admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:28:06 +00:00
parent 05432b9e76
commit 99610ab358
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 3834 additions and 3834 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
2004/0xxx/CVE-2004-0158.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0158", "ID": "CVE-2004-0158",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in lbreakout2 allows local users to gain 'games' group privileges via a large HOME environment variable to (1) editor.c, (2) theme.c, (3) manager.c, (4) config.c, (5) game.c, (6) levels.c, or (7) main.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040222 lbreakout2 < 2.4beta-2 local exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=107755821705356&w=2" "lang": "eng",
}, "value": "Buffer overflow in lbreakout2 allows local users to gain 'games' group privileges via a large HOME environment variable to (1) editor.c, (2) theme.c, (3) manager.c, (4) config.c, (5) game.c, (6) levels.c, or (7) main.c."
{ }
"name" : "DSA-445", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2004/dsa-445" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1.diff.gz", "description": [
"refsource" : "CONFIRM", {
"url" : "http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1.diff.gz" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "9712", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/9712" ]
}, },
{ "references": {
"name" : "breakout2-home-bo(15229)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15229" "name": "DSA-445",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2004/dsa-445"
} },
{
"name": "breakout2-home-bo(15229)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15229"
},
{
"name": "20040222 lbreakout2 < 2.4beta-2 local exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107755821705356&w=2"
},
{
"name": "http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1.diff.gz",
"refsource": "CONFIRM",
"url": "http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1.diff.gz"
},
{
"name": "9712",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9712"
}
]
}
} }

298
2004/0xxx/CVE-2004-0179.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0179", "ID": "CVE-2004-0179",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040416 void.at - neon format string bugs", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=108214147022626&w=2" "lang": "eng",
}, "value": "Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code."
{ }
"name" : "DSA-487", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2004/dsa-487" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2004-1552", "description": [
"refsource" : "FEDORA", {
"url" : "https://bugzilla.fedora.us/show_bug.cgi?id=1552" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2004:157", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2004-157.html" ]
}, },
{ "references": {
"name" : "RHSA-2004:158", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-158.html" "name": "10136",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/10136"
"name" : "RHSA-2004:159", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-159.html" "name": "GLSA-200405-04",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200405-04.xml"
"name" : "RHSA-2004:160", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-160.html" "name": "RHSA-2004:157",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2004-157.html"
"name" : "20040404-01-U", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc" "name": "20040416 [OpenPKG-SA-2004.016] OpenPKG Security Advisory (neon)",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=108213873203477&w=2"
"name" : "SuSE-SA:2004:008", },
"refsource" : "SUSE", {
"url" : "http://lists.suse.com/archive/suse-security-announce/2004-Apr/0003.html" "name": "GLSA-200405-01",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200405-01.xml"
"name" : "SuSE-SA:2004:009", },
"refsource" : "SUSE", {
"url" : "http://lists.suse.com/archive/suse-security-announce/2004-Apr/0002.html" "name": "RHSA-2004:160",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2004-160.html"
"name" : "20040416 [OpenPKG-SA-2004.016] OpenPKG Security Advisory (neon)", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=108213873203477&w=2" "name": "MDKSA-2004:032",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:032"
"name" : "GLSA-200405-01", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200405-01.xml" "name": "DSA-487",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2004/dsa-487"
"name" : "GLSA-200405-04", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200405-04.xml" "name": "oval:org.mitre.oval:def:1065",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1065"
"name" : "MDKSA-2004:032", },
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:032" "name": "oval:org.mitre.oval:def:10913",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10913"
"name" : "10136", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10136" "name": "SuSE-SA:2004:009",
}, "refsource": "SUSE",
{ "url": "http://lists.suse.com/archive/suse-security-announce/2004-Apr/0002.html"
"name" : "5365", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/5365" "name": "20040404-01-U",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
"name" : "oval:org.mitre.oval:def:1065", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1065" "name": "RHSA-2004:158",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2004-158.html"
"name" : "oval:org.mitre.oval:def:10913", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10913" "name": "RHSA-2004:159",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2004-159.html"
"name" : "11363", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11363" "name": "20040416 void.at - neon format string bugs",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=108214147022626&w=2"
} },
{
"name": "11363",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11363"
},
{
"name": "SuSE-SA:2004:008",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2004-Apr/0003.html"
},
{
"name": "FEDORA-2004-1552",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1552"
},
{
"name": "5365",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5365"
}
]
}
} }

138
2004/0xxx/CVE-2004-0254.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0254", "ID": "CVE-2004-0254",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040205 Possible Cross Site Scripting in Discuz! Board", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=107606726417150&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag."
{ }
"name" : "9584", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/9584" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "discuzboard-image-tag-xss(15066)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15066" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "9584",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9584"
},
{
"name": "discuzboard-image-tag-xss(15066)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15066"
},
{
"name": "20040205 Possible Cross Site Scripting in Discuz! Board",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107606726417150&w=2"
}
]
}
} }

148
2004/0xxx/CVE-2004-0326.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0326", "ID": "CVE-2004-0326",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote attackers to execute arbitrary code via a long GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040222 GateKeeper Pro 4.7 buffer overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=107755692400728&w=2" "lang": "eng",
}, "value": "Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote attackers to execute arbitrary code via a long GET request."
{ }
"name" : "20040222 GateKeeper Pro 4.7 buffer overflow", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017703.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "9716", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/9716" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "gatekeeper-long-get-bo(15277)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15277" ]
} },
] "references": {
} "reference_data": [
{
"name": "20040222 GateKeeper Pro 4.7 buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107755692400728&w=2"
},
{
"name": "9716",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9716"
},
{
"name": "20040222 GateKeeper Pro 4.7 buffer overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017703.html"
},
{
"name": "gatekeeper-long-get-bo(15277)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15277"
}
]
}
} }

