admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:24:32 +00:00
parent e199c8ebd3
commit 9bcc923cb7
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 3372 additions and 3309 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2004/0xxx/CVE-2004-0328.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0328", "ID": "CVE-2004-0328",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 allows local users on the same local network as the router to bypass authentication by using a copy of the router's html menu on a separate system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040224 Gigabyte Broadband Router - Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=107766719227942&w=2" "lang": "eng",
}, "value": "Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 allows local users on the same local network as the router to bypass authentication by using a copy of the router's html menu on a separate system."
{ }
"name" : "9740", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/9740" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "gigabyte-gnb46b-bypass-authentication(15313)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15313" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "gigabyte-gnb46b-bypass-authentication(15313)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15313"
},
{
"name": "9740",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9740"
},
{
"name": "20040224 Gigabyte Broadband Router - Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107766719227942&w=2"
}
]
}
}

190
2004/1xxx/CVE-2004-1268.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1268", "ID": "CVE-2004-1268",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tigger.uic.edu/~jlongs2/holes/cups2.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://tigger.uic.edu/~jlongs2/holes/cups2.txt" "lang": "eng",
}, "value": "lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors."
{ }
"name" : "GLSA-200412-25", ]
"refsource" : "GENTOO", },
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDKSA-2005:008", "description": [
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:008" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2005:013", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2005-013.html" ]
}, },
{ "references": {
"name" : "RHSA-2005:053", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-053.html" "name": "RHSA-2005:013",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2005-013.html"
"name" : "USN-50-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/50-1/" "name": "oval:org.mitre.oval:def:10398",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10398"
"name" : "oval:org.mitre.oval:def:10398", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10398" "name": "MDKSA-2005:008",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:008"
"name" : "cups-lppasswd-passwd-truncate(18606)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18606" "name": "RHSA-2005:053",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2005-053.html"
} },
} {
"name": "USN-50-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/50-1/"
},
{
"name": "cups-lppasswd-passwd-truncate(18606)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18606"
},
{
"name": "GLSA-200412-25",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml"
},
{
"name": "http://tigger.uic.edu/~jlongs2/holes/cups2.txt",
"refsource": "MISC",
"url": "http://tigger.uic.edu/~jlongs2/holes/cups2.txt"
}
]
}
}

230
2004/1xxx/CVE-2004-1318.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1318", "ID": "CVE-2004-1318",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab (\"%09\") character, which prevents the rest of the query from being properly sanitized."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://jvn.jp/jp/JVN%23904429FE.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://jvn.jp/jp/JVN%23904429FE.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab (\"%09\") character, which prevents the rest of the query from being properly sanitized."
{ }
"name" : "http://www.namazu.org/security.html.en#xss-tab", ]
"refsource" : "CONFIRM", },
"url" : "http://www.namazu.org/security.html.en#xss-tab" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-627", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2005/dsa-627" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2004-557", ]
"refsource" : "FEDORA", }
"url" : "http://www.linuxsecurity.com/content/view/117604/102/" ]
}, },
{ "references": {
"name" : "HPSBMA01212", "reference_data": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/advisories/9028" "name": "1012805",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/alerts/2005/Jan/1012805.html"
"name" : "SUSE-SR:2005:001", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2005_01_sr.html" "name": "1012802",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/alerts/2005/Jan/1012802.html"
"name" : "12053", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/12053" "name": "DSA-627",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2005/dsa-627"
"name" : "12516", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/12516" "name": "13600",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/13600"
"name" : "1012802", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/alerts/2005/Jan/1012802.html" "name": "namazu-tab-query-xss(18623)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18623"
"name" : "1012805", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/alerts/2005/Jan/1012805.html" "name": "http://www.namazu.org/security.html.en#xss-tab",
}, "refsource": "CONFIRM",
{ "url": "http://www.namazu.org/security.html.en#xss-tab"
"name" : "13600", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/13600" "name": "12053",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/12053"
"name" : "namazu-tab-query-xss(18623)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18623" "name": "SUSE-SR:2005:001",
} "refsource": "SUSE",
] "url": "http://www.novell.com/linux/security/advisories/2005_01_sr.html"
} },
} {
"name": "FEDORA-2004-557",
"refsource": "FEDORA",
"url": "http://www.linuxsecurity.com/content/view/117604/102/"
},
{
"name": "http://jvn.jp/jp/JVN%23904429FE.html",
"refsource": "MISC",
"url": "http://jvn.jp/jp/JVN%23904429FE.html"
},
{
"name": "12516",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12516"
},
{
"name": "HPSBMA01212",
"refsource": "HP",
"url": "http://www.securityfocus.com/advisories/9028"
}
]
}
}

160
2004/1xxx/CVE-2004-1646.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1646", "ID": "CVE-2004-1646",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Xedus 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040830 Multiple Vulnerabilities In Xedus Webserver", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109394018411394&w=2" "lang": "eng",
}, "value": "Directory traversal vulnerability in Xedus 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
{ }
"name" : "http://www.gulftech.org/?node=research&article_id=00047-08302004", ]
"refsource" : "MISC", },
"url" : "http://www.gulftech.org/?node=research&article_id=00047-08302004" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "11071", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11071" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "12418", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/12418" ]
}, },
{ "references": {
"name" : "xedus-dotdot-directory-traversal(17167)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17167" "name": "20040830 Multiple Vulnerabilities In Xedus Webserver",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=109394018411394&w=2"
} },
} {
"name": "http://www.gulftech.org/?node=research&article_id=00047-08302004",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00047-08302004"
},
{
"name": "xedus-dotdot-directory-traversal(17167)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17167"
},
{
"name": "12418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12418"
},
{
"name": "11071",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11071"
}
]
}
}

