admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:31:36 +00:00
parent 11882ff6d8
commit a23f10e7fc
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 3947 additions and 3893 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

168
2004/0xxx/CVE-2004-0229.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0229", "ID": "CVE-2004-0229",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The framebuffer driver in Linux kernel 2.6.x does not properly use the fb_copy_cmap function, with unknown impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "CLA-2004:852", "description_data": [
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852" "lang": "eng",
}, "value": "The framebuffer driver in Linux kernel 2.6.x does not properly use the fb_copy_cmap function, with unknown impact."
{ }
"name" : "GLSA-200407-02", ]
"refsource" : "GENTOO", },
"url" : "http://security.gentoo.org/glsa/glsa-200407-02.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDKSA-2004:037", "description": [
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:037" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SuSE-SA:2004:010", ]
"refsource" : "SUSE", }
"url" : "http://www.novell.com/linux/security/advisories/2004_10_kernel.html" ]
}, },
{ "references": {
"name" : "10211", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10211" "name": "linux-framebuffer(15974)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15974"
"name" : "linux-framebuffer(15974)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15974" "name": "SuSE-SA:2004:010",
} "refsource": "SUSE",
] "url": "http://www.novell.com/linux/security/advisories/2004_10_kernel.html"
} },
{
"name": "10211",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10211"
},
{
"name": "MDKSA-2004:037",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:037"
},
{
"name": "CLA-2004:852",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852"
},
{
"name": "GLSA-200407-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200407-02.xml"
}
]
}
} }

188
2004/0xxx/CVE-2004-0537.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0537", "ID": "CVE-2004-0537",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera 7.50 and earlier allows remote web sites to provide a \"Shortcut Icon\" (favicon) that is wider than expected, which could allow the web sites to spoof a trusted domain and facilitate phishing attacks using a wide icon and extra spaces."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040603 Phishing for Opera (GM#007-OP)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=108627581717738&w=2" "lang": "eng",
}, "value": "Opera 7.50 and earlier allows remote web sites to provide a \"Shortcut Icon\" (favicon) that is wider than expected, which could allow the web sites to spoof a trusted domain and facilitate phishing attacks using a wide icon and extra spaces."
{ }
"name" : "20040603 Phishing for Opera (GM#007-OP)", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022263.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://security.greymagic.com/security/advisories/gm007-op/", "description": [
"refsource" : "MISC", {
"url" : "http://security.greymagic.com/security/advisories/gm007-op/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.opera.com/linux/changelogs/751/index.dml", ]
"refsource" : "CONFIRM", }
"url" : "http://www.opera.com/linux/changelogs/751/index.dml" ]
}, },
{ "references": {
"name" : "10452", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10452" "name": "10452",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/10452"
"name" : "6590", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/6590" "name": "11762",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11762"
"name" : "11762", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11762" "name": "6590",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/6590"
"name" : "opera-favicon-spoofing(16307)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16307" "name": "http://www.opera.com/linux/changelogs/751/index.dml",
} "refsource": "CONFIRM",
] "url": "http://www.opera.com/linux/changelogs/751/index.dml"
} },
{
"name": "20040603 Phishing for Opera (GM#007-OP)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108627581717738&w=2"
},
{
"name": "opera-favicon-spoofing(16307)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16307"
},
{
"name": "20040603 Phishing for Opera (GM#007-OP)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022263.html"
},
{
"name": "http://security.greymagic.com/security/advisories/gm007-op/",
"refsource": "MISC",
"url": "http://security.greymagic.com/security/advisories/gm007-op/"
}
]
}
} }

32
2004/0xxx/CVE-2004-0912.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0912", "ID": "CVE-2004-0912",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

158
2004/0xxx/CVE-2004-0919.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0919", "ID": "CVE-2004-0919",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to read arbitrary kernel memory via (1) negative coordinates or (2) large coordinates."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "FreeBSD-SA-04:15", "description_data": [
"refsource" : "FREEBSD", {
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:15.syscons.asc" "lang": "eng",
}, "value": "The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to read arbitrary kernel memory via (1) negative coordinates or (2) large coordinates."
{ }
"name" : "VU#969078", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/969078" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "11321", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11321" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "12722", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/12722" ]
}, },
{ "references": {
"name" : "syscons-consscrshot-info-disclosure(17584)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17584" "name": "12722",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/12722"
} },
{
"name": "FreeBSD-SA-04:15",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:15.syscons.asc"
},
{
"name": "VU#969078",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/969078"
},
{
"name": "11321",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11321"
},
{
"name": "syscons-consscrshot-info-disclosure(17584)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17584"
}
]
}
} }

158
2004/1xxx/CVE-2004-1296.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1296", "ID": "CVE-2004-1296",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041220 [USN-43-1] groff utility vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110358225615424&w=2" "lang": "eng",
}, "value": "The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files."
{ }
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371", ]
"refsource" : "CONFIRM", },
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDKSA-2006:038", ]
"refsource" : "MANDRIVA", }
"url" : "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038" ]
}, },
{ "references": {
"name" : "groff-eqn2graph-pic2graph-symlink(18660)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18660" "name": "20041220 [USN-43-1] groff utility vulnerabilities",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=110358225615424&w=2"
} },
{
"name": "MDKSA-2006:038",
"refsource": "MANDRIVA",
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038"
},
{
"name": "groff-eqn2graph-pic2graph-symlink(18660)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18660"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371"
}
]
}
} }