278
2004/1xxx/CVE-2004-1017.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1017", "ID": "CVE-2004-1017",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple \"overflows\" in the io_edgeport driver for Linux kernel 2.4.x have unknown impact and unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-1017", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1017" "lang": "eng",
}, "value": "Multiple \"overflows\" in the io_edgeport driver for Linux kernel 2.4.x have unknown impact and unknown attack vectors."
{ }
"name" : "DSA-1070", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2006/dsa-1070" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-1067", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1067" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-1069", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2006/dsa-1069" ]
}, },
{ "references": {
"name" : "DSA-1082", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1082" "name": "20163",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20163"
"name" : "FLSA:2336", },
"refsource" : "FEDORA", {
"url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2336" "name": "DSA-1082",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1082"
"name" : "RHSA-2004:689", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-689.html" "name": "12102",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/12102"
"name" : "RHSA-2005:016", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-016.html" "name": "RHSA-2005:017",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2005-017.html"
"name" : "RHSA-2005:017", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-017.html" "name": "FLSA:2336",
}, "refsource": "FEDORA",
{ "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2336"
"name" : "12102", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/12102" "name": "DSA-1070",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1070"
"name" : "oval:org.mitre.oval:def:9786", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9786" "name": "RHSA-2004:689",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2004-689.html"
"name" : "19374", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19374" "name": "RHSA-2005:016",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2005-016.html"
"name" : "20162", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20162" "name": "20162",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20162"
"name" : "20163", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20163" "name": "DSA-1067",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1067"
"name" : "20202", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20202" "name": "DSA-1069",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1069"
"name" : "20338", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20338" "name": "oval:org.mitre.oval:def:9786",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9786"
"name" : "linux-ioedgeport-bo(18433)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18433" "name": "DSA-1017",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2006/dsa-1017"
} },
{
"name": "20202",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20202"
},
{
"name": "linux-ioedgeport-bo(18433)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18433"
},
{
"name": "19374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19374"
},
{
"name": "20338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20338"
}
]
}
} }

208
2004/1xxx/CVE-2004-1350.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1350", "ID": "CVE-2004-1350",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Sun Java System Web Proxy Server (formerly Sun ONE Proxy Server) 3.6 through 3.6 SP4 allow remote attackers to execute arbitrary code via unknown vectors, possibly CONNECT requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.pentest.co.uk/documents/ptl-2004-06.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.pentest.co.uk/documents/ptl-2004-06.html" "lang": "eng",
}, "value": "Multiple buffer overflows in Sun Java System Web Proxy Server (formerly Sun ONE Proxy Server) 3.6 through 3.6 SP4 allow remote attackers to execute arbitrary code via unknown vectors, possibly CONNECT requests."
{ }
"name" : "57606", ]
"refsource" : "SUNALERT", },
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57606-1&searchclause=security" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#964401", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/964401" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "P-027", ]
"refsource" : "CIAC", }
"url" : "http://www.ciac.org/ciac/bulletins/p-027.shtml" ]
}, },
{ "references": {
"name" : "ESB-2004.0691", "reference_data": [
"refsource" : "AUSCERT", {
"url" : "http://www.auscert.org.au/render.html?it=4516" "name": "11566",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/11566"
"name" : "11566", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11566" "name": "1012005",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1012005"
"name" : "11304", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=11304" "name": "http://www.pentest.co.uk/documents/ptl-2004-06.html",
}, "refsource": "MISC",
{ "url": "http://www.pentest.co.uk/documents/ptl-2004-06.html"
"name" : "1012005", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1012005" "name": "57606",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57606-1&searchclause=security"
"name" : "13036", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/13036/" "name": "VU#964401",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/964401"
"name" : "sun-web-proxy-bo(17920)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17920" "name": "P-027",
} "refsource": "CIAC",
] "url": "http://www.ciac.org/ciac/bulletins/p-027.shtml"
} },
{
"name": "ESB-2004.0691",
"refsource": "AUSCERT",
"url": "http://www.auscert.org.au/render.html?it=4516"
},
{
"name": "11304",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=11304"
},
{
"name": "13036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13036/"
},
{
"name": "sun-web-proxy-bo(17920)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17920"
}
]
}
} }

148
2004/1xxx/CVE-2004-1659.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1659", "ID": "CVE-2004-1659",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040902 [hackgen-2004-#001] - Non-critacal Cross-Site Scripting bug in CuteNews", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109415338521881&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter."
{ }
"name" : "11097", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/11097" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "12432", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12432" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "cutenews-mod-xss(17214)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17214" ]
} },
] "references": {
} "reference_data": [
{
"name": "12432",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12432"
},
{
"name": "11097",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11097"
},
{
"name": "20040902 [hackgen-2004-#001] - Non-critacal Cross-Site Scripting bug in CuteNews",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109415338521881&w=2"
},
{
"name": "cutenews-mod-xss(17214)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17214"
}
]
}
} }

128
2004/2xxx/CVE-2004-2189.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2189", "ID": "CVE-2004-2189",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in DMXReady Site Chassis Manager allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.maxpatrol.com/mp_advisory.asp", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.maxpatrol.com/mp_advisory.asp" "lang": "eng",
}, "value": "SQL injection vulnerability in DMXReady Site Chassis Manager allows remote attackers to execute arbitrary SQL commands via unknown vectors."
{ }
"name" : "11434", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/11434" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.maxpatrol.com/mp_advisory.asp",
"refsource": "MISC",
"url": "http://www.maxpatrol.com/mp_advisory.asp"
},
{
"name": "11434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11434"
}
]
}
} }

168
2004/2xxx/CVE-2004-2589.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2589", "ID": "CVE-2004-2589",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Gaim before 0.82 allows remote servers to cause a denial of service (application crash) via a long HTTP Content-Length header, which causes Gaim to abort when attempting to allocate memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://gaim.sourceforge.net/security/?id=6", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://gaim.sourceforge.net/security/?id=6" "lang": "eng",
}, "value": "Gaim before 0.82 allows remote servers to cause a denial of service (application crash) via a long HTTP Content-Length header, which causes Gaim to abort when attempting to allocate memory."
{ }
"name" : "11056", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/11056" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "9264", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/9264" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1011083", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1011083" ]
}, },
{ "references": {
"name" : "12383", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12383" "name": "gaim-content-length-dos(17150)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17150"
"name" : "gaim-content-length-dos(17150)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17150" "name": "9264",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/9264"
} },
{
"name": "1011083",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011083"
},
{
"name": "http://gaim.sourceforge.net/security/?id=6",
"refsource": "CONFIRM",
"url": "http://gaim.sourceforge.net/security/?id=6"
},
{
"name": "11056",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11056"
},
{
"name": "12383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12383"
}
]
}
} }