170
2004/1xxx/CVE-2004-1667.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1667", "ID": "CVE-2004-1667",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote attackers to cause a denial of service (server crash) via a long client response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040909 Off-by-one bug in Halo 1.04", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109479695022024&w=2" "lang": "eng",
}, "value": "Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote attackers to cause a denial of service (server crash) via a long client response."
{ }
"name" : "http://aluigi.altervista.org/adv/haloboom-adv.txt", ]
"refsource" : "MISC", },
"url" : "http://aluigi.altervista.org/adv/haloboom-adv.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.bungie.net/News/Story.aspx?link=hpc105", "description": [
"refsource" : "MISC", {
"url" : "http://www.bungie.net/News/Story.aspx?link=hpc105" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "11147", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/11147" ]
}, },
{ "references": {
"name" : "12504", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12504" "name": "12504",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/12504"
"name" : "halo-response-offbyone-bo(17310)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17310" "name": "http://aluigi.altervista.org/adv/haloboom-adv.txt",
} "refsource": "MISC",
] "url": "http://aluigi.altervista.org/adv/haloboom-adv.txt"
} },
} {
"name": "11147",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11147"
},
{
"name": "20040909 Off-by-one bug in Halo 1.04",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109479695022024&w=2"
},
{
"name": "halo-response-offbyone-bo(17310)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17310"
},
{
"name": "http://www.bungie.net/News/Story.aspx?link=hpc105",
"refsource": "MISC",
"url": "http://www.bungie.net/News/Story.aspx?link=hpc105"
}
]
}
}

160
2008/3xxx/CVE-2008-3394.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3394", "ID": "CVE-2008-3394",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in search.cfm in BookMine allow remote attackers to inject arbitrary web script or HTML via the (1) gallery and (2) search_string parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://holisticinfosec.org/content/view/79/45/", "description_data": [
"refsource" : "MISC", {
"url" : "http://holisticinfosec.org/content/view/79/45/" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in search.cfm in BookMine allow remote attackers to inject arbitrary web script or HTML via the (1) gallery and (2) search_string parameters."
{ }
"name" : "30432", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30432" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "47203", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/47203" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "31258", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/31258" ]
}, },
{ "references": {
"name" : "bookmine-search-xss(44068)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44068" "name": "30432",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/30432"
} },
} {
"name": "http://holisticinfosec.org/content/view/79/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/79/45/"
},
{
"name": "47203",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/47203"
},
{
"name": "31258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31258"
},
{
"name": "bookmine-search-xss(44068)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44068"
}
]
}
}

140
2008/3xxx/CVE-2008-3430.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3430", "ID": "CVE-2008-3430",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the CoVideoWindow.ocx ActiveX control 5.0.907.1 in Eyeball MessengerSDK, as used in products such as SiOL Komunikator 1.3, allows remote attackers to execute arbitrary code via a large argument supplied to the BGColor method. NOTE: this might only be a vulnerability in certain insecure configurations of Internet Explorer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/0807-exploits/siol-overflow.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/0807-exploits/siol-overflow.txt" "lang": "eng",
}, "value": "Buffer overflow in the CoVideoWindow.ocx ActiveX control 5.0.907.1 in Eyeball MessengerSDK, as used in products such as SiOL Komunikator 1.3, allows remote attackers to execute arbitrary code via a large argument supplied to the BGColor method. NOTE: this might only be a vulnerability in certain insecure configurations of Internet Explorer."
{ }
"name" : "30424", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30424" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "eyeballmessengersdk-covideowindow-bo(44111)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44111" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "eyeballmessengersdk-covideowindow-bo(44111)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44111"
},
{
"name": "30424",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30424"
},
{
"name": "http://packetstormsecurity.org/0807-exploits/siol-overflow.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0807-exploits/siol-overflow.txt"
}
]
}
}

190
2008/3xxx/CVE-2008-3645.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3645", "ID": "CVE-2008-3645",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT3216", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT3216" "lang": "eng",
}, "value": "Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors."
{ }
"name" : "APPLE-SA-2008-10-09", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31681", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31681" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "31711", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/31711" ]
}, },
{ "references": {
"name" : "ADV-2008-2780", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2780" "name": "31681",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/31681"
"name" : "1021025", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021025" "name": "1021025",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1021025"
"name" : "32222", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32222" "name": "macosx-eapolcontroller-bo(45781)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45781"
"name" : "macosx-eapolcontroller-bo(45781)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45781" "name": "32222",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/32222"
} },
} {
"name": "31711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31711"
},
{
"name": "ADV-2008-2780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "APPLE-SA-2008-10-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT3216",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3216"
}
]
}
}

160
2008/4xxx/CVE-2008-4392.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2008-4392", "ID": "CVE-2008-4392",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS queries, which makes it easier for remote attackers to spoof DNS responses, as demonstrated by a spoofed A record in the Additional section of a response to a Start of Authority (SOA) query."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.your.org/dnscache/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.your.org/dnscache/" "lang": "eng",
}, "value": "dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS queries, which makes it easier for remote attackers to spoof DNS responses, as demonstrated by a spoofed A record in the Additional section of a response to a Start of Authority (SOA) query."
{ }
"name" : "http://www.your.org/dnscache/djbdns.pdf", ]
"refsource" : "MISC", },
"url" : "http://www.your.org/dnscache/djbdns.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33818", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/33818" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "33855", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/33855" ]
}, },
{ "references": {
"name" : "djbdns-soa-spoofing(48807)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48807" "name": "http://www.your.org/dnscache/djbdns.pdf",
} "refsource": "MISC",
] "url": "http://www.your.org/dnscache/djbdns.pdf"
} },
} {
"name": "djbdns-soa-spoofing(48807)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48807"
},
{
"name": "33855",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33855"
},
{
"name": "33818",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33818"
},
{
"name": "http://www.your.org/dnscache/",
"refsource": "MISC",
"url": "http://www.your.org/dnscache/"
}
]
}
}