158
2004/1xxx/CVE-2004-1530.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1530", "ID": "CVE-2004-1530",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the (1) eid or (2) cid parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041116 [waraxe-2004-SA#038 - Multiple vulnerabilities in Event Calendar module for PhpNuke]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110064626111756&w=2" "lang": "eng",
}, "value": "SQL injection vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the (1) eid or (2) cid parameters."
{ }
"name" : "http://www.waraxe.us/index.php?modname=sa&id=38", ]
"refsource" : "MISC", },
"url" : "http://www.waraxe.us/index.php?modname=sa&id=38" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "11693", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11693" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "13213", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/13213" ]
}, },
{ "references": {
"name" : "event-calendar-sql-injection(18104)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18104" "name": "11693",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/11693"
} },
{
"name": "event-calendar-sql-injection(18104)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18104"
},
{
"name": "20041116 [waraxe-2004-SA#038 - Multiple vulnerabilities in Event Calendar module for PhpNuke]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110064626111756&w=2"
},
{
"name": "http://www.waraxe.us/index.php?modname=sa&id=38",
"refsource": "MISC",
"url": "http://www.waraxe.us/index.php?modname=sa&id=38"
},
{
"name": "13213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13213"
}
]
}
} }

148
2004/1xxx/CVE-2004-1649.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1649", "ID": "CVE-2004-1649",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040831 MSInfo Buffer Overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109413415205017&w=2" "lang": "eng",
}, "value": "Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future."
{ }
"name" : "20040830 MSInfo Buffer Overflow", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025902.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20040830 MSInfo Buffer Overflow", "description": [
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=109391133831787&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "msinfo-msinfofile-bo(17153)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17153" ]
} },
] "references": {
} "reference_data": [
{
"name": "msinfo-msinfofile-bo(17153)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17153"
},
{
"name": "20040831 MSInfo Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109413415205017&w=2"
},
{
"name": "20040830 MSInfo Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=109391133831787&w=2"
},
{
"name": "20040830 MSInfo Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025902.html"
}
]
}
} }

198
2004/2xxx/CVE-2004-2319.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2319", "ID": "CVE-2004-2319",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040129 ----------========== OPEN3S-2003-08-08-eng-informix-onedcu ==========----------", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/351770" "lang": "eng",
}, "value": "IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit."
{ }
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21153336", ]
"refsource" : "CONFIRM", },
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21153336" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "9511", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/9511" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "9512", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/9512" ]
}, },
{ "references": {
"name" : "3758", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/3758" "name": "3760",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/3760"
"name" : "3760", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/3760" "name": "9511",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/9511"
"name" : "10737", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/10737/" "name": "informix-onshowaudit-information-disclosure(14969)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14969"
"name" : "informix-onedcu-symlink-attack(14971)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14971" "name": "9512",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/9512"
"name" : "informix-onshowaudit-information-disclosure(14969)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14969" "name": "informix-onedcu-symlink-attack(14971)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14971"
} },
{
"name": "10737",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10737/"
},
{
"name": "3758",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3758"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336"
},
{
"name": "20040129 ----------========== OPEN3S-2003-08-08-eng-informix-onedcu ==========----------",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/351770"
}
]
}
} }

168
2008/2xxx/CVE-2008-2062.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2008-2062", "ID": "CVE-2008-2062",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080625 Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities", "description_data": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml" "lang": "eng",
}, "value": "The Real-Time Information Server (RIS) Data Collector service in Cisco Unified Communications Manager (CUCM) before 4.2(3)SR4, and 4.3 before 4.3(2)SR1, allows remote attackers to bypass authentication, and obtain cluster configuration information and statistics, via a direct TCP connection to the service port, aka Bug ID CSCsq35151."
{ }
"name" : "29935", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29935" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-1933", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1933/references" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1020361", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1020361" ]
}, },
{ "references": {
"name" : "30848", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30848" "name": "cucm-risdatacollector-info-disclosure(43355)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43355"
"name" : "cucm-risdatacollector-info-disclosure(43355)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43355" "name": "ADV-2008-1933",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2008/1933/references"
} },
{
"name": "30848",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30848"
},
{
"name": "29935",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29935"
},
{
"name": "20080625 Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml"
},
{
"name": "1020361",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020361"
}
]
}
} }

218
2008/2xxx/CVE-2008-2252.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2008-2252", "ID": "CVE-2008-2252",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka \"Windows Kernel Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBST02379", "description_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2" "lang": "eng",
}, "value": "The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka \"Windows Kernel Memory Corruption Vulnerability.\""
{ }
"name" : "SSRT080143", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS08-061", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-061" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "TA08-288A", ]
"refsource" : "CERT", }
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-288A.html" ]
}, },
{ "references": {
"name" : "31652", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31652" "name": "SSRT080143",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"
"name" : "oval:org.mitre.oval:def:6045", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6045" "name": "32247",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32247"
"name" : "ADV-2008-2812", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2812" "name": "win-kernel-input-privilege-escalation(45543)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45543"
"name" : "1021046", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021046" "name": "MS08-061",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-061"
"name" : "32247", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32247" "name": "oval:org.mitre.oval:def:6045",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6045"
"name" : "win-kernel-input-privilege-escalation(45543)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45543" "name": "win-ms08kb954211-update(45544)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45544"
"name" : "win-ms08kb954211-update(45544)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45544" "name": "HPSBST02379",
} "refsource": "HP",
] "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"
} },
{
"name": "ADV-2008-2812",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2812"
},
{
"name": "1021046",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021046"
},
{
"name": "TA08-288A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
},
{
"name": "31652",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31652"
}
]
}
} }

188
2008/2xxx/CVE-2008-2597.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2597", "ID": "CVE-2008-2597",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the TimesTen Client/Server component in Oracle Times Ten In-Memory Database 7.0.3.0.0 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2598 and CVE-2008-2599."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the TimesTen Client/Server component in Oracle Times Ten In-Memory Database 7.0.3.0.0 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2598 and CVE-2008-2599."
{ }
"name" : "HPSBMA02133", ]
"refsource" : "HP", },
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT061201", "description": [
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-2115", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/2115" ]
}, },
{ "references": {
"name" : "ADV-2008-2109", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2109/references" "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
"name" : "1020493", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020493" "name": "ADV-2008-2115",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2115"
"name" : "31113", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31113" "name": "SSRT061201",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
"name" : "31087", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31087" "name": "HPSBMA02133",
} "refsource": "HP",
] "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
} },
{
"name": "ADV-2008-2109",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2109/references"
},
{
"name": "31087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31087"
},
{
"name": "31113",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31113"
},
{
"name": "1020493",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020493"
}
]
}
} }

