admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:21:27 +00:00
parent 8f9e4b54e9
commit a432487145
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 4094 additions and 4094 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2003/0xxx/CVE-2003-0346.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0346", "ID": "CVE-2003-0346",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030723 EEYE: Windows MIDI Decoder (QUARTZ.DLL) Heap Corruption", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=105899759824008&w=2" "lang": "eng",
}, "value": "Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow."
{ }
"name" : "MS03-030", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-030" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "CA-2003-18", "description": [
"refsource" : "CERT", {
"url" : "http://www.cert.org/advisories/CA-2003-18.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#561284", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/561284" ]
}, },
{ "references": {
"name" : "VU#265232", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/265232" "name": "oval:org.mitre.oval:def:218",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A218"
"name" : "oval:org.mitre.oval:def:218", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A218" "name": "VU#561284",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/561284"
"name" : "oval:org.mitre.oval:def:1095", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1095" "name": "CA-2003-18",
}, "refsource": "CERT",
{ "url": "http://www.cert.org/advisories/CA-2003-18.html"
"name" : "oval:org.mitre.oval:def:1104", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1104" "name": "oval:org.mitre.oval:def:1104",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1104"
} },
} {
"name": "VU#265232",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/265232"
},
{
"name": "oval:org.mitre.oval:def:1095",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1095"
},
{
"name": "20030723 EEYE: Windows MIDI Decoder (QUARTZ.DLL) Heap Corruption",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105899759824008&w=2"
},
{
"name": "MS03-030",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-030"
}
]
}
}

150
2003/0xxx/CVE-2003-0449.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0449", "ID": "CVE-2003-0449",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030614 SRT2003-06-13-0945 - Progress PATH based dlopen() issue", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=105561134624665&w=2" "lang": "eng",
}, "value": "Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent."
{ }
"name" : "20030614 SRT2003-06-13-1009 - Progress _dbagent -installdir dlopen() issue", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=105561189625082&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.secnetops.com/research/advisories/SRT2003-06-13-0945.txt", "description": [
"refsource" : "MISC", {
"url" : "http://www.secnetops.com/research/advisories/SRT2003-06-13-0945.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.secnetops.com/research/advisories/SRT2003-06-13-1009.txt", ]
"refsource" : "MISC", }
"url" : "http://www.secnetops.com/research/advisories/SRT2003-06-13-1009.txt" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20030614 SRT2003-06-13-0945 - Progress PATH based dlopen() issue",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105561134624665&w=2"
},
{
"name": "http://www.secnetops.com/research/advisories/SRT2003-06-13-1009.txt",
"refsource": "MISC",
"url": "http://www.secnetops.com/research/advisories/SRT2003-06-13-1009.txt"
},
{
"name": "http://www.secnetops.com/research/advisories/SRT2003-06-13-0945.txt",
"refsource": "MISC",
"url": "http://www.secnetops.com/research/advisories/SRT2003-06-13-0945.txt"
},
{
"name": "20030614 SRT2003-06-13-1009 - Progress _dbagent -installdir dlopen() issue",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105561189625082&w=2"
}
]
}
}

150
2003/0xxx/CVE-2003-0642.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0642", "ID": "CVE-2003-0642",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local users to access kernel memory via a symlink attack on \\Device\\PhysicalMemory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030717 Bypassing ServerLock protection on Windows 2000", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=105848106631132&w=2" "lang": "eng",
}, "value": "WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local users to access kernel memory via a symlink attack on \\Device\\PhysicalMemory."
{ }
"name" : "8223", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/8223" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "9310", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/9310" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "serverlock-physicalmemory-symlink(12666)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12666" ]
} },
] "references": {
} "reference_data": [
} {
"name": "serverlock-physicalmemory-symlink(12666)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12666"
},
{
"name": "8223",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8223"
},
{
"name": "20030717 Bypassing ServerLock protection on Windows 2000",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105848106631132&w=2"
},
{
"name": "9310",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9310"
}
]
}
}

160
2003/1xxx/CVE-2003-1088.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1088", "ID": "CVE-2003-1088",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030811 ZH2003-22SA (security advisory): Zorum XSS Vulnerability and Path Disclosure", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=106063199925536&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter."
{ }
"name" : "8388", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/8388" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1013365", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1013365" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "9497", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/9497" ]
}, },
{ "references": {
"name" : "zorum-index-xss(12867)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12867" "name": "8388",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/8388"
} },
} {
"name": "9497",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9497"
},
{
"name": "20030811 ZH2003-22SA (security advisory): Zorum XSS Vulnerability and Path Disclosure",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106063199925536&w=2"
},
{
"name": "zorum-index-xss(12867)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12867"
},
{
"name": "1013365",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013365"
}
]
}
}