140
2008/4xxx/CVE-2008-4710.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4710", "ID": "CVE-2008-4710",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://drupal.org/node/312923", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/312923" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the stock quotes page in Stock 6.x before 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "31389", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31389" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "stock-stockquotespage-xss(45405)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45405" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "31389",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31389"
},
{
"name": "stock-stockquotespage-xss(45405)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45405"
},
{
"name": "http://drupal.org/node/312923",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/312923"
}
]
}
}

140
2008/6xxx/CVE-2008-6312.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6312", "ID": "CVE-2008-6312",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7397", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7397" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter."
{ }
"name" : "32724", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32724" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "proquiz-index-sql-injection(47196)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47196" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "7397",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7397"
},
{
"name": "32724",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32724"
},
{
"name": "proquiz-index-sql-injection(47196)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47196"
}
]
}
}

160
2008/6xxx/CVE-2008-6691.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6691", "ID": "CVE-2008-6691",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Diocese of Portsmouth Calendar Today (pd_calendar_today) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/" "lang": "eng",
}, "value": "SQL injection vulnerability in Diocese of Portsmouth Calendar Today (pd_calendar_today) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
{ }
"name" : "29819", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29819" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "46388", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/46388" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "30737", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/30737" ]
}, },
{ "references": {
"name" : "pdcalendartoday-unspecified-sql-injection(43206)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43206" "name": "30737",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/30737"
} },
} {
"name": "29819",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29819"
},
{
"name": "pdcalendartoday-unspecified-sql-injection(43206)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43206"
},
{
"name": "46388",
"refsource": "OSVDB",
"url": "http://osvdb.org/46388"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
]
}
}

160
2008/6xxx/CVE-2008-6930.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6930", "ID": "CVE-2008-6930",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in PHPStore Real Estate allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in realty/re_images/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7085", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7085" "lang": "eng",
}, "value": "Unrestricted file upload vulnerability in PHPStore Real Estate allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in realty/re_images/."
{ }
"name" : "50293", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/50293" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "32626", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32626" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-3101", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/3101" ]
}, },
{ "references": {
"name" : "realestate-reimages-file-upload(52446)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52446" "name": "50293",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/50293"
} },
} {
"name": "realestate-reimages-file-upload(52446)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52446"
},
{
"name": "ADV-2008-3101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3101"
},
{
"name": "32626",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32626"
},
{
"name": "7085",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7085"
}
]
}
}

150
2008/7xxx/CVE-2008-7077.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-7077", "ID": "CVE-2008-7077",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7267", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7267" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields."
{ }
"name" : "http://www.juniper.net/security/auto/vulnerabilities/vuln32521.html", ]
"refsource" : "MISC", },
"url" : "http://www.juniper.net/security/auto/vulnerabilities/vuln32521.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "32521", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/32521" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "sailplanner-username-sql-injection(46932)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46932" ]
} },
] "references": {
} "reference_data": [
} {
"name": "32521",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32521"
},
{
"name": "7267",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7267"
},
{
"name": "http://www.juniper.net/security/auto/vulnerabilities/vuln32521.html",
"refsource": "MISC",
"url": "http://www.juniper.net/security/auto/vulnerabilities/vuln32521.html"
},
{
"name": "sailplanner-username-sql-injection(46932)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46932"
}
]
}
}

180
2013/2xxx/CVE-2013-2501.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2501", "ID": "CVE-2013-2501",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130308 Stored XSS in Terillion Reviews Wordpress Plugin", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-03/0055.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field."
{ }
"name" : "http://packetstormsecurity.com/files/120730/WordPress-Terillion-Reviews-Cross-Site-Scripting.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/120730/WordPress-Terillion-Reviews-Cross-Site-Scripting.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://plugins.trac.wordpress.org/changeset/683838/terillion-reviews", "description": [
"refsource" : "CONFIRM", {
"url" : "http://plugins.trac.wordpress.org/changeset/683838/terillion-reviews" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://wordpress.org/extend/plugins/terillion-reviews/changelog/", ]
"refsource" : "CONFIRM", }
"url" : "http://wordpress.org/extend/plugins/terillion-reviews/changelog/" ]
}, },
{ "references": {
"name" : "58415", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/58415" "name": "http://wordpress.org/extend/plugins/terillion-reviews/changelog/",
}, "refsource": "CONFIRM",
{ "url": "http://wordpress.org/extend/plugins/terillion-reviews/changelog/"
"name" : "91123", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/91123" "name": "http://packetstormsecurity.com/files/120730/WordPress-Terillion-Reviews-Cross-Site-Scripting.html",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.com/files/120730/WordPress-Terillion-Reviews-Cross-Site-Scripting.html"
"name" : "wp-terillionreviews-profileid-xss(82727)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82727" "name": "wp-terillionreviews-profileid-xss(82727)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82727"
} },
} {
"name": "20130308 Stored XSS in Terillion Reviews Wordpress Plugin",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0055.html"
},
{
"name": "91123",
"refsource": "OSVDB",
"url": "http://osvdb.org/91123"
},
{
"name": "58415",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58415"
},
{
"name": "http://plugins.trac.wordpress.org/changeset/683838/terillion-reviews",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset/683838/terillion-reviews"
}
]
}
}