278
2008/2xxx/CVE-2008-2729.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2729", "ID": "CVE-2008-2729",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3022d734a54cbd2b65eea9a024564821101b4a9a;hp=f0f4c3432e5e1087b3a8c0e6bd4113d3c37497ff", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3022d734a54cbd2b65eea9a024564821101b4a9a;hp=f0f4c3432e5e1087b3a8c0e6bd4113d3c37497ff" "lang": "eng",
}, "value": "arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some AMD64 systems does not erase destination memory locations after an exception during kernel memory copy, which allows local users to obtain sensitive information."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=451271", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=451271" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-1630", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1630" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDVSA-2008:174", ]
"refsource" : "MANDRIVA", }
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:174" ]
}, },
{ "references": {
"name" : "RHSA-2008:0508", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2008-0508.html" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3022d734a54cbd2b65eea9a024564821101b4a9a;hp=f0f4c3432e5e1087b3a8c0e6bd4113d3c37497ff",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3022d734a54cbd2b65eea9a024564821101b4a9a;hp=f0f4c3432e5e1087b3a8c0e6bd4113d3c37497ff"
"name" : "RHSA-2008:0519", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0519.html" "name": "DSA-1630",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1630"
"name" : "RHSA-2008:0585", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0585.html" "name": "RHSA-2008:0519",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0519.html"
"name" : "USN-625-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-625-1" "name": "linux-kernel-destination-info-disclosure(43558)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43558"
"name" : "29943", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29943" "name": "oval:org.mitre.oval:def:11571",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11571"
"name" : "oval:org.mitre.oval:def:11571", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11571" "name": "30849",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30849"
"name" : "1020364", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020364" "name": "1020364",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1020364"
"name" : "30849", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30849" "name": "31551",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31551"
"name" : "30850", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30850" "name": "30850",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30850"
"name" : "31107", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31107" "name": "RHSA-2008:0585",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0585.html"
"name" : "31628", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31628" "name": "MDVSA-2008:174",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:174"
"name" : "31551", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31551" "name": "31107",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31107"
"name" : "linux-kernel-destination-info-disclosure(43558)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43558" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=451271",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=451271"
} },
{
"name": "29943",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29943"
},
{
"name": "31628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31628"
},
{
"name": "USN-625-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-625-1"
},
{
"name": "RHSA-2008:0508",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0508.html"
}
]
}
} }

158
2008/3xxx/CVE-2008-3192.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3192", "ID": "CVE-2008-3192",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in jSite 1.0 OE allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6057", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6057" "lang": "eng",
}, "value": "Directory traversal vulnerability in index.php in jSite 1.0 OE allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter."
{ }
"name" : "30206", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30206" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31049", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31049" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3999", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/3999" ]
}, },
{ "references": {
"name" : "jsite-module-file-include(43746)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43746" "name": "31049",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/31049"
} },
{
"name": "6057",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6057"
},
{
"name": "3999",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3999"
},
{
"name": "30206",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30206"
},
{
"name": "jsite-module-file-include(43746)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43746"
}
]
}
} }

148
2008/3xxx/CVE-2008-3226.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3226", "ID": "CVE-2008-3226",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20080712 CVE requests: joomla <1.5.4", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2008/07/12/2" "lang": "eng",
}, "value": "The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors."
{ }
"name" : "http://www.joomla.org/content/view/5180/1/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.joomla.org/content/view/5180/1/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30125", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30125" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "joomla-filecaching-unauth-access(43650)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43650" ]
} },
] "references": {
} "reference_data": [
{
"name": "[oss-security] 20080712 CVE requests: joomla <1.5.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"name": "http://www.joomla.org/content/view/5180/1/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"name": "30125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30125"
},
{
"name": "joomla-filecaching-unauth-access(43650)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43650"
}
]
}
} }

238
2008/3xxx/CVE-2008-3522.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2008-3522", "ID": "CVE-2008-3522",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.gentoo.org/attachment.cgi?id=163282&action=view", "description_data": [
"refsource" : "MISC", {
"url" : "http://bugs.gentoo.org/attachment.cgi?id=163282&action=view" "lang": "eng",
}, "value": "Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf."
{ }
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=222819", ]
"refsource" : "MISC", },
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=222819" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-200812-18", "description": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200812-18.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDVSA-2009:142", ]
"refsource" : "MANDRIVA", }
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:142" ]
}, },
{ "references": {
"name" : "MDVSA-2009:144", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:144" "name": "31470",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/31470"
"name" : "MDVSA-2009:164", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:164" "name": "MDVSA-2009:164",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:164"
"name" : "RHSA-2015:0698", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0698.html" "name": "MDVSA-2009:144",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:144"
"name" : "SSA:2015-302-02", },
"refsource" : "SLACKWARE", {
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606" "name": "http://bugs.gentoo.org/attachment.cgi?id=163282&action=view",
}, "refsource": "MISC",
{ "url": "http://bugs.gentoo.org/attachment.cgi?id=163282&action=view"
"name" : "USN-742-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-742-1" "name": "34391",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34391"
"name" : "31470", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31470" "name": "MDVSA-2009:142",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:142"
"name" : "33173", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33173" "name": "http://bugs.gentoo.org/show_bug.cgi?id=222819",
}, "refsource": "MISC",
{ "url": "http://bugs.gentoo.org/show_bug.cgi?id=222819"
"name" : "34391", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34391" "name": "USN-742-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-742-1"
"name" : "jasper-jasstreamprintf-bo(45623)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45623" "name": "jasper-jasstreamprintf-bo(45623)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45623"
} },
{
"name": "RHSA-2015:0698",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0698.html"
},
{
"name": "33173",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33173"
},
{
"name": "GLSA-200812-18",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-18.xml"
},
{
"name": "SSA:2015-302-02",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.538606"
}
]
}
} }