158
2008/2xxx/CVE-2008-2020.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2020", "ID": "CVE-2008-2020",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080419 Deciphering the PHP-Nuke Capthca", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/491127/100/0/threaded" "lang": "eng",
}, "value": "The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings."
{ }
"name" : "http://www.rooksecurity.com/blog/?p=6", ]
"refsource" : "MISC", },
"url" : "http://www.rooksecurity.com/blog/?p=6" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "28877", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28877" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3834", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/3834" ]
}, },
{ "references": {
"name" : "captcha-imagestring-codebg-weak-security(42152)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42152" "name": "20080419 Deciphering the PHP-Nuke Capthca",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/491127/100/0/threaded"
} },
{
"name": "3834",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3834"
},
{
"name": "captcha-imagestring-codebg-weak-security(42152)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42152"
},
{
"name": "28877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28877"
},
{
"name": "http://www.rooksecurity.com/blog/?p=6",
"refsource": "MISC",
"url": "http://www.rooksecurity.com/blog/?p=6"
}
]
}
} }

168
2008/2xxx/CVE-2008-2448.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2448", "ID": "CVE-2008-2448",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) admin/duzenle.asp and (b) admin_oku.asp; the (2) kid parameter to (c) kategori.asp and (d) admin_kategori.asp; and unspecified parameters to (e) uye.asp and (f) oku.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5608", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5608" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) admin/duzenle.asp and (b) admin_oku.asp; the (2) kid parameter to (c) kategori.asp and (d) admin_kategori.asp; and unspecified parameters to (e) uye.asp and (f) oku.asp."
{ }
"name" : "29189", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29189" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "29192", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29192" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "30233", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/30233" ]
}, },
{ "references": {
"name" : "metoforum-kategori-sql-injection(42398)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42398" "name": "29192",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/29192"
"name" : "metoforum-multiple-sql-injection(42390)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42390" "name": "metoforum-multiple-sql-injection(42390)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42390"
} },
{
"name": "29189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29189"
},
{
"name": "5608",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5608"
},
{
"name": "metoforum-kategori-sql-injection(42398)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42398"
},
{
"name": "30233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30233"
}
]
}
} }

188
2008/2xxx/CVE-2008-2701.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2701", "ID": "CVE-2008-2701",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081204 Joomla Component GameQ", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/498903/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php."
{ }
"name" : "20081204 Re: Joomla Component GameQ", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/498923/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5752", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5752" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.org/0806-exploits/joomlagameq-sql.txt", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.org/0806-exploits/joomlagameq-sql.txt" ]
}, },
{ "references": {
"name" : "29592", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29592" "name": "http://packetstormsecurity.org/0806-exploits/joomlagameq-sql.txt",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.org/0806-exploits/joomlagameq-sql.txt"
"name" : "32633", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/32633" "name": "gameq-index-sql-injection(42929)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42929"
"name" : "30570", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30570" "name": "30570",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30570"
"name" : "gameq-index-sql-injection(42929)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42929" "name": "5752",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/5752"
} },
{
"name": "20081204 Joomla Component GameQ",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498903/100/0/threaded"
},
{
"name": "32633",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32633"
},
{
"name": "20081204 Re: Joomla Component GameQ",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498923/100/0/threaded"
},
{
"name": "29592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29592"
}
]
}
} }

178
2008/2xxx/CVE-2008-2703.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2703", "ID": "CVE-2008-2703",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via \"spoofed server responses\" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080704 Novell GroupWise Messenger Client (GWIM) Remote Stack Overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/493964/100/0/threaded" "lang": "eng",
}, "value": "Multiple stack-based buffer overflows in Novell GroupWise Messenger (GWIM) Client before 2.0.3 HP1 for Windows allow remote attackers to execute arbitrary code via \"spoofed server responses\" that contain a long string after the NM_A_SZ_TRANSACTION_ID field name."
{ }
"name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5026700.html", ]
"refsource" : "CONFIRM", },
"url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5026700.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "29602", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29602" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-1764", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/1764/references" ]
}, },
{ "references": {
"name" : "1020209", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020209" "name": "29602",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/29602"
"name" : "30576", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30576" "name": "30576",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30576"
"name" : "groupwise-messenger-client-bo(42917)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42917" "name": "groupwise-messenger-client-bo(42917)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42917"
} },
{
"name": "1020209",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020209"
},
{
"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5026700.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5026700.html"
},
{
"name": "20080704 Novell GroupWise Messenger Client (GWIM) Remote Stack Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493964/100/0/threaded"
},
{
"name": "ADV-2008-1764",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1764/references"
}
]
}
} }

32
2008/2xxx/CVE-2008-2728.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2008-2728", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2008-2728",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-2726. Reason: This candidate is a duplicate of CVE-2008-2726. Notes: All CVE users should reference CVE-2008-2726 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-2726. Reason: This candidate is a duplicate of CVE-2008-2726. Notes: All CVE users should reference CVE-2008-2726 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

32
2008/3xxx/CVE-2008-3086.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2008-3086", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2008-3086",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none."
} }
] ]
} }
} }

158
2008/3xxx/CVE-2008-3500.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3500", "ID": "CVE-2008-3500",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Suggested Terms module 5.x before 5.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via crafted Taxonomy terms."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://drupal.org/node/274919", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/274919" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Suggested Terms module 5.x before 5.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via crafted Taxonomy terms."
{ }
"name" : "29953", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29953" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-1931", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1931/references" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "30846", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/30846" ]
}, },
{ "references": {
"name" : "suggestedterms-taxonomy-xss(43363)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43363" "name": "29953",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/29953"
} },
{
"name": "http://drupal.org/node/274919",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/274919"
},
{
"name": "ADV-2008-1931",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1931/references"
},
{
"name": "30846",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30846"
},
{
"name": "suggestedterms-taxonomy-xss(43363)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43363"
}
]
}
} }