160
2003/1xxx/CVE-2003-1166.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1166", "ID": "CVE-2003-1166",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.aspx in HTTP Commander 4.0 allows remote attackers to view arbitrary files via a .. (dot dot) in the file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.http-com.com/Default.asp?section=Features", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.http-com.com/Default.asp?section=Features" "lang": "eng",
}, "value": "Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.aspx in HTTP Commander 4.0 allows remote attackers to view arbitrary files via a .. (dot dot) in the file parameter."
{ }
"name" : "8948", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/8948" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2780", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/2780" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "10125", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/10125" ]
}, },
{ "references": {
"name" : "http-commander-directory-traversal(13622)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13622" "name": "2780",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/2780"
} },
} {
"name": "8948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8948"
},
{
"name": "http://www.http-com.com/Default.asp?section=Features",
"refsource": "CONFIRM",
"url": "http://www.http-com.com/Default.asp?section=Features"
},
{
"name": "10125",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10125"
},
{
"name": "http-commander-directory-traversal(13622)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13622"
}
]
}
}

160
2003/1xxx/CVE-2003-1356.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1356", "ID": "CVE-2003-1356",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The \"file handling\" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is \"incorrect,\" which allows attackers to gain access or cause a denial of service via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBUX0301-237", "description_data": [
"refsource" : "HP", {
"url" : "http://archives.neohapsis.com/archives/hp/2003-q1/0009.html" "lang": "eng",
}, "value": "The \"file handling\" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is \"incorrect,\" which allows attackers to gain access or cause a denial of service via unknown vectors."
{ }
"name" : "SSRT3454", ]
"refsource" : "HP", },
"url" : "http://archives.neohapsis.com/archives/hp/2003-q1/0009.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "6640", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6640" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:5758", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5758" ]
}, },
{ "references": {
"name" : "hpux-sort-file-handling(11107)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11107" "name": "hpux-sort-file-handling(11107)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11107"
} },
} {
"name": "6640",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6640"
},
{
"name": "SSRT3454",
"refsource": "HP",
"url": "http://archives.neohapsis.com/archives/hp/2003-q1/0009.html"
},
{
"name": "oval:org.mitre.oval:def:5758",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5758"
},
{
"name": "HPSBUX0301-237",
"refsource": "HP",
"url": "http://archives.neohapsis.com/archives/hp/2003-q1/0009.html"
}
]
}
}

160
2003/1xxx/CVE-2003-1411.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1411", "ID": "CVE-2003-1411",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030209 Cedric Email Reader (PHP)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/311173" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter."
{ }
"name" : "6820", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/6820" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5900", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/5900" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "8024", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/8024" ]
}, },
{ "references": {
"name" : "cedric-email-file-include(11278)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11278" "name": "6820",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/6820"
} },
} {
"name": "5900",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5900"
},
{
"name": "8024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8024"
},
{
"name": "cedric-email-file-include(11278)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11278"
},
{
"name": "20030209 Cedric Email Reader (PHP)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/311173"
}
]
}
}

140
2004/0xxx/CVE-2004-0125.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0125", "ID": "CVE-2004-0125",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verify that an attempt to manipulate routing tables originated from a non-jailed process, which could allow local users to modify the routing table."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "FreeBSD-SA-04:12", "description_data": [
"refsource" : "FREEBSD", {
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:12.jailroute.asc" "lang": "eng",
}, "value": "The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verify that an attempt to manipulate routing tables originated from a non-jailed process, which could allow local users to modify the routing table."
{ }
"name" : "10485", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/10485" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "freebsd-jailed-table-modify(16342)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16342" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "freebsd-jailed-table-modify(16342)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16342"
},
{
"name": "10485",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10485"
},
{
"name": "FreeBSD-SA-04:12",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:12.jailroute.asc"
}
]
}
}

150
2004/0xxx/CVE-2004-0838.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0838", "ID": "CVE-2004-0838",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lexar Safe Guard for JumpDrive Secure 1.0 stores the password insecurely in memory using XOR encryption, which allows local users to read the password directly from the device and access the password protected part of the drive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "A091304-1", "description_data": [
"refsource" : "ATSTAKE", {
"url" : "http://www.atstake.com/research/advisories/2004/a091304-1.txt" "lang": "eng",
}, "value": "Lexar Safe Guard for JumpDrive Secure 1.0 stores the password insecurely in memory using XOR encryption, which allows local users to read the password directly from the device and access the password protected part of the drive."
{ }
"name" : "11162", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/11162" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "12522", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12522" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "jumpdrive-safeguard-obtain-password(17342)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17342" ]
} },
] "references": {
} "reference_data": [
} {
"name": "11162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11162"
},
{
"name": "12522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12522"
},
{
"name": "A091304-1",
"refsource": "ATSTAKE",
"url": "http://www.atstake.com/research/advisories/2004/a091304-1.txt"
},
{
"name": "jumpdrive-safeguard-obtain-password(17342)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17342"
}
]
}
}