148
2008/3xxx/CVE-2008-3566.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3566", "ID": "CVE-2008-3566",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in ZoneO-soft freeForum 1.7 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter to (1) the default URI or (2) index.php, or (3) the PATH_INFO to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30509.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/30509.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in ZoneO-soft freeForum 1.7 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter to (1) the default URI or (2) index.php, or (3) the PATH_INFO to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "30509", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30509" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31349", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31349" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "freeforum-acuparam-xss(44178)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44178" ]
} },
] "references": {
} "reference_data": [
{
"name": "31349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31349"
},
{
"name": "30509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30509"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/30509.html",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/30509.html"
},
{
"name": "freeforum-acuparam-xss(44178)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44178"
}
]
}
} }

408
2008/3xxx/CVE-2008-3657.json
View File

@ -1,207 +1,207 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3657", "ID": "CVE-2008-3657",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check \"taintness\" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080831 rPSA-2008-0264-1 ruby", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/495884/100/0/threaded" "lang": "eng",
}, "value": "The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check \"taintness\" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen."
{ }
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401", ]
"refsource" : "CONFIRM", },
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264", ]
"refsource" : "CONFIRM", }
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264" ]
}, },
{ "references": {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm" "name": "31430",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31430"
"name" : "http://support.apple.com/kb/HT3549", },
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT3549" "name": "31697",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31697"
"name" : "APPLE-SA-2009-05-12", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" "name": "USN-651-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/651-1/"
"name" : "DSA-1651", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1651" "name": "http://support.apple.com/kb/HT3549",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT3549"
"name" : "DSA-1652", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1652" "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264",
}, "refsource": "CONFIRM",
{ "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264"
"name" : "FEDORA-2008-8736", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html" "name": "DSA-1652",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1652"
"name" : "FEDORA-2008-8738", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html" "name": "FEDORA-2008-8736",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"
"name" : "GLSA-200812-17", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200812-17.xml" "name": "oval:org.mitre.oval:def:9793",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9793"
"name" : "RHSA-2008:0897", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0897.html" "name": "35074",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35074"
"name" : "USN-651-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/651-1/" "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"
"name" : "TA09-133A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" "name": "DSA-1651",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1651"
"name" : "30644", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30644" "name": "APPLE-SA-2009-05-12",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
"name" : "oval:org.mitre.oval:def:9793", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9793" "name": "30644",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/30644"
"name" : "35074", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35074" "name": "RHSA-2008:0897",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0897.html"
"name" : "ADV-2008-2334", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2334" "name": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/",
}, "refsource": "CONFIRM",
{ "url": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/"
"name" : "1020652", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020652" "name": "32219",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32219"
"name" : "31697", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31697" "name": "TA09-133A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
"name" : "32255", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32255" "name": "ruby-dl-security-bypass(44372)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44372"
"name" : "32256", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32256" "name": "32255",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32255"
"name" : "33178", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33178" "name": "ADV-2009-1297",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/1297"
"name" : "31430", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31430" "name": "20080831 rPSA-2008-0264-1 ruby",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/495884/100/0/threaded"
"name" : "32165", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32165" "name": "32371",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32371"
"name" : "32219", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32219" "name": "32165",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32165"
"name" : "32371", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32371" "name": "GLSA-200812-17",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
"name" : "ADV-2009-1297", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1297" "name": "33178",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33178"
"name" : "ruby-dl-security-bypass(44372)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44372" "name": "ADV-2008-2334",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2008/2334"
} },
{
"name": "1020652",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020652"
},
{
"name": "FEDORA-2008-8738",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401"
},
{
"name": "32256",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32256"
}
]
}
} }

138
2008/6xxx/CVE-2008-6066.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6066", "ID": "CVE-2008-6066",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules.php, (2) ManagerResource.class.php, (3) ManagerRightsResource.class.php, (4) RegForm.class.php, (5) RegResource.class.php, and (6) RegRightsResource.class.php in classes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.securityfocus.com/bid/30673/exploit", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.securityfocus.com/bid/30673/exploit" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules.php, (2) ManagerResource.class.php, (3) ManagerRightsResource.class.php, (4) RegForm.class.php, (5) RegResource.class.php, and (6) RegRightsResource.class.php in classes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "30673", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30673" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "meetweb-rootpath-file-include(44454)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44454" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/30673/exploit",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/30673/exploit"
},
{
"name": "meetweb-rootpath-file-include(44454)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44454"
},
{
"name": "30673",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30673"
}
]
}
} }

138
2008/6xxx/CVE-2008-6157.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6157", "ID": "CVE-2008-6157",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7613", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7613" "lang": "eng",
}, "value": "SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information."
{ }
"name" : "20090220 CVE-2008-6157 / Milw0rm 7613", ]
"refsource" : "VIM", },
"url" : "http://www.attrition.org/pipermail/vim/2009-February/002146.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "classifiedads-classifieds-info-disclosure(48822)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48822" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "7613",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7613"
},
{
"name": "classifiedads-classifieds-info-disclosure(48822)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48822"
},
{
"name": "20090220 CVE-2008-6157 / Milw0rm 7613",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2009-February/002146.html"
}
]
}
} }