168
2008/3xxx/CVE-2008-3670.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3670", "ID": "CVE-2008-3670",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in authordetail.php in Article Friendly Pro allows remote attackers to execute arbitrary SQL commands via the autid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6167", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6167" "lang": "eng",
}, "value": "SQL injection vulnerability in authordetail.php in Article Friendly Pro allows remote attackers to execute arbitrary SQL commands via the autid parameter."
{ }
"name" : "30452", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30452" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-2255", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2255/references" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "31292", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/31292" ]
}, },
{ "references": {
"name" : "4149", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4149" "name": "4149",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/4149"
"name" : "articlefriendly-authordetail-sql-injection(44120)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44120" "name": "articlefriendly-authordetail-sql-injection(44120)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44120"
} },
{
"name": "ADV-2008-2255",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2255/references"
},
{
"name": "31292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31292"
},
{
"name": "30452",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30452"
},
{
"name": "6167",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6167"
}
]
}
} }

148
2008/6xxx/CVE-2008-6256.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6256", "ID": "CVE-2008-6256",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinfo[recurring] parameter, a different vector than CVE-2005-3022."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081117 [waraxe-2008-SA#068] - Sql Injection in vBulletin 3.7.3.pl1", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/498369/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinfo[recurring] parameter, a different vector than CVE-2005-3022."
{ }
"name" : "http://www.waraxe.us/advisory-68.html", ]
"refsource" : "MISC", },
"url" : "http://www.waraxe.us/advisory-68.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "32735", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32735" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "vbulletin-admincalendar-sql-injection(46683)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46683" ]
} },
] "references": {
} "reference_data": [
{
"name": "vbulletin-admincalendar-sql-injection(46683)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46683"
},
{
"name": "20081117 [waraxe-2008-SA#068] - Sql Injection in vBulletin 3.7.3.pl1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498369/100/0/threaded"
},
{
"name": "http://www.waraxe.us/advisory-68.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-68.html"
},
{
"name": "32735",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32735"
}
]
}
} }

138
2008/6xxx/CVE-2008-6357.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6357", "ID": "CVE-2008-6357",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to mycal.mdb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7420", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7420" "lang": "eng",
}, "value": "MyCal Personal Events Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing the username and password via a direct request to mycal.mdb."
{ }
"name" : "34261", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/34261" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "mycal-mycal-information-disclosure(47266)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47266" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "7420",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7420"
},
{
"name": "34261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34261"
},
{
"name": "mycal-mycal-information-disclosure(47266)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47266"
}
]
}
} }

148
2008/6xxx/CVE-2008-6444.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6444", "ID": "CVE-2008-6444",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might allow remote attackers to execute arbitrary code via a crafted packet, probably related to an improper length value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080913 Baidu Hi IM software parsing plaintext stack overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/496322/100/0/threaded" "lang": "eng",
}, "value": "Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might allow remote attackers to execute arbitrary code via a crafted packet, probably related to an improper length value."
{ }
"name" : "31162", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31162" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "51696", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/51696" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "baiduhi-cstransfer-bo(45117)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45117" ]
} },
] "references": {
} "reference_data": [
{
"name": "20080913 Baidu Hi IM software parsing plaintext stack overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496322/100/0/threaded"
},
{
"name": "31162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31162"
},
{
"name": "51696",
"refsource": "OSVDB",
"url": "http://osvdb.org/51696"
},
{
"name": "baiduhi-cstransfer-bo(45117)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45117"
}
]
}
} }

178
2008/6xxx/CVE-2008-6726.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6726", "ID": "CVE-2008-6726",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in CMScout 2.06, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bit parameter to (1) admin.php and (2) index.php, different vectors than CVE-2008-3415."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7625", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7625" "lang": "eng",
}, "value": "Multiple directory traversal vulnerabilities in CMScout 2.06, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bit parameter to (1) admin.php and (2) index.php, different vectors than CVE-2008-3415."
{ }
"name" : "http://www.cmscout.co.za/index.php?page=news&id=30", ]
"refsource" : "CONFIRM", },
"url" : "http://www.cmscout.co.za/index.php?page=news&id=30" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33068", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/33068" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "51119", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/51119" ]
}, },
{ "references": {
"name" : "51120", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/51120" "name": "7625",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/7625"
"name" : "33375", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33375" "name": "cmscout-admin-index-file-include(47660)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47660"
"name" : "cmscout-admin-index-file-include(47660)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47660" "name": "http://www.cmscout.co.za/index.php?page=news&id=30",
} "refsource": "CONFIRM",
] "url": "http://www.cmscout.co.za/index.php?page=news&id=30"
} },
{
"name": "51120",
"refsource": "OSVDB",
"url": "http://osvdb.org/51120"
},
{
"name": "33068",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33068"
},
{
"name": "33375",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33375"
},
{
"name": "51119",
"refsource": "OSVDB",
"url": "http://osvdb.org/51119"
}
]
}
} }

32
2013/2xxx/CVE-2013-2648.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2648", "ID": "CVE-2013-2648",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