140
2013/2xxx/CVE-2013-2601.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2601", "ID": "CVE-2013-2601",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 allows remote attackers to execute arbitrary commands by using the UIVM to create a network connection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.citrix.com/article/CTX138633", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.citrix.com/article/CTX138633" "lang": "eng",
}, "value": "The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 allows remote attackers to execute arbitrary commands by using the UIVM to create a network connection."
{ }
"name" : "96749", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/96749" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "citrix-xenclient-cve20132601-command-exec(86967)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86967" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "96749",
"refsource": "OSVDB",
"url": "http://osvdb.org/96749"
},
{
"name": "citrix-xenclient-cve20132601-command-exec(86967)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86967"
},
{
"name": "http://support.citrix.com/article/CTX138633",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX138633"
}
]
}
}

34
2013/2xxx/CVE-2013-2611.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2611", "ID": "CVE-2013-2611",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2013/2xxx/CVE-2013-2615.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2615", "ID": "CVE-2013-2615",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130312 Ruby gem fastreader-1.0.8 remote code exec", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2013/Mar/122" "lang": "eng",
}, "value": "lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL."
{ }
"name" : "[oss-security] 20130319 Fwd: CVE requests", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2013/03/19/9" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/120776/Ruby-Gem-Fastreader-1.0.8-Command-Execution.html", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/120776/Ruby-Gem-Fastreader-1.0.8-Command-Execution.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/120845/Ruby-Gem-Fastreader-1.0.8-Code-Execution.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/120845/Ruby-Gem-Fastreader-1.0.8-Code-Execution.html" ]
}, },
{ "references": {
"name" : "91232", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/91232" "name": "20130312 Ruby gem fastreader-1.0.8 remote code exec",
} "refsource": "FULLDISC",
] "url": "http://seclists.org/fulldisclosure/2013/Mar/122"
} },
} {
"name": "91232",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/91232"
},
{
"name": "http://packetstormsecurity.com/files/120845/Ruby-Gem-Fastreader-1.0.8-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/120845/Ruby-Gem-Fastreader-1.0.8-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/120776/Ruby-Gem-Fastreader-1.0.8-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/120776/Ruby-Gem-Fastreader-1.0.8-Command-Execution.html"
},
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/19/9"
}
]
}
}

130
2013/2xxx/CVE-2013-2704.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2013-2704", "ID": "CVE-2013-2704",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu Widget plugin 1.9.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://wordpress.org/plugins/dropdown-menu-widget/changelog/", "description_data": [
"refsource" : "MISC", {
"url" : "http://wordpress.org/plugins/dropdown-menu-widget/changelog/" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu Widget plugin 1.9.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences."
{ }
"name" : "52958", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/52958" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wordpress.org/plugins/dropdown-menu-widget/changelog/",
"refsource": "MISC",
"url": "http://wordpress.org/plugins/dropdown-menu-widget/changelog/"
},
{
"name": "52958",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52958"
}
]
}
}

140
2013/2xxx/CVE-2013-2874.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2013-2874", "ID": "CVE-2013-2874",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL textures."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html" "lang": "eng",
}, "value": "Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL textures."
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=237611", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=237611" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:17142", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17142" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:17142",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17142"
},
{
"name": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=237611",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=237611"
}
]
}
}

200
2013/6xxx/CVE-2013-6164.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6164", "ID": "CVE-2013-6164",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20131105 [ISecAuditors Security Advisories] SQL Injection vulnerability in \"Project'Or RIA\" allow arbitrary access to the database and the file system", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-11/0020.html" "lang": "eng",
}, "value": "SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter."
{ }
"name" : "29517", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/29517" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20131105 [ISecAuditors Security Advisories] SQL Injection vulnerability in \"Project'Or RIA\" allow arbitrary access to the database and the file system", "description": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0031.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/123915", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/123915" ]
}, },
{ "references": {
"name" : "http://projectorria.org/index.php/menu_download_en/menu_history_en", "reference_data": [
"refsource" : "MISC", {
"url" : "http://projectorria.org/index.php/menu_download_en/menu_history_en" "name": "55451",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/55451"
"name" : "63538", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/63538" "name": "99367",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/99367"
"name" : "99367", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/99367" "name": "projeqtor-cve20136164-sql-injection(88584)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88584"
"name" : "55451", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55451" "name": "20131105 [ISecAuditors Security Advisories] SQL Injection vulnerability in \"Project'Or RIA\" allow arbitrary access to the database and the file system",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0020.html"
"name" : "projeqtor-cve20136164-sql-injection(88584)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88584" "name": "63538",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/63538"
} },
} {
"name": "http://projectorria.org/index.php/menu_download_en/menu_history_en",
"refsource": "MISC",
"url": "http://projectorria.org/index.php/menu_download_en/menu_history_en"
},
{
"name": "29517",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/29517"
},
{
"name": "20131105 [ISecAuditors Security Advisories] SQL Injection vulnerability in \"Project'Or RIA\" allow arbitrary access to the database and the file system",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0031.html"
},
{
"name": "http://packetstormsecurity.com/files/123915",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123915"
}
]
}
}