158
2008/6xxx/CVE-2008-6464.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6464", "ID": "CVE-2008-6464",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in event.php in Mevin Productions Basic PHP Events Lister 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6508", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6508" "lang": "eng",
}, "value": "SQL injection vulnerability in event.php in Mevin Productions Basic PHP Events Lister 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
{ }
"name" : "31278", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31278" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "48499", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/48499" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "31779", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/31779" ]
}, },
{ "references": {
"name" : "ADV-2008-2648", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2648" "name": "48499",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/48499"
} },
{
"name": "ADV-2008-2648",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2648"
},
{
"name": "6508",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6508"
},
{
"name": "31278",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31278"
},
{
"name": "31779",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31779"
}
]
}
} }

178
2008/6xxx/CVE-2008-6671.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6671", "ID": "CVE-2008-6671",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted join packet to UDP port 27960."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://aluigi.altervista.org/adv/sunagex-adv.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://aluigi.altervista.org/adv/sunagex-adv.txt" "lang": "eng",
}, "value": "Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted join packet to UDP port 27960."
{ }
"name" : "http://aluigi.org/poc/sunagex.zip", ]
"refsource" : "MISC", },
"url" : "http://aluigi.org/poc/sunagex.zip" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "29889", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29889" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "46562", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/46562" ]
}, },
{ "references": {
"name" : "30823", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30823" "name": "ADV-2008-1903",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1903/references"
"name" : "ADV-2008-1903", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1903/references" "name": "sunage-unspecified-dos(43249)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43249"
"name" : "sunage-unspecified-dos(43249)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43249" "name": "30823",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/30823"
} },
{
"name": "29889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29889"
},
{
"name": "http://aluigi.org/poc/sunagex.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/sunagex.zip"
},
{
"name": "46562",
"refsource": "OSVDB",
"url": "http://osvdb.org/46562"
},
{
"name": "http://aluigi.altervista.org/adv/sunagex-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/sunagex-adv.txt"
}
]
}
} }

138
2008/7xxx/CVE-2008-7183.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-7183", "ID": "CVE-2008-7183",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in eva/index.php in EVA CMS 2.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the eva[caminho] parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstorm.linuxsecurity.com/0806-exploits/evacms-rfi.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstorm.linuxsecurity.com/0806-exploits/evacms-rfi.txt" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in eva/index.php in EVA CMS 2.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the eva[caminho] parameter to index.php."
{ }
"name" : "29954", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29954" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "evacms-index-file-include(43437)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43437" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "29954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29954"
},
{
"name": "http://packetstorm.linuxsecurity.com/0806-exploits/evacms-rfi.txt",
"refsource": "MISC",
"url": "http://packetstorm.linuxsecurity.com/0806-exploits/evacms-rfi.txt"
},
{
"name": "evacms-index-file-include(43437)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43437"
}
]
}
} }

198
2012/5xxx/CVE-2012-5653.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-5653", "ID": "CVE-2012-5653",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20121219 Re: CVE request for Drupal core, and contributed modules", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/12/20/1" "lang": "eng",
}, "value": "The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated users to bypass the protection mechanism and execute arbitrary PHP code via a null byte in a file name."
{ }
"name" : "http://drupal.org/SA-CORE-2012-004", ]
"refsource" : "CONFIRM", },
"url" : "http://drupal.org/SA-CORE-2012-004" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://drupalcode.org/project/drupal.git/commitdiff/b47f95d", "description": [
"refsource" : "CONFIRM", {
"url" : "http://drupalcode.org/project/drupal.git/commitdiff/b47f95d" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://drupalcode.org/project/drupal.git/commitdiff/da8023a", ]
"refsource" : "CONFIRM", }
"url" : "http://drupalcode.org/project/drupal.git/commitdiff/da8023a" ]
}, },
{ "references": {
"name" : "DSA-2776", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2776" "name": "88529",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/88529"
"name" : "MDVSA-2013:074", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:074" "name": "http://drupalcode.org/project/drupal.git/commitdiff/da8023a",
}, "refsource": "CONFIRM",
{ "url": "http://drupalcode.org/project/drupal.git/commitdiff/da8023a"
"name" : "56993", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/56993" "name": "MDVSA-2013:074",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:074"
"name" : "88529", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/88529" "name": "http://drupal.org/SA-CORE-2012-004",
}, "refsource": "CONFIRM",
{ "url": "http://drupal.org/SA-CORE-2012-004"
"name" : "drupal-fileupload-code-execution(80795)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80795" "name": "56993",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/56993"
} },
{
"name": "http://drupalcode.org/project/drupal.git/commitdiff/b47f95d",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/drupal.git/commitdiff/b47f95d"
},
{
"name": "DSA-2776",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2776"
},
{
"name": "[oss-security] 20121219 Re: CVE request for Drupal core, and contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/20/1"
},
{
"name": "drupal-fileupload-code-execution(80795)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80795"
}
]
}
} }

168
2012/5xxx/CVE-2012-5701.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5701", "ID": "CVE-2012-5701",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/118274/dotProject-2.1.6-Cross-Site-Scripting-SQL-Injection.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/118274/dotProject-2.1.6-Cross-Site-Scripting-SQL-Injection.html" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands."
{ }
"name" : "https://www.htbridge.com/advisory/HTB23124", ]
"refsource" : "MISC", },
"url" : "https://www.htbridge.com/advisory/HTB23124" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "56624", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/56624" ]
}, },
{ "references": {
"name" : "87625", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/87625" "name": "87625",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/87625"
"name" : "dotproject-searchstring-sql-injection(80223)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80223" "name": "dotproject-searchstring-sql-injection(80223)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80223"
} },
{
"name": "https://www.htbridge.com/advisory/HTB23124",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23124"
},
{
"name": "56624",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56624"
},
{
"name": "http://packetstormsecurity.com/files/118274/dotProject-2.1.6-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/118274/dotProject-2.1.6-Cross-Site-Scripting-SQL-Injection.html"
},
{
"name": "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/"
}
]
}
} }