318
2013/2xxx/CVE-2013-2887.json
View File

@ -1,162 +1,162 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2013-2887", "ID": "CVE-2013-2887",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Google Chrome before 29.0.1547.57 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://crbug.com/116128", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://crbug.com/116128" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in Google Chrome before 29.0.1547.57 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
{ }
"name" : "http://crbug.com/166916", ]
"refsource" : "CONFIRM", },
"url" : "http://crbug.com/166916" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://crbug.com/172119", "description": [
"refsource" : "CONFIRM", {
"url" : "http://crbug.com/172119" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://crbug.com/177876", ]
"refsource" : "CONFIRM", }
"url" : "http://crbug.com/177876" ]
}, },
{ "references": {
"name" : "http://crbug.com/220039", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://crbug.com/220039" "name": "http://crbug.com/249854",
}, "refsource": "CONFIRM",
{ "url": "http://crbug.com/249854"
"name" : "http://crbug.com/231688", },
"refsource" : "CONFIRM", {
"url" : "http://crbug.com/231688" "name": "oval:org.mitre.oval:def:17741",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17741"
"name" : "http://crbug.com/232393", },
"refsource" : "CONFIRM", {
"url" : "http://crbug.com/232393" "name": "http://crbug.com/172119",
}, "refsource": "CONFIRM",
{ "url": "http://crbug.com/172119"
"name" : "http://crbug.com/234809", },
"refsource" : "CONFIRM", {
"url" : "http://crbug.com/234809" "name": "http://crbug.com/231688",
}, "refsource": "CONFIRM",
{ "url": "http://crbug.com/231688"
"name" : "http://crbug.com/236147", },
"refsource" : "CONFIRM", {
"url" : "http://crbug.com/236147" "name": "http://crbug.com/232393",
}, "refsource": "CONFIRM",
{ "url": "http://crbug.com/232393"
"name" : "http://crbug.com/238837", },
"refsource" : "CONFIRM", {
"url" : "http://crbug.com/238837" "name": "http://crbug.com/246635",
}, "refsource": "CONFIRM",
{ "url": "http://crbug.com/246635"
"name" : "http://crbug.com/246635", },
"refsource" : "CONFIRM", {
"url" : "http://crbug.com/246635" "name": "http://crbug.com/249064",
}, "refsource": "CONFIRM",
{ "url": "http://crbug.com/249064"
"name" : "http://crbug.com/248960", },
"refsource" : "CONFIRM", {
"url" : "http://crbug.com/248960" "name": "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html",
}, "refsource": "CONFIRM",
{ "url": "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html"
"name" : "http://crbug.com/249064", },
"refsource" : "CONFIRM", {
"url" : "http://crbug.com/249064" "name": "http://crbug.com/116128",
}, "refsource": "CONFIRM",
{ "url": "http://crbug.com/116128"
"name" : "http://crbug.com/249854", },
"refsource" : "CONFIRM", {
"url" : "http://crbug.com/249854" "name": "http://crbug.com/261609",
}, "refsource": "CONFIRM",
{ "url": "http://crbug.com/261609"
"name" : "http://crbug.com/252848", },
"refsource" : "CONFIRM", {
"url" : "http://crbug.com/252848" "name": "http://crbug.com/234809",
}, "refsource": "CONFIRM",
{ "url": "http://crbug.com/234809"
"name" : "http://crbug.com/254159", },
"refsource" : "CONFIRM", {
"url" : "http://crbug.com/254159" "name": "http://crbug.com/236147",
}, "refsource": "CONFIRM",
{ "url": "http://crbug.com/236147"
"name" : "http://crbug.com/261609", },
"refsource" : "CONFIRM", {
"url" : "http://crbug.com/261609" "name": "http://crbug.com/254159",
}, "refsource": "CONFIRM",
{ "url": "http://crbug.com/254159"
"name" : "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html", },
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2013/08/stable-channel-update.html" "name": "http://crbug.com/238837",
}, "refsource": "CONFIRM",
{ "url": "http://crbug.com/238837"
"name" : "https://code.google.com/p/chromium/issues/detail?id=274602", },
"refsource" : "CONFIRM", {
"url" : "https://code.google.com/p/chromium/issues/detail?id=274602" "name": "http://crbug.com/252848",
}, "refsource": "CONFIRM",
{ "url": "http://crbug.com/252848"
"name" : "DSA-2741", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2741" "name": "http://crbug.com/166916",
}, "refsource": "CONFIRM",
{ "url": "http://crbug.com/166916"
"name" : "oval:org.mitre.oval:def:17741", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17741" "name": "http://crbug.com/220039",
} "refsource": "CONFIRM",
] "url": "http://crbug.com/220039"
} },
{
"name": "http://crbug.com/248960",
"refsource": "CONFIRM",
"url": "http://crbug.com/248960"
},
{
"name": "http://crbug.com/177876",
"refsource": "CONFIRM",
"url": "http://crbug.com/177876"
},
{
"name": "DSA-2741",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2741"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=274602",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=274602"
}
]
}
} }

118
2017/11xxx/CVE-2017-11169.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11169", "ID": "CVE-2017-11169",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices allows remote authenticated users to obtain root privileges by leveraging a guest/user/normal account to submit a modified privilege parameter to /form2userconfig.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.uniquish.tech/2017/11/privelege-escalation-in-iball-ib.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.uniquish.tech/2017/11/privelege-escalation-in-iball-ib.html" "lang": "eng",
} "value": "Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices allows remote authenticated users to obtain root privileges by leveraging a guest/user/normal account to submit a modified privilege parameter to /form2userconfig.cgi."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.uniquish.tech/2017/11/privelege-escalation-in-iball-ib.html",
"refsource": "MISC",
"url": "http://www.uniquish.tech/2017/11/privelege-escalation-in-iball-ib.html"
}
]
}
} }

32
2017/11xxx/CVE-2017-11504.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11504", "ID": "CVE-2017-11504",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2017/11xxx/CVE-2017-11546.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11546", "ID": "CVE-2017-11546",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. NOTE: a crash might be relevant when using the --background option."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://seclists.org/fulldisclosure/2017/Jul/83", "description_data": [
"refsource" : "MISC", {
"url" : "http://seclists.org/fulldisclosure/2017/Jul/83" "lang": "eng",
} "value": "The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. NOTE: a crash might be relevant when using the --background option."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Jul/83",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Jul/83"
}
]
}
} }

148
2017/11xxx/CVE-2017-11636.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11636", "ID": "CVE-2017-11636",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" "lang": "eng",
}, "value": "GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths."
{ }
"name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/39961adf974c", ]
"refsource" : "CONFIRM", },
"url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/39961adf974c" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4321", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4321" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "99978", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/99978" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/39961adf974c",
"refsource": "CONFIRM",
"url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/39961adf974c"
},
{
"name": "DSA-4321",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
},
{
"name": "99978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99978"
}
]
}
} }

130
2017/11xxx/CVE-2017-11916.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-12-12T00:00:00", "DATE_PUBLIC": "2017-12-12T00:00:00",
"ID" : "CVE-2017-11916", "ID": "CVE-2017-11916",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ChakraCore", "product_name": "ChakraCore",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "ChakraCore" "version_value": "ChakraCore"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11918, and CVE-2017-11930."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11916", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11916" "lang": "eng",
}, "value": "ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11918, and CVE-2017-11930."
{ }
"name" : "102090", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102090" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11916",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11916"
},
{
"name": "102090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102090"
}
]
}
} }

32
2017/14xxx/CVE-2017-14047.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14047", "ID": "CVE-2017-14047",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2017/14xxx/CVE-2017-14326.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14326", "ID": "CVE-2017-14326",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ImageMagick/ImageMagick/issues/740", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/ImageMagick/ImageMagick/issues/740" "lang": "eng",
}, "value": "In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file."
{ }
"name" : "USN-3681-1", ]
"refsource" : "UBUNTU", },
"url" : "https://usn.ubuntu.com/3681-1/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/740",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/740"
},
{
"name": "USN-3681-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3681-1/"
}
]
}
} }