34
2017/14xxx/CVE-2017-14133.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14133", "ID": "CVE-2017-14133",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/14xxx/CVE-2017-14194.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14194", "ID": "CVE-2017-14194",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bendawang.site/article/finecms-V5.0.11-multi-vulnerablity", "description_data": [
"refsource" : "MISC", {
"url" : "http://bendawang.site/article/finecms-V5.0.11-multi-vulnerablity" "lang": "eng",
} "value": "The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bendawang.site/article/finecms-V5.0.11-multi-vulnerablity",
"refsource": "MISC",
"url": "http://bendawang.site/article/finecms-V5.0.11-multi-vulnerablity"
}
]
}
}

120
2017/14xxx/CVE-2017-14196.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14196", "ID": "CVE-2017-14196",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://devalias.net/devalias/2017/09/07/squiz-matrix-multiple-vulnerabilities/", "description_data": [
"refsource" : "MISC", {
"url" : "http://devalias.net/devalias/2017/09/07/squiz-matrix-multiple-vulnerabilities/" "lang": "eng",
} "value": "An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. An information disclosure caused by a Path Traversal issue in the 'File Bridge' plugin allowed the existence of files outside of the bridged path to be confirmed."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://devalias.net/devalias/2017/09/07/squiz-matrix-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "http://devalias.net/devalias/2017/09/07/squiz-matrix-multiple-vulnerabilities/"
}
]
}
}

150
2017/14xxx/CVE-2017-14314.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14314", "ID": "CVE-2017-14314",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" "lang": "eng",
}, "value": "Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file."
{ }
"name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/2835184bfb78", ]
"refsource" : "CONFIRM", },
"url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/2835184bfb78" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://sourceforge.net/p/graphicsmagick/bugs/448/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://sourceforge.net/p/graphicsmagick/bugs/448/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-4321", ]
"refsource" : "DEBIAN", }
"url" : "https://www.debian.org/security/2018/dsa-4321" ]
} },
] "references": {
} "reference_data": [
} {
"name": "DSA-4321",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
},
{
"name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/2835184bfb78",
"refsource": "CONFIRM",
"url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/2835184bfb78"
},
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/448/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/448/"
}
]
}
}

120
2017/14xxx/CVE-2017-14422.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14422", "ID": "CVE-2017-14422",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html" "lang": "eng",
} "value": "D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices use the same hardcoded /etc/stunnel.key private key across different customers' installations, which allows remote attackers to defeat the HTTPS cryptographic protection mechanisms by leveraging knowledge of this key from another installation."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html",
"refsource": "MISC",
"url": "https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html"
}
]
}
}

120
2017/14xxx/CVE-2017-14846.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14846", "ID": "CVE-2017-14846",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42802", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42802/" "lang": "eng",
} "value": "Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42802",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42802/"
}
]
}
}

132
2017/14xxx/CVE-2017-14917.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-12-04T00:00:00", "DATE_PUBLIC": "2017-12-04T00:00:00",
"ID" : "CVE-2017-14917", "ID": "CVE-2017-14917",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Integer Overflow to Buffer Overflow in Secure Processor"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-12-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-12-01" "lang": "eng",
}, "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message passing interface are not properly validated."
{ }
"name" : "102072", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102072" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Integer Overflow to Buffer Overflow in Secure Processor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-12-01"
},
{
"name": "102072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102072"
}
]
}
}

130
2017/15xxx/CVE-2017-15328.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"ID" : "CVE-2017-15328", "ID": "CVE-2017-15328",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "HG8245H", "product_name": "HG8245H",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Earlier than EchoLife HG8245H V300R018C00SPC110" "version_value": "Earlier than EchoLife HG8245H V300R018C00SPC110"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the privilege, successful exploitation may cause information leak."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "authentication bypass"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.huawei.com/carrier/docview!docview?nid=DOC1000441394&path=PBI1-7275726/PBI1-7275742/PBI1-7912539/PBI1-22318696/PBI1-8952133/PBI1-8957546/PBI1-22412232/PBI1-22412234/PBI1-22807623", "description_data": [
"refsource" : "MISC", {
"url" : "http://support.huawei.com/carrier/docview!docview?nid=DOC1000441394&path=PBI1-7275726/PBI1-7275742/PBI1-7912539/PBI1-22318696/PBI1-8952133/PBI1-8957546/PBI1-22412232/PBI1-22412234/PBI1-22807623" "lang": "eng",
}, "value": "Huawei HG8245H version earlier than V300R018C00SPC110 has an authentication bypass vulnerability. An attacker can access a specific URL of the affect product. Due to improper verification of the privilege, successful exploitation may cause information leak."
{ }
"name" : "https://hacked0x90.wordpress.com/2017/11/30/hg8245h-authentication-bypass/", ]
"refsource" : "MISC", },
"url" : "https://hacked0x90.wordpress.com/2017/11/30/hg8245h-authentication-bypass/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.huawei.com/carrier/docview!docview?nid=DOC1000441394&path=PBI1-7275726/PBI1-7275742/PBI1-7912539/PBI1-22318696/PBI1-8952133/PBI1-8957546/PBI1-22412232/PBI1-22412234/PBI1-22807623",
"refsource": "MISC",
"url": "http://support.huawei.com/carrier/docview!docview?nid=DOC1000441394&path=PBI1-7275726/PBI1-7275742/PBI1-7912539/PBI1-22318696/PBI1-8952133/PBI1-8957546/PBI1-22412232/PBI1-22412234/PBI1-22807623"
},
{
"name": "https://hacked0x90.wordpress.com/2017/11/30/hg8245h-authentication-bypass/",
"refsource": "MISC",
"url": "https://hacked0x90.wordpress.com/2017/11/30/hg8245h-authentication-bypass/"
}
]
}
}