128
2013/2xxx/CVE-2013-2629.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2629", "ID": "CVE-2013-2629",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://seclists.org/bugtraq/2013/Dec/107" "lang": "eng",
}, "value": "Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php."
{ }
"name" : "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt", ]
"refsource" : "MISC", },
"url" : "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"name": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt",
"refsource": "MISC",
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
}
]
}
} }

138
2017/11xxx/CVE-2017-11283.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-11283", "ID": "CVE-2017-11283",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11.", "product_name": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11.",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11." "version_value": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Vulnerable 3rd Party Library"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html" "lang": "eng",
}, "value": "Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11."
{ }
"name" : "100708", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100708" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039321", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039321" "lang": "eng",
} "value": "Vulnerable 3rd Party Library"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html"
},
{
"name": "1039321",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039321"
},
{
"name": "100708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100708"
}
]
}
} }

130
2017/11xxx/CVE-2017-11508.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vulnreport@tenable.com", "ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC" : "2017-11-01T00:00:00", "DATE_PUBLIC": "2017-11-01T00:00:00",
"ID" : "CVE-2017-11508", "ID": "CVE-2017-11508",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "SecurityCenter", "product_name": "SecurityCenter",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.5.0, 5.5.1 and 5.5.2" "version_value": "5.5.0, 5.5.1 and 5.5.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Tenable" "vendor_name": "Tenable"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.tenable.com/security/tns-2017-13", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.tenable.com/security/tns-2017-13" "lang": "eng",
}, "value": "SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a diagnostic scan within SecurityCenter. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access."
{ }
"name" : "1039804", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1039804" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039804",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039804"
},
{
"name": "https://www.tenable.com/security/tns-2017-13",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2017-13"
}
]
}
} }

118
2017/11xxx/CVE-2017-11648.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11648", "ID": "CVE-2017-11648",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://iscouncil.blogspot.com/2017/07/cross-site-request-forgery_31.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://iscouncil.blogspot.com/2017/07/cross-site-request-forgery_31.html" "lang": "eng",
} "value": "Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://iscouncil.blogspot.com/2017/07/cross-site-request-forgery_31.html",
"refsource": "MISC",
"url": "https://iscouncil.blogspot.com/2017/07/cross-site-request-forgery_31.html"
}
]
}
} }

32
2017/11xxx/CVE-2017-11690.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11690", "ID": "CVE-2017-11690",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2017/14xxx/CVE-2017-14159.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14159", "ID": "CVE-2017-14159",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.openldap.org/its/index.cgi?findid=8703", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.openldap.org/its/index.cgi?findid=8703" "lang": "eng",
} "value": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openldap.org/its/index.cgi?findid=8703",
"refsource": "MISC",
"url": "http://www.openldap.org/its/index.cgi?findid=8703"
}
]
}
} }

118
2017/14xxx/CVE-2017-14301.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14301", "ID": "CVE-2017-14301",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to \"Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d3.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14301", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14301" "lang": "eng",
} "value": "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to \"Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d3.\""
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14301",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14301"
}
]
}
} }

118
2017/14xxx/CVE-2017-14445.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"ID" : "CVE-2017-14445", "ID": "CVE-2017-14445",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Insteon", "product_name": "Insteon",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Insteon Hub 2245-222 - Firmware version 1012" "version_value": "Insteon Hub 2245-222 - Firmware version 1012"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Insteon" "vendor_name": "Insteon"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "buffer overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0494", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0494" "lang": "eng",
} "value": "An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to trigger this vulnerability."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0494",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0494"
}
]
}
} }

128
2017/14xxx/CVE-2017-14526.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14526", "ID": "CVE-2017-14526",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20170925 OpenText Documentum Administrator and Webtop - XML External Entity Injection", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2017/Sep/58" "lang": "eng",
}, "value": "Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Administrator 7.2.0180.0055 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Documentum user hashes via a (1) crafted DTD, involving unspecified XML structures in a request to xda/com/documentum/ucf/server/transport/impl/GAIRConnector or crafted XML file in a MediaProfile file (2) import or (3) check in."
{ }
"name" : "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774", ]
"refsource" : "CONFIRM", },
"url" : "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170925 OpenText Documentum Administrator and Webtop - XML External Entity Injection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Sep/58"
},
{
"name": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774",
"refsource": "CONFIRM",
"url": "https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774"
}
]
}
} }

32
2017/14xxx/CVE-2017-14959.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14959", "ID": "CVE-2017-14959",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2017/15xxx/CVE-2017-15040.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15040", "ID": "CVE-2017-15040",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2017/15xxx/CVE-2017-15055.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15055", "ID": "CVE-2017-15055",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the file attachments of an arbitrary item, copy the password of an arbitrary item to the copy/paste buffer, access the history of an arbitrary item, and edit attributes of an arbitrary directory. To exploit the vulnerability, an authenticated attacker must tamper with the requests sent directly, for example by changing the \"item_id\" parameter when invoking \"copy_item\" on items.queries.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blog.amossys.fr/teampass-multiple-cve-01.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://blog.amossys.fr/teampass-multiple-cve-01.html" "lang": "eng",
}, "value": "TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, edit any item within a read-only directory, delete an arbitrary item, delete the file attachments of an arbitrary item, copy the password of an arbitrary item to the copy/paste buffer, access the history of an arbitrary item, and edit attributes of an arbitrary directory. To exploit the vulnerability, an authenticated attacker must tamper with the requests sent directly, for example by changing the \"item_id\" parameter when invoking \"copy_item\" on items.queries.php."
{ }
"name" : "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f", ]
"refsource" : "MISC", },
"url" : "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.amossys.fr/teampass-multiple-cve-01.html",
"refsource": "MISC",
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"name": "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f",
"refsource": "MISC",
"url": "https://github.com/nilsteampassnet/TeamPass/commit/5f16f6bb132138ee04eb1e0debf2bdc7d7b7a15f"
}
]
}
} }