120
2017/14xxx/CVE-2017-14466.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-03-28T00:00:00", "DATE_PUBLIC": "2018-03-28T00:00:00",
"ID" : "CVE-2017-14466", "ID": "CVE-2017-14466",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Allen Bradley", "product_name": "Allen Bradley",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15" "version_value": "Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Talos" "vendor_name": "Talos"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: The filetype 0x03 allows users write access, allowing the ability to overwrite the Master Password value stored in the file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443" "lang": "eng",
} "value": "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: The filetype 0x03 allows users write access, allowing the ability to overwrite the Master Password value stored in the file."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443"
}
]
}
} }

368
2017/14xxx/CVE-2017-14491.json
View File

@ -1,187 +1,187 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14491", "ID": "CVE-2017-14491",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42941", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42941/" "lang": "eng",
}, "value": "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response."
{ }
"name" : "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.", ]
"refsource" : "MLIST", },
"url" : "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.", "description": [
"refsource" : "MLIST", {
"url" : "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html", ]
"refsource" : "MISC", }
"url" : "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html" ]
}, },
{ "references": {
"name" : "http://thekelleys.org.uk/dnsmasq/CHANGELOG", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://thekelleys.org.uk/dnsmasq/CHANGELOG" "name": "1039474",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1039474"
"name" : "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc", },
"refsource" : "CONFIRM", {
"url" : "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc" "name": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq",
}, "refsource": "CONFIRM",
{ "url": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq"
"name" : "https://access.redhat.com/security/vulnerabilities/3199382", },
"refsource" : "CONFIRM", {
"url" : "https://access.redhat.com/security/vulnerabilities/3199382" "name": "DSA-3989",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2017/dsa-3989"
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", },
"refsource" : "CONFIRM", {
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" "name": "https://access.redhat.com/security/vulnerabilities/3199382",
}, "refsource": "CONFIRM",
{ "url": "https://access.redhat.com/security/vulnerabilities/3199382"
"name" : "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq", },
"refsource" : "CONFIRM", {
"url" : "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq" "name": "101085",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/101085"
"name" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt", },
"refsource" : "CONFIRM", {
"url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt" "name": "USN-3430-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-3430-1"
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf", },
"refsource" : "CONFIRM", {
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf" "name": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc",
}, "refsource": "CONFIRM",
{ "url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc"
"name" : "DSA-3989", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3989" "name": "101977",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/101977"
"name" : "GLSA-201710-27", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201710-27" "name": "RHSA-2017:2838",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:2838"
"name" : "RHSA-2017:2836", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2836" "name": "VU#973527",
}, "refsource": "CERT-VN",
{ "url": "https://www.kb.cert.org/vuls/id/973527"
"name" : "RHSA-2017:2837", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2837" "name": "GLSA-201710-27",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201710-27"
"name" : "RHSA-2017:2838", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2838" "name": "RHSA-2017:2840",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:2840"
"name" : "RHSA-2017:2839", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2839" "name": "USN-3430-2",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-3430-2"
"name" : "RHSA-2017:2840", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2840" "name": "RHSA-2017:2839",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:2839"
"name" : "RHSA-2017:2841", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2841" "name": "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.",
}, "refsource": "MLIST",
{ "url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html"
"name" : "openSUSE-SU-2017:2633", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html" "name": "RHSA-2017:2836",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:2836"
"name" : "USN-3430-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-3430-1" "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
}, "refsource": "CONFIRM",
{ "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
"name" : "USN-3430-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-3430-2" "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt"
"name" : "VU#973527", },
"refsource" : "CERT-VN", {
"url" : "https://www.kb.cert.org/vuls/id/973527" "name": "RHSA-2017:2837",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:2837"
"name" : "101085", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/101085" "name": "42941",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/42941/"
"name" : "101977", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/101977" "name": "http://thekelleys.org.uk/dnsmasq/CHANGELOG",
}, "refsource": "CONFIRM",
{ "url": "http://thekelleys.org.uk/dnsmasq/CHANGELOG"
"name" : "1039474", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039474" "name": "RHSA-2017:2841",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2017:2841"
} },
{
"name": "openSUSE-SU-2017:2633",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"name": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html",
"refsource": "MISC",
"url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
},
{
"name": "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.",
"refsource": "MLIST",
"url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf"
}
]
}
} }

168
2017/14xxx/CVE-2017-14726.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14726", "ID": "CVE-2017-14726",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://core.trac.wordpress.org/changeset/41395", "description_data": [
"refsource" : "MISC", {
"url" : "https://core.trac.wordpress.org/changeset/41395" "lang": "eng",
}, "value": "Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor."
{ }
"name" : "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/", ]
"refsource" : "MISC", },
"url" : "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://wpvulndb.com/vulnerabilities/8914", "description": [
"refsource" : "MISC", {
"url" : "https://wpvulndb.com/vulnerabilities/8914" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3997", ]
"refsource" : "DEBIAN", }
"url" : "https://www.debian.org/security/2017/dsa-3997" ]
}, },
{ "references": {
"name" : "100912", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100912" "name": "DSA-3997",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2017/dsa-3997"
"name" : "1039553", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039553" "name": "https://core.trac.wordpress.org/changeset/41395",
} "refsource": "MISC",
] "url": "https://core.trac.wordpress.org/changeset/41395"
} },
{
"name": "100912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100912"
},
{
"name": "1039553",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039553"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8914",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8914"
},
{
"name": "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/",
"refsource": "MISC",
"url": "https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/"
}
]
}
} }

128
2017/14xxx/CVE-2017-14836.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2017-14836", "ID": "CVE-2017-14836",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit Reader", "product_name": "Foxit Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.3.1" "version_value": "8.3.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the modDate attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5028."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416-Use After Free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://zerodayinitiative.com/advisories/ZDI-17-880", "description_data": [
"refsource" : "MISC", {
"url" : "https://zerodayinitiative.com/advisories/ZDI-17-880" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the modDate attribute of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5028."
{ }
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", ]
"refsource" : "CONFIRM", },
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "CWE-416-Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zerodayinitiative.com/advisories/ZDI-17-880",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-880"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
} }

