-2018-13211.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13211",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13211",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The sell function of a smart contract implementation for MyToken, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets."
"lang": "eng",
"value": "The sell function of a smart contract implementation for MyToken, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md"
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyToken",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyToken"
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyToken",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MyToken"
}
]
}

22
2018/13xxx/CVE-2018-13910.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13910",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13910",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/13xxx/CVE-2018-13979.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13979",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13979",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/13xxx/CVE-2018-13986.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13986",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13986",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2018/16xxx/CVE-2018-16149.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16149",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16149",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Consequently, when small public exponents are being used, a remote attacker can generate purposefully crafted signatures (and put them on X.509 certificates) to induce illegal memory access and crash the verifier."
"lang": "eng",
"value": "In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Consequently, when small public exponents are being used, a remote attacker can generate purposefully crafted signatures (and put them on X.509 certificates) to induce illegal memory access and crash the verifier."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[axtls-general] 20181105 Re: Problems of PKCS#1 v1.5 RSA Signature Verification",
"refsource" : "MLIST",
"url" : "https://sourceforge.net/p/axtls/mailman/message/36459928/"
"name": "https://github.com/igrr/axtls-8266/commit/5efe2947ab45e81d84b5f707c51d1c64be52f36c",
"refsource": "CONFIRM",
"url": "https://github.com/igrr/axtls-8266/commit/5efe2947ab45e81d84b5f707c51d1c64be52f36c"
},
{
"name" : "https://github.com/igrr/axtls-8266/commit/5efe2947ab45e81d84b5f707c51d1c64be52f36c",
"refsource" : "CONFIRM",
"url" : "https://github.com/igrr/axtls-8266/commit/5efe2947ab45e81d84b5f707c51d1c64be52f36c"
"name": "[axtls-general] 20181105 Re: Problems of PKCS#1 v1.5 RSA Signature Verification",
"refsource": "MLIST",
"url": "https://sourceforge.net/p/axtls/mailman/message/36459928/"
}
]
}

80
2018/16xxx/CVE-2018-16793.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16793",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16793",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page."
"lang": "eng",
"value": "Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20180917 Disclose SSRF Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "https://seclists.org/bugtraq/2018/Sep/38"
"name": "http://packetstormsecurity.com/files/149411/Rollup-18-For-Microsoft-Exchange-Server-2010-SP3-Server-Side-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/149411/Rollup-18-For-Microsoft-Exchange-Server-2010-SP3-Server-Side-Request-Forgery.html"
},
{
"name" : "20180917 Disclose SSRF Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Sep/20"
"name": "20180917 Disclose SSRF Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Sep/20"
},
{
"name" : "http://packetstormsecurity.com/files/149411/Rollup-18-For-Microsoft-Exchange-Server-2010-SP3-Server-Side-Request-Forgery.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/149411/Rollup-18-For-Microsoft-Exchange-Server-2010-SP3-Server-Side-Request-Forgery.html"
"name": "105386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105386"
},
{
"name" : "105386",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105386"
"name": "20180917 Disclose SSRF Vulnerability",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2018/Sep/38"
}
]
}

22
2018/16xxx/CVE-2018-16897.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16897",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16897",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/16xxx/CVE-2018-16917.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16917",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16917",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/17xxx/CVE-2018-17080.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17080",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17080",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/17xxx/CVE-2018-17168.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17168",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17168",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

94
2018/17xxx/CVE-2018-17470.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17470",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-17470",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected" : "<",
"version_value" : "70.0.3538.67"
"version_affected": "<",
"version_value": "70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
"vendor_name": "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page."
"lang": "eng",
"value": "A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Heap buffer overflow"
"lang": "eng",
"value": "Heap buffer overflow"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://crbug.com/877874",
"refsource" : "MISC",
"url" : "https://crbug.com/877874"
"name": "DSA-4330",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4330"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
"name": "RHSA-2018:3004",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name" : "DSA-4330",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4330"
"name": "GLSA-201811-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-10"
},
{
"name" : "GLSA-201811-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-10"
"name": "https://crbug.com/877874",
"refsource": "MISC",
"url": "https://crbug.com/877874"
},
{
"name" : "RHSA-2018:3004",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3004"
"name": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"name" : "105666",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105666"
"name": "105666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105666"
}
]
}

68
2018/17xxx/CVE-2018-17620.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-17620",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-17620",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value" : "9.0.1.5096"
"version_value": "9.0.1.5096"
}
]
}
}
]
},
"vendor_name" : "Foxit"
"vendor_name": "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6353."
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6353."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-416-Use After Free"
"lang": "eng",
"value": "CWE-416-Use After Free"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-1101",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-1101"
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
"name": "https://zerodayinitiative.com/advisories/ZDI-18-1101",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-1101"
}
]
}