168
2017/15xxx/CVE-2017-15116.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2017-15116", "ID": "CVE-2017-15116",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Linux kernel", "product_name": "Linux kernel",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Linux kernel" "version_value": "Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "null pointer dereference"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6", "description_data": [
"refsource" : "MISC", {
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6" "lang": "eng",
}, "value": "The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference)."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1485815", ]
"refsource" : "MISC", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1485815" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1514609", "description": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1514609" "lang": "eng",
}, "value": "null pointer dereference"
{ }
"name" : "https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6", ]
"refsource" : "MISC", }
"url" : "https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6" ]
}, },
{ "references": {
"name" : "RHSA-2018:0676", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0676" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1485815",
}, "refsource": "MISC",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1485815"
"name" : "RHSA-2018:1062", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1062" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1514609",
} "refsource": "MISC",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1514609"
} },
{
"name": "RHSA-2018:1062",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1062"
},
{
"name": "RHSA-2018:0676",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0676"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6"
},
{
"name": "https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6"
}
]
}
} }

148
2017/15xxx/CVE-2017-15195.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15195", "ID": "CVE-2017-15195",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://openwall.com/lists/oss-security/2017/10/04/9", "description_data": [
"refsource" : "MISC", {
"url" : "http://openwall.com/lists/oss-security/2017/10/04/9" "lang": "eng",
}, "value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user."
{ }
"name" : "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0", ]
"refsource" : "MISC", },
"url" : "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://kanboard.net/news/version-1.0.47", ]
"refsource" : "MISC", }
"url" : "https://kanboard.net/news/version-1.0.47" ]
} },
] "references": {
} "reference_data": [
{
"name": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/074f6c104f3e49401ef0065540338fc2d4be79f0"
},
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/3e0f14ae2b0b5a44bd038a472f17eac75f538524"
}
]
}
} }

118
2017/15xxx/CVE-2017-15246.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15246", "ID": "CVE-2017-15246",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a \"Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x000000000001515b.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15246", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15246" "lang": "eng",
} "value": "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a \"Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x000000000001515b.\""
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15246",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15246"
}
]
}
} }

140
2017/8xxx/CVE-2017-8660.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-09-12T00:00:00", "DATE_PUBLIC": "2017-09-12T00:00:00",
"ID" : "CVE-2017-8660", "ID": "CVE-2017-8660",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Edge", "product_name": "Microsoft Edge",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016." "version_value": "Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8649, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8660", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8660" "lang": "eng",
}, "value": "Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8649, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764."
{ }
"name" : "100757", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100757" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039342", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039342" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8660",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8660"
},
{
"name": "1039342",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039342"
},
{
"name": "100757",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100757"
}
]
}
} }

130
2017/8xxx/CVE-2017-8963.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security-alert@hpe.com", "ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-10-27T00:00:00", "DATE_PUBLIC": "2017-10-27T00:00:00",
"ID" : "CVE-2017-8963", "ID": "CVE-2017-8963",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Intelligent Management Center (iMC) PLAT", "product_name": "Intelligent Management Center (iMC) PLAT",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.3 E0504P2" "version_value": "7.3 E0504P2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Hewlett Packard Enterprise" "vendor_name": "Hewlett Packard Enterprise"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Deserialization of Untrusted Data"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03787en_us", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03787en_us" "lang": "eng",
}, "value": "A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found."
{ }
"name" : "1039684", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1039684" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03787en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03787en_us"
},
{
"name": "1039684",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039684"
}
]
}
} }

118
2018/12xxx/CVE-2018-12046.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12046", "ID": "CVE-2018-12046",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/SukaraLin/php_code_audit_project/blob/master/dedecms/dedecms%20v5.7%20sp2%20%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/SukaraLin/php_code_audit_project/blob/master/dedecms/dedecms%20v5.7%20sp2%20%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1.md" "lang": "eng",
} "value": "DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/SukaraLin/php_code_audit_project/blob/master/dedecms/dedecms%20v5.7%20sp2%20%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1.md",
"refsource": "MISC",
"url": "https://github.com/SukaraLin/php_code_audit_project/blob/master/dedecms/dedecms%20v5.7%20sp2%20%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1.md"
}
]
}
} }

118
2018/12xxx/CVE-2018-12051.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12051", "ID": "CVE-2018-12051",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/unh3x/just4cve/issues/5", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/unh3x/just4cve/issues/5" "lang": "eng",
} "value": "Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/unh3x/just4cve/issues/5",
"refsource": "MISC",
"url": "https://github.com/unh3x/just4cve/issues/5"
}
]
}
} }

32
2018/12xxx/CVE-2018-12274.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12274", "ID": "CVE-2018-12274",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2018/12xxx/CVE-2018-12838.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-12838", "ID": "CVE-2018-12838",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat and Reader", "product_name": "Adobe Acrobat and Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Adobe" "vendor_name": "Adobe"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a stack overflow vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Stack Overflow "
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a stack overflow vulnerability. Successful exploitation could lead to information disclosure."
{ }
"name" : "105444", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105444" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041809", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041809" "lang": "eng",
} "value": "Stack Overflow "
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1041809",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041809"
},
{
"name": "105444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105444"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
}
]
}
} }

118
2018/13xxx/CVE-2018-13071.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13071", "ID": "CVE-2018-13071",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/VenusADLab/EtherTokens/blob/master/CCindexToken/CCindexToken.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/VenusADLab/EtherTokens/blob/master/CCindexToken/CCindexToken.md" "lang": "eng",
} "value": "The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/VenusADLab/EtherTokens/blob/master/CCindexToken/CCindexToken.md",
"refsource": "MISC",
"url": "https://github.com/VenusADLab/EtherTokens/blob/master/CCindexToken/CCindexToken.md"
}
]
}
} }