130
2017/15xxx/CVE-2017-15643.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15643", "ID": "CVE-2017-15643",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum and an update value for verification of the downloaded files. The attacker first forces the client to initiate an update transaction by modifying an update field within an HTTP 200 response, so that it refers to a nonexistent update. The attacker then modifies the HTTP 404 response so that it specifies a successfully found update, with a Trojan horse executable file (e.g., guardxup.exe) and the correct CRC32 checksum for that file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blogs.securiteam.com/index.php/archives/3485", "description_data": [
"refsource" : "MISC", {
"url" : "https://blogs.securiteam.com/index.php/archives/3485" "lang": "eng",
}, "value": "An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum and an update value for verification of the downloaded files. The attacker first forces the client to initiate an update transaction by modifying an update field within an HTTP 200 response, so that it refers to a nonexistent update. The attacker then modifies the HTTP 404 response so that it specifies a successfully found update, with a Trojan horse executable file (e.g., guardxup.exe) and the correct CRC32 checksum for that file."
{ }
"name" : "https://www.ikarussecurity.com/about-ikarus/security-blog/vulnerability-in-windows-antivirus-products-ik-sa-2017-0001/", ]
"refsource" : "MISC", },
"url" : "https://www.ikarussecurity.com/about-ikarus/security-blog/vulnerability-in-windows-antivirus-products-ik-sa-2017-0001/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.securiteam.com/index.php/archives/3485",
"refsource": "MISC",
"url": "https://blogs.securiteam.com/index.php/archives/3485"
},
{
"name": "https://www.ikarussecurity.com/about-ikarus/security-blog/vulnerability-in-windows-antivirus-products-ik-sa-2017-0001/",
"refsource": "MISC",
"url": "https://www.ikarussecurity.com/about-ikarus/security-blog/vulnerability-in-windows-antivirus-products-ik-sa-2017-0001/"
}
]
}
}

34
2017/15xxx/CVE-2017-15711.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-15711", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-15711",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
} }
] ]
} }
} }

120
2017/15xxx/CVE-2017-15728.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15728", "ID": "CVE-2017-15728",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/thorsten/phpMyFAQ/commit/2d2a85b59e058869d7cbcfe2d73fed4a282f2e5b", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/thorsten/phpMyFAQ/commit/2d2a85b59e058869d7cbcfe2d73fed4a282f2e5b" "lang": "eng",
} "value": "In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thorsten/phpMyFAQ/commit/2d2a85b59e058869d7cbcfe2d73fed4a282f2e5b",
"refsource": "CONFIRM",
"url": "https://github.com/thorsten/phpMyFAQ/commit/2d2a85b59e058869d7cbcfe2d73fed4a282f2e5b"
}
]
}
}

122
2017/15xxx/CVE-2017-15887.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@synology.com", "ASSIGNER": "security@synology.com",
"DATE_PUBLIC" : "2017-11-06T00:00:00", "DATE_PUBLIC": "2017-11-06T00:00:00",
"ID" : "CVE-2017-15887", "ID": "CVE-2017-15887",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Synology CardDAV Server", "product_name": "Synology CardDAV Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "before 6.0.7-0085" "version_value": "before 6.0.7-0085"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Synology" "vendor_name": "Synology"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Restriction of Excessive Authentication Attempts (CWE-307)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.synology.com/en-global/support/security/Synology_SA_17_64_CardDAV_Server", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.synology.com/en-global/support/security/Synology_SA_17_64_CardDAV_Server" "lang": "eng",
} "value": "An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Excessive Authentication Attempts (CWE-307)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/en-global/support/security/Synology_SA_17_64_CardDAV_Server",
"refsource": "CONFIRM",
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_64_CardDAV_Server"
}
]
}
}

34
2017/9xxx/CVE-2017-9057.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9057", "ID": "CVE-2017-9057",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

122
2017/9xxx/CVE-2017-9507.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@atlassian.com", "ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC" : "2017-07-17T00:00:00", "DATE_PUBLIC": "2017-07-17T00:00:00",
"ID" : "CVE-2017-9507", "ID": "CVE-2017-9507",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Atlassian Crucible", "product_name": "Atlassian Crucible",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "From version 4.1.0 before version 4.4.1." "version_value": "From version 4.1.0 before version 4.4.1."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Atlassian" "vendor_name": "Atlassian"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://jira.atlassian.com/browse/CRUC-8043", "description_data": [
"refsource" : "MISC", {
"url" : "https://jira.atlassian.com/browse/CRUC-8043" "lang": "eng",
} "value": "The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/CRUC-8043",
"refsource": "MISC",
"url": "https://jira.atlassian.com/browse/CRUC-8043"
}
]
}
}

130
2017/9xxx/CVE-2017-9875.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9875", "ID": "CVE-2017-9875",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a \"User Mode Write AV starting at FPX!DE_Decode+0x0000000000000cdb.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9875", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9875" "lang": "eng",
}, "value": "IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a \"User Mode Write AV starting at FPX!DE_Decode+0x0000000000000cdb.\""
{ }
"name" : "http://www.irfanview.com/plugins.htm", ]
"refsource" : "CONFIRM", },
"url" : "http://www.irfanview.com/plugins.htm" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.irfanview.com/plugins.htm",
"refsource": "CONFIRM",
"url": "http://www.irfanview.com/plugins.htm"
},
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9875",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9875"
}
]
}
}