118
2017/14xxx/CVE-2017-14943.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14943", "ID": "CVE-2017-14943",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Trapeze TransitMaster is vulnerable to information disclosure (emails / hashed passwords) via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. NOTE: this software is independently deployed at multiple municipal transit systems; it is not found exclusively on the \"webwatch.(REDACTED).com\" server mentioned in the reference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/TransitMaster%20%3E%20Information%20Disclosure%20-%20CVE-2017-14943", "description_data": [
"refsource" : "MISC", {
"url" : "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/TransitMaster%20%3E%20Information%20Disclosure%20-%20CVE-2017-14943" "lang": "eng",
} "value": "Trapeze TransitMaster is vulnerable to information disclosure (emails / hashed passwords) via a modified userID field in JSON data to ManageSubscriber.aspx/GetSubscriber. NOTE: this software is independently deployed at multiple municipal transit systems; it is not found exclusively on the \"webwatch.(REDACTED).com\" server mentioned in the reference."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/TransitMaster%20%3E%20Information%20Disclosure%20-%20CVE-2017-14943",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/badbiddy/Vulnerability-Disclosure/master/TransitMaster%20%3E%20Information%20Disclosure%20-%20CVE-2017-14943"
}
]
}
} }

32
2017/15xxx/CVE-2017-15564.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-15564", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-15564",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

32
2017/15xxx/CVE-2017-15726.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15726", "ID": "CVE-2017-15726",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2017/15xxx/CVE-2017-15763.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15763", "ID": "CVE-2017-15763",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to \"Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001eca0.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15763", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15763" "lang": "eng",
} "value": "IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to \"Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001eca0.\""
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15763",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15763"
}
]
}
} }

126
2017/15xxx/CVE-2017-15894.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@synology.com", "ASSIGNER": "security@synology.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00", "DATE_PUBLIC": "2017-11-15T00:00:00",
"ID" : "CVE-2017-15894", "ID": "CVE-2017-15894",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Synology DiskStation Manager (DSM)", "product_name": "Synology DiskStation Manager (DSM)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.0.x before 6.0.3-8754-3" "version_value": "6.0.x before 6.0.3-8754-3"
}, },
{ {
"version_value" : "before 5.2-5967-6" "version_value": "before 5.2-5967-6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Synology" "vendor_name": "Synology"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Limitation of a Pathname to a Restricted Directory (CWE-22)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.synology.com/en-global/support/security/Synology_SA_17_70_DSM", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.synology.com/en-global/support/security/Synology_SA_17_70_DSM" "lang": "eng",
} "value": "Directory traversal vulnerability in the SYNO.FileStation.Extract in Synology DiskStation Manager (DSM) 6.0.x before 6.0.3-8754-3 and before 5.2-5967-6 allows remote authenticated users to write arbitrary files via the dest_folder_path parameter."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Limitation of a Pathname to a Restricted Directory (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/en-global/support/security/Synology_SA_17_70_DSM",
"refsource": "CONFIRM",
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_70_DSM"
}
]
}
} }

120
2017/8xxx/CVE-2017-8155.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00", "DATE_PUBLIC": "2017-11-15T00:00:00",
"ID" : "CVE-2017-8155", "ID": "CVE-2017-8155",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "B2338-168", "product_name": "B2338-168",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "V100R001C00" "version_value": "V100R001C00"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor units of the CPE, an attacker can deliver commands to the specific port of the outdoor unit and execute them without authentication. Successful exploit could allow the attacker to take control over the outdoor unit."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "no authentication"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-cpe-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-cpe-en" "lang": "eng",
} "value": "The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 V100R001C00 has a no authentication vulnerability on a certain port. After accessing the network between the indoor and outdoor units of the CPE, an attacker can deliver commands to the specific port of the outdoor unit and execute them without authentication. Successful exploit could allow the attacker to take control over the outdoor unit."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "no authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-cpe-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-cpe-en"
}
]
}
} }

120
2017/8xxx/CVE-2017-8212.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00", "DATE_PUBLIC": "2017-11-15T00:00:00",
"ID" : "CVE-2017-8212", "ID": "CVE-2017-8212",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "honor 5C,honor 6x", "product_name": "honor 5C,honor 6x",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Versions earlier than NEM-AL10C00B356,Versions earlier than Berlin-L21HNC432B360" "version_value": "Versions earlier than NEM-AL10C00B356,Versions earlier than Berlin-L21HNC432B360"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "buffer overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en" "lang": "eng",
} "value": "The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en"
}
]
}
} }

140
2017/8xxx/CVE-2017-8726.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-10-10T00:00:00", "DATE_PUBLIC": "2017-10-10T00:00:00",
"ID" : "CVE-2017-8726", "ID": "CVE-2017-8726",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Edge", "product_name": "Microsoft Edge",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." "version_value": "Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft scripting engines handle objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11794 and CVE-2017-11803."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8726", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8726" "lang": "eng",
}, "value": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft scripting engines handle objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11794 and CVE-2017-11803."
{ }
"name" : "101084", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101084" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039529", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039529" "lang": "eng",
} "value": "Information Disclosure"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1039529",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039529"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8726",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8726"
},
{
"name": "101084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101084"
}
]
}
} }

118
2017/9xxx/CVE-2017-9522.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9522", "ID": "CVE-2017-9522",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Time Warner firmware on Technicolor TC8717T devices sets the default Wi-Fi passphrase to a combination of the SSID and BSSID, which makes it easier for remote attackers to obtain network access by reading a beacon frame."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-21.default-wifi-credentials.txt", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-21.default-wifi-credentials.txt" "lang": "eng",
} "value": "The Time Warner firmware on Technicolor TC8717T devices sets the default Wi-Fi passphrase to a combination of the SSID and BSSID, which makes it easier for remote attackers to obtain network access by reading a beacon frame."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-21.default-wifi-credentials.txt",
"refsource": "MISC",
"url": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-21.default-wifi-credentials.txt"
}
]
}
} }