170
2004/0xxx/CVE-2004-0970.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0970", "ID": "CVE-2004-0970",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zataz.net/adviso/ncompress-09052005.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zataz.net/adviso/ncompress-09052005.txt" "lang": "eng",
}, "value": "The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367."
{ }
"name" : "DSA-588", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2004/dsa-588" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2004-0050", "description": [
"refsource" : "TRUSTIX", {
"url" : "http://www.trustix.org/errata/2004/0050" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "11288", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/11288" ]
}, },
{ "references": {
"name" : "13131", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/13131" "name": "script-temporary-file-overwrite(17583)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
"name" : "script-temporary-file-overwrite(17583)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583" "name": "11288",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/11288"
} },
} {
"name": "2004-0050",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2004/0050"
},
{
"name": "DSA-588",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-588"
},
{
"name": "13131",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13131"
},
{
"name": "http://www.zataz.net/adviso/ncompress-09052005.txt",
"refsource": "MISC",
"url": "http://www.zataz.net/adviso/ncompress-09052005.txt"
}
]
}
}

140
2004/1xxx/CVE-2004-1704.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1704", "ID": "CVE-2004-1704",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privileges via a direct request to adminrestore.php in the extras directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040730 WpQuiz Gain Admin Rightd Exploit found", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109122270013514&w=2" "lang": "eng",
}, "value": "WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privileges via a direct request to adminrestore.php in the extras directory."
{ }
"name" : "8321", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/8321" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "wpquiz-extra-gain-access(16848)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16848" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "8321",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8321"
},
{
"name": "20040730 WpQuiz Gain Admin Rightd Exploit found",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109122270013514&w=2"
},
{
"name": "wpquiz-extra-gain-access(16848)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16848"
}
]
}
}

160
2004/1xxx/CVE-2004-1764.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1764", "ID": "CVE-2004-1764",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBUX0401-308", "description_data": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/advisories/6237" "lang": "eng",
}, "value": "Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors."
{ }
"name" : "VU#406406", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/406406" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "O-057", "description": [
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/o-057.shtml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:5789", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5789" ]
}, },
{ "references": {
"name" : "hp-libdtsvc-bo(14828)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14828" "name": "O-057",
} "refsource": "CIAC",
] "url": "http://www.ciac.org/ciac/bulletins/o-057.shtml"
} },
} {
"name": "hp-libdtsvc-bo(14828)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14828"
},
{
"name": "VU#406406",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/406406"
},
{
"name": "oval:org.mitre.oval:def:5789",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5789"
},
{
"name": "HPSBUX0401-308",
"refsource": "HP",
"url": "http://www.securityfocus.com/advisories/6237"
}
]
}
}

140
2004/2xxx/CVE-2004-2179.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2179", "ID": "CVE-2004-2179",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041014 New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/378431" "lang": "eng",
}, "value": "asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values."
{ }
"name" : "20041015 Re: New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/378619" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "11412", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11412" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20041015 Re: New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/378619"
},
{
"name": "20041014 New Remote Microsoft JPEG DoS Vulnerability + Other Potential Security Vulnerabilitys in asycpict.dll 1.0 Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/378431"
},
{
"name": "11412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11412"
}
]
}
}

170
2004/2xxx/CVE-2004-2295.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2295", "ID": "CVE-2004-2295",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040611 [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/365865" "lang": "eng",
}, "value": "SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter."
{ }
"name" : "20040611 [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]", ]
"refsource" : "FULLDISC", },
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0310.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "10524", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10524" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "7000", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/7000" ]
}, },
{ "references": {
"name" : "11852", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11852" "name": "20040611 [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]",
}, "refsource": "FULLDISC",
{ "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0310.html"
"name" : "phpnuke-reviews-sql-injection(16407)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16407" "name": "7000",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/7000"
} },
} {
"name": "phpnuke-reviews-sql-injection(16407)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16407"
},
{
"name": "11852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11852"
},
{
"name": "20040611 [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/365865"
},
{
"name": "10524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10524"
}
]
}
}

170
2004/2xxx/CVE-2004-2521.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2521", "ID": "CVE-2004-2521",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to perform a denial of service (application crash) via a large number of connections to TCP port (1) 25 (SMTP) or (2) 110 (POP)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://members.lycos.co.uk/r34ct/main/Gattaca%20Server%202003.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://members.lycos.co.uk/r34ct/main/Gattaca%20Server%202003.txt" "lang": "eng",
}, "value": "Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to perform a denial of service (application crash) via a large number of connections to TCP port (1) 25 (SMTP) or (2) 110 (POP)."
{ }
"name" : "http://www.gattaca-server.com/cgi-bin/yabb/YaBB.pl?board=gattaca_discussion;action=display;num=1091194176;start=0#0", ]
"refsource" : "CONFIRM", },
"url" : "http://www.gattaca-server.com/cgi-bin/yabb/YaBB.pl?board=gattaca_discussion;action=display;num=1091194176;start=0#0" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "7925", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/7925" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1010703", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1010703" ]
}, },
{ "references": {
"name" : "12071", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12071" "name": "http://members.lycos.co.uk/r34ct/main/Gattaca%20Server%202003.txt",
}, "refsource": "MISC",
{ "url": "http://members.lycos.co.uk/r34ct/main/Gattaca%20Server%202003.txt"
"name" : "gattaca-pop3-dos(16703)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16703" "name": "gattaca-pop3-dos(16703)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16703"
} },
} {
"name": "12071",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12071"
},
{
"name": "http://www.gattaca-server.com/cgi-bin/yabb/YaBB.pl?board=gattaca_discussion;action=display;num=1091194176;start=0#0",
"refsource": "CONFIRM",
"url": "http://www.gattaca-server.com/cgi-bin/yabb/YaBB.pl?board=gattaca_discussion;action=display;num=1091194176;start=0#0"
},
{
"name": "1010703",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010703"
},
{
"name": "7925",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7925"
}
]
}
}

140
2008/2xxx/CVE-2008-2013.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2013", "ID": "CVE-2008-2013",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in the pnFlashGames 1.5 through 2.5 module for PostNuke, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a display action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5500", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5500" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in the pnFlashGames 1.5 through 2.5 module for PostNuke, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a display action."
{ }
"name" : "28948", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28948" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "pnflashgames-id-sql-injection(42019)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42019" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "28948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28948"
},
{
"name": "5500",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5500"
},
{
"name": "pnflashgames-id-sql-injection(42019)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42019"
}
]
}
}

160
2008/2xxx/CVE-2008-2477.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2477", "ID": "CVE-2008-2477",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in MxBB (aka MX-System) Portal 2.7.3 allows remote attackers to execute arbitrary SQL commands via the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5659", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5659" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in MxBB (aka MX-System) Portal 2.7.3 allows remote attackers to execute arbitrary SQL commands via the page parameter."
{ }
"name" : "29307", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29307" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-1593", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1593/references" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "30318", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/30318" ]
}, },
{ "references": {
"name" : "mxsystem-index-sql-injection(42551)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42551" "name": "5659",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/5659"
} },
} {
"name": "ADV-2008-1593",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1593/references"
},
{
"name": "29307",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29307"
},
{
"name": "mxsystem-index-sql-injection(42551)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42551"
},
{
"name": "30318",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30318"
}
]
}
}

660
2008/2xxx/CVE-2008-2803.json
View File

@ -1,332 +1,332 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2008-2803", "ID": "CVE-2008-2803",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080708 rPSA-2008-0216-1 firefox", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/494080/100/0/threaded" "lang": "eng",
}, "value": "The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons."
{ }
"name" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15", ]
"refsource" : "CONFIRM", },
"url" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-25.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-25.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=418356", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=418356" ]
}, },
{ "references": {
"name" : "https://issues.rpath.com/browse/RPL-2646", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://issues.rpath.com/browse/RPL-2646" "name": "SUSE-SA:2008:034",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html"
"name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0216", },
"refsource" : "CONFIRM", {
"url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0216" "name": "RHSA-2008:0549",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html"
"name" : "DSA-1607", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1607" "name": "DSA-1697",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2009/dsa-1697"
"name" : "DSA-1615", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1615" "name": "31021",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31021"
"name" : "DSA-1621", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1621" "name": "30898",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30898"
"name" : "DSA-1697", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2009/dsa-1697" "name": "31403",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31403"
"name" : "FEDORA-2008-6127", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html" "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0216",
}, "refsource": "CONFIRM",
{ "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216"
"name" : "FEDORA-2008-6193", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html" "name": "https://issues.rpath.com/browse/RPL-2646",
}, "refsource": "CONFIRM",
{ "url": "https://issues.rpath.com/browse/RPL-2646"
"name" : "FEDORA-2008-6196", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html" "name": "30949",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30949"
"name" : "FEDORA-2008-6706", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html" "name": "SSA:2008-191-03",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152"
"name" : "FEDORA-2