130
2018/0xxx/CVE-2018-0648.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0648", "ID": "CVE-2018-0648",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Installer of ChatWork Desktop App for Windows", "product_name": "Installer of ChatWork Desktop App for Windows",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.3.0 and earlier" "version_value": "2.3.0 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "ChatWork Co,. LTD." "vendor_name": "ChatWork Co,. LTD."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://go.chatwork.com/download/", "description_data": [
"refsource" : "MISC", {
"url" : "https://go.chatwork.com/download/" "lang": "eng",
}, "value": "Untrusted search path vulnerability in installer of ChatWork Desktop App for Windows 2.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
{ }
"name" : "JVN#39171169", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN39171169/index.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#39171169",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN39171169/index.html"
},
{
"name": "https://go.chatwork.com/download/",
"refsource": "MISC",
"url": "https://go.chatwork.com/download/"
}
]
}
}

124
2018/1000xxx/CVE-2018-1000153.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-04-05", "DATE_ASSIGNED": "2018-04-05",
"ID" : "CVE-2018-1000153", "ID": "CVE-2018-1000153",
"REQUESTER" : "ml@beckweb.net", "REQUESTER": "ml@beckweb.net",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Jenkins vSphere Plugin", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.16 and older" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Jenkins project" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSphereCloudSlaveTemplate.java, VSphereConnectionConfig.java, vSphereStep.java that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server (\"test connection\")."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-352"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-745", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-745" "lang": "eng",
} "value": "A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java, DeleteSnapshot.java, Deploy.java, ExposeGuestInfo.java, FolderVSphereCloudProperty.java, PowerOff.java, PowerOn.java, Reconfigure.java, Rename.java, RenameSnapshot.java, RevertToSnapshot.java, SuspendVm.java, TakeSnapshot.java, VSphereBuildStepContainer.java, vSphereCloudProvisionedSlave.java, vSphereCloudSlave.java, vSphereCloudSlaveTemplate.java, VSphereConnectionConfig.java, vSphereStep.java that allows attackers to perform form validation related actions, including sending numerous requests to the configured vSphere server, potentially resulting in denial of service, or send credentials stored in Jenkins with known ID to an attacker-specified server (\"test connection\")."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-745",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-745"
}
]
}
}

146
2018/1000xxx/CVE-2018-1000224.json
View File

@ -1,75 +1,75 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-08-02T16:41:53.514568", "DATE_ASSIGNED": "2018-08-02T16:41:53.514568",
"DATE_REQUESTED" : "2018-07-31T16:33:51", "DATE_REQUESTED": "2018-07-31T16:33:51",
"ID" : "CVE-2018-1000224", "ID": "CVE-2018-1000224",
"REQUESTER" : "fabio.alessandrelli@gmail.com", "REQUESTER": "fabio.alessandrelli@gmail.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Godot Engine", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6." "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Godot Engine" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in (De)Serialization functions (core/io/marshalls.cpp) that can result in DoS (packet of death), possible leak of uninitialized memory. This attack appear to be exploitable via A malformed packet is received over the network by a Godot application that uses built-in serialization (e.g. game server, or game client). Could be triggered by multiplayer opponent. This vulnerability appears to have been fixed in 2.1.5, 3.0.6, master branch after commit feaf03421dda0213382b51aff07bd5a96b29487b."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/godotengine/godot/issues/20558", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/godotengine/godot/issues/20558" "lang": "eng",
}, "value": "Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6. contains a Signed/unsigned comparison, wrong buffer size chackes, integer overflow, missing padding initialization vulnerability in (De)Serialization functions (core/io/marshalls.cpp) that can result in DoS (packet of death), possible leak of uninitialized memory. This attack appear to be exploitable via A malformed packet is received over the network by a Godot application that uses built-in serialization (e.g. game server, or game client). Could be triggered by multiplayer opponent. This vulnerability appears to have been fixed in 2.1.5, 3.0.6, master branch after commit feaf03421dda0213382b51aff07bd5a96b29487b."
{ }
"name" : "https://godotengine.org/article/maintenance-release-godot-2-1-5", ]
"refsource" : "CONFIRM", },
"url" : "https://godotengine.org/article/maintenance-release-godot-2-1-5" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://godotengine.org/article/maintenance-release-godot-3-0-6", "description": [
"refsource" : "CONFIRM", {
"url" : "https://godotengine.org/article/maintenance-release-godot-3-0-6" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://godotengine.org/article/maintenance-release-godot-2-1-5",
"refsource": "CONFIRM",
"url": "https://godotengine.org/article/maintenance-release-godot-2-1-5"
},
{
"name": "https://github.com/godotengine/godot/issues/20558",
"refsource": "CONFIRM",
"url": "https://github.com/godotengine/godot/issues/20558"
},
{
"name": "https://godotengine.org/article/maintenance-release-godot-3-0-6",
"refsource": "CONFIRM",
"url": "https://godotengine.org/article/maintenance-release-godot-3-0-6"
}
]
}
}

126
2018/1000xxx/CVE-2018-1000629.json
View File

@ -1,65 +1,65 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-07-31T16:52:42.840600", "DATE_ASSIGNED": "2018-07-31T16:52:42.840600",
"DATE_REQUESTED" : "2018-07-27T00:00:00", "DATE_REQUESTED": "2018-07-27T00:00:00",
"ID" : "CVE-2018-1000629", "ID": "CVE-2018-1000629",
"REQUESTER" : "stmoore@us.ibm.com", "REQUESTER": "stmoore@us.ibm.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "V2I Hub", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.5.1" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Battelle" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or _login_username parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147306", "description_data": [
"refsource" : "MISC", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147306" "lang": "eng",
} "value": "Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or _login_username parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147306",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147306"
}
]
}
}

34
2018/12xxx/CVE-2018-12404.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12404", "ID": "CVE-2018-12404",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/12xxx/CVE-2018-12639.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12639", "ID": "CVE-2018-12639",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/12xxx/CVE-2018-12665.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12665", "ID": "CVE-2018-12665",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/12xxx/CVE-2018-12738.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12738", "ID": "CVE-2018-12738",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2018/12xxx/CVE-2018-12841.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-12841", "ID": "CVE-2018-12841",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat and Reader", "product_name": "Adobe Acrobat and Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Adobe" "vendor_name": "Adobe"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Double Free "
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution."
{ }
"name" : "105440", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105440" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041809", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041809" "lang": "eng",
} "value": "Double Free "
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1041809",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041809"
},
{
"name": "105440",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105440"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
}
]
}
}

130
2018/16xxx/CVE-2018-16019.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-16019", "ID": "CVE-2018-16019",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
{ }
"name" : "106162", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106162" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106162"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
}
]
}
}

34
2018/16xxx/CVE-2018-16247.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16247", "ID": "CVE-2018-16247",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/16xxx/CVE-2018-16440.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16440", "ID": "CVE-2018-16440",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

200
2018/16xxx/CVE-2018-16859.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psampaio@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2018-16859", "ID": "CVE-2018-16859",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ansible", "product_name": "ansible",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.8 and older" "version_value": "2.8 and older"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Red Hat" "vendor_name": "Red Hat"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "4.2/CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-532"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859" "lang": "eng",
}, "value": "Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user with administrator privileges on the machine can view these logs and discover the plaintext password. Ansible Engine 2.8 and older are believed to be vulnerable."
{ }
"name" : "https://github.com/ansible/ansible/pull/49142", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/ansible/ansible/pull/49142" "impact": {
}, "cvss": [
{ [
"name" : "RHSA-2018:3770", {
"refsource" : "REDHAT", "vectorString": "4.2/CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"url" : "https://access.redhat.com/errata/RHSA-2018:3770" "version": "3.0"
}, }
{ ]
"name" : "RHSA-2018:3771", ]
"refsource" : "REDHAT", },
"url" : "https://access.redhat.com/errata/RHSA-2018:3771" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2018:3772", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3772" "lang": "eng",
}, "value": "CWE-532"
{ }
"name" : "RHSA-2018:3773", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2018:3773" ]
}, },
{ "references": {
"name" : "106004", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106004" "name": "https://github.com/ansible/ansible/pull/49142",
} "refsource": "CONFIRM",
] "url": "https://github.com/ansible/ansible/pull/49142"
} },
} {
"name": "RHSA-2018:3770",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3770"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859"
},
{
"name": "RHSA-2018:3771",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3771"
},
{
"name": "106004",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106004"
},
{
"name": "RHSA-2018:3773",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3773"
},
{
"name": "RHSA-2018:3772",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3772"
}
]
}
}

34
2018/16xxx/CVE-2018-16997.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16997", "ID": "CVE-2018-16997",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

67
2018/19xxx/CVE-2018-19276.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19276", "ID": "CVE-2018-19276",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,8 +34,48 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body."
} }
] ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151553/OpenMRS-Platform-Insecure-Object-Deserialization.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151553/OpenMRS-Platform-Insecure-Object-Deserialization.html"
},
{
"refsource": "EXPLOIT-DB",
"name": "46327",
"url": "https://www.exploit-db.com/exploits/46327/"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N",
"version": "3.0"
}
} }
} }

130
2018/4xxx/CVE-2018-4083.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2018-4083", "ID": "CVE-2018-4083",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the \"Touch Bar Support\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44007", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44007/" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the \"Touch Bar Support\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
{ }
"name" : "https://support.apple.com/HT208465", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT208465" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208465",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208465"
},
{
"name": "44007",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44007/"
}
]
}
}

150
2018/4xxx/CVE-2018-4139.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2018-4139", "ID": "CVE-2018-4139",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the \"kext tools\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44561", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44561/" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the \"kext tools\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
{ }
"name" : "https://support.apple.com/HT208692", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT208692" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "103582", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/103582" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1040608", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1040608" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://support.apple.com/HT208692",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208692"
},
{
"name": "103582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103582"
},
{
"name": "44561",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44561/"
},
{
"name": "1040608",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040608"
}
]
}
}

34
2018/4xxx/CVE-2018-4639.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4639", "ID": "CVE-2018-4639",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/4xxx/CVE-2018-4779.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4779", "ID": "CVE-2018-4779",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2018/4xxx/CVE-2018-4921.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-4921", "ID": "CVE-2018-4921",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Connect 9.7 and earlier", "product_name": "Adobe Connect 9.7 and earlier",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Connect 9.7 and earlier" "version_value": "Adobe Connect 9.7 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unrestricted SWF File Upload"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/connect/apsb18-06.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://helpx.adobe.com/security/products/connect/apsb18-06.html" "lang": "eng",
}, "value": "Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Successful exploitation could lead to information disclosure."
{ }
"name" : "103393", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103393" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040523", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040523" "lang": "eng",
} "value": "Unrestricted SWF File Upload"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1040523",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040523"
},
{
"name": "https://helpx.adobe.com/security/products/connect/apsb18-06.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/connect/apsb18-06.html"
},
{
"name": "103393",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103393"
}
]
}
}