128
2018/13xxx/CVE-2018-13172.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13172", "ID": "CVE-2018-13172",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for bzxcoin (BZX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for bzxcoin (BZX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/bzxcoin", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/bzxcoin" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/bzxcoin",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/bzxcoin"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
} }

128
2018/13xxx/CVE-2018-13521.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13521", "ID": "CVE-2018-13521",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for PinkyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for PinkyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PinkyToken", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PinkyToken" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PinkyToken",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/PinkyToken"
}
]
}
} }

128
2018/13xxx/CVE-2018-13687.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13687", "ID": "CVE-2018-13687",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for normikaivo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for normikaivo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/normikaivo", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/normikaivo" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/normikaivo",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/normikaivo"
}
]
}
} }

178
2018/16xxx/CVE-2018-16058.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16058", "ID": "CVE-2018-16058",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" "lang": "eng",
}, "value": "In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. This was addressed in epan/dissectors/packet-btavdtp.c by properly initializing a data structure."
{ }
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14884", ]
"refsource" : "MISC", },
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14884" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c48d6a6d60c5c9111838a945966b6cb8750777be", "description": [
"refsource" : "MISC", {
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c48d6a6d60c5c9111838a945966b6cb8750777be" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.wireshark.org/security/wnpa-sec-2018-44.html", ]
"refsource" : "MISC", }
"url" : "https://www.wireshark.org/security/wnpa-sec-2018-44.html" ]
}, },
{ "references": {
"name" : "DSA-4315", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4315" "name": "DSA-4315",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2018/dsa-4315"
"name" : "105174", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/105174" "name": "105174",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/105174"
"name" : "1041609", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041609" "name": "1041609",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1041609"
} },
{
"name": "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c48d6a6d60c5c9111838a945966b6cb8750777be",
"refsource": "MISC",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c48d6a6d60c5c9111838a945966b6cb8750777be"
},
{
"name": "https://www.wireshark.org/security/wnpa-sec-2018-44.html",
"refsource": "MISC",
"url": "https://www.wireshark.org/security/wnpa-sec-2018-44.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14884",
"refsource": "MISC",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14884"
}
]
}
} }

128
2018/16xxx/CVE-2018-16285.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16285", "ID": "CVE-2018-16285",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://risataim.blogspot.com/2018/09/xss-en-plugin-userpro-de-wordpress.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://risataim.blogspot.com/2018/09/xss-en-plugin-userpro-de-wordpress.html" "lang": "eng",
}, "value": "The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php."
{ }
"name" : "https://wpvulndb.com/vulnerabilities/9124", ]
"refsource" : "MISC", },
"url" : "https://wpvulndb.com/vulnerabilities/9124" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/9124",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9124"
},
{
"name": "https://risataim.blogspot.com/2018/09/xss-en-plugin-userpro-de-wordpress.html",
"refsource": "MISC",
"url": "https://risataim.blogspot.com/2018/09/xss-en-plugin-userpro-de-wordpress.html"
}
]
}
} }

32
2018/16xxx/CVE-2018-16714.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16714", "ID": "CVE-2018-16714",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2018/17xxx/CVE-2018-17568.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17568", "ID": "CVE-2018-17568",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/viabtc/viabtc_exchange_server/commit/4a7c27bfe98f409623d4d857894d017ff0672cc9#diff-0c23effa84a7b85053bac7981a8580c8", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/viabtc/viabtc_exchange_server/commit/4a7c27bfe98f409623d4d857894d017ff0672cc9#diff-0c23effa84a7b85053bac7981a8580c8" "lang": "eng",
}, "value": "utils/ut_rpc.c in ViaBTC Exchange Server before 2018-08-21 has an integer overflow leading to memory corruption."
{ }
"name" : "https://github.com/viabtc/viabtc_exchange_server/pull/131", ]
"refsource" : "MISC", },
"url" : "https://github.com/viabtc/viabtc_exchange_server/pull/131" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/viabtc/viabtc_exchange_server/pull/131",
"refsource": "MISC",
"url": "https://github.com/viabtc/viabtc_exchange_server/pull/131"
},
{
"name": "https://github.com/viabtc/viabtc_exchange_server/commit/4a7c27bfe98f409623d4d857894d017ff0672cc9#diff-0c23effa84a7b85053bac7981a8580c8",
"refsource": "MISC",
"url": "https://github.com/viabtc/viabtc_exchange_server/commit/4a7c27bfe98f409623d4d857894d017ff0672cc9#diff-0c23effa84a7b85053bac7981a8580c8"
}
]
}
} }

32
2018/4xxx/CVE-2018-4387.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4387", "ID": "CVE-2018-4387",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/4xxx/CVE-2018-4443.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4443", "ID": "CVE-2018-4443",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/4xxx/CVE-2018-4560.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4560", "ID": "CVE-2018-4560",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

58
2019/7xxx/CVE-2019-7422.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7422", "ID": "CVE-2019-7422",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone \"/netflow/jspui/addMailSettings.jsp\" file in the gF parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html"
},
{
"url": "https://www.manageengine.com/products/netflow/?doc",
"refsource": "MISC",
"name": "https://www.manageengine.com/products/netflow/?doc"
},
{
"refsource": "FULLDISC",
"name": "20190206 [CVE-2019-7422, CVE-2019-7423, CVE-2019-7424, CVE-2019-7425, CVE-2019-7426, CVE-2019-7427] Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone",
"url": "http://seclists.org/fulldisclosure/2019/Feb/29"
} }
] ]
} }