122
2018/1000xxx/CVE-2018-1000043.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "1/31/2018 20:22:19", "DATE_ASSIGNED": "1/31/2018 20:22:19",
"ID" : "CVE-2018-1000043", "ID": "CVE-2018-1000043",
"REQUESTER" : "medsgerj@gmail.com", "REQUESTER": "medsgerj@gmail.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Squert", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.0.1 through 1.6.7" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Security Onion Solutions" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the txdata parameter, used in tx()/transcript(), or the catdata parameter, used in cat(). This vulnerability appears to have been fixed in 1.7.0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blog.securityonion.net/2018/01/security-advisory-for-squert.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://blog.securityonion.net/2018/01/security-advisory-for-squert.html" "lang": "eng",
} "value": "Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be exploitable via Web request to .inc/callback.php with the payload in the txdata parameter, used in tx()/transcript(), or the catdata parameter, used in cat(). This vulnerability appears to have been fixed in 1.7.0."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.securityonion.net/2018/01/security-advisory-for-squert.html",
"refsource": "CONFIRM",
"url": "http://blog.securityonion.net/2018/01/security-advisory-for-squert.html"
}
]
}
} }

152
2018/1000xxx/CVE-2018-1000049.json
View File

@ -1,79 +1,79 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "1/20/2018 9:34:40", "DATE_ASSIGNED": "1/20/2018 9:34:40",
"ID" : "CVE-2018-1000049", "ID": "CVE-2018-1000049",
"REQUESTER" : "reversebrain@protonmail.com", "REQUESTER": "reversebrain@protonmail.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Claymore Dual Miner", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.3 and earlier" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "nanopool" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44638", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44638/" "lang": "eng",
}, "value": "Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled."
{ }
"name" : "45044", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/45044/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/", "description": [
"refsource" : "MISC", {
"url" : "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://twitter.com/ReverseBrain/status/951850534985662464", ]
"refsource" : "MISC", }
"url" : "https://twitter.com/ReverseBrain/status/951850534985662464" ]
} },
] "references": {
} "reference_data": [
{
"name": "https://twitter.com/ReverseBrain/status/951850534985662464",
"refsource": "MISC",
"url": "https://twitter.com/ReverseBrain/status/951850534985662464"
},
{
"name": "45044",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45044/"
},
{
"name": "44638",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44638/"
},
{
"name": "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/",
"refsource": "MISC",
"url": "https://reversebrain.github.io/2018/02/01/Claymore-Dual-Miner-Remote-Code-Execution/"
}
]
}
} }

120
2018/12xxx/CVE-2018-12151.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@intel.com", "ASSIGNER": "secure@intel.com",
"DATE_PUBLIC" : "2018-09-11T00:00:00", "DATE_PUBLIC": "2018-09-11T00:00:00",
"ID" : "CVE-2018-12151", "ID": "CVE-2018-12151",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Intel(R) Extreme Tuning Utility", "product_name": "Intel(R) Extreme Tuning Utility",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Versions before 6.4.1.2." "version_value": "Versions before 6.4.1.2."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Intel Corporation" "vendor_name": "Intel Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially cause a buffer overflow potentially leading to a denial of service via local access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html" "lang": "eng",
} "value": "Buffer overflow in installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially cause a buffer overflow potentially leading to a denial of service via local access."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html"
}
]
}
} }

32
2018/12xxx/CVE-2018-12289.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12289", "ID": "CVE-2018-12289",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2018/12xxx/CVE-2018-12870.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-12870", "ID": "CVE-2018-12870",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat and Reader", "product_name": "Adobe Acrobat and Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Adobe" "vendor_name": "Adobe"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
{ }
"name" : "105439", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105439" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041809", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041809" "lang": "eng",
} "value": "Out-of-bounds read"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1041809",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041809"
},
{
"name": "105439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105439"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
}
]
}
} }

128
2018/13xxx/CVE-2018-13520.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13520", "ID": "CVE-2018-13520",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for TopscoinAdvanced, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for TopscoinAdvanced, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TopscoinAdvanced", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TopscoinAdvanced" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TopscoinAdvanced",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TopscoinAdvanced"
}
]
}
} }

128
2018/13xxx/CVE-2018-13540.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13540", "ID": "CVE-2018-13540",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GSI", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GSI" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GSI",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GSI"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
} }

128
2018/13xxx/CVE-2018-13580.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13580", "ID": "CVE-2018-13580",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for ProvidenceCasino (PVE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PVE", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PVE" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PVE",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PVE"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
} }

128
2018/13xxx/CVE-2018-13641.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13641", "ID": "CVE-2018-13641",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for MVGcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for MVGcoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MVGcoin", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MVGcoin" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MVGcoin",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MVGcoin"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
} }

118
2018/16xxx/CVE-2018-16710.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16710", "ID": "CVE-2018-16710",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with \"blind port forwarding ... Putting OctoPrint onto the public internet is a terrible idea, and I really can't emphasize that enough.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/foosel/OctoPrint/issues/2814", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/foosel/OctoPrint/issues/2814" "lang": "eng",
} "value": "** DISPUTED ** OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with \"blind port forwarding ... Putting OctoPrint onto the public internet is a terrible idea, and I really can't emphasize that enough.\""
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/foosel/OctoPrint/issues/2814",
"refsource": "MISC",
"url": "https://github.com/foosel/OctoPrint/issues/2814"
}
]
}
} }

168
2018/16xxx/CVE-2018-16852.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "sfowler@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2018-16852", "ID": "CVE-2018-16852",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "samba", "product_name": "samba",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.9.3" "version_value": "4.9.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "[UNKNOWN]" "vendor_name": "[UNKNOWN]"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-476"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16852", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16852" "lang": "eng",
}, "value": "Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service."
{ }
"name" : "https://www.samba.org/samba/security/CVE-2018-16852.html", ]
"refsource" : "CONFIRM", },
"url" : "https://www.samba.org/samba/security/CVE-2018-16852.html" "impact": {
}, "cvss": [
{ [
"name" : "https://security.netapp.com/advisory/ntap-20181127-0001/", {
"refsource" : "CONFIRM", "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"url" : "https://security.netapp.com/advisory/ntap-20181127-0001/" "version": "3.0"
}, }
{ ]
"name" : "106024", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106024" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.samba.org/samba/security/CVE-2018-16852.html",
"refsource": "CONFIRM",
"url": "https://www.samba.org/samba/security/CVE-2018-16852.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16852",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16852"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181127-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181127-0001/"
},
{
"name": "106024",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106024"
}
]
}
} }

32
2018/4xxx/CVE-2018-4076.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4076", "ID": "CVE-2018-4076",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/4xxx/CVE-2018-4645.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4645", "ID": "CVE-2018-4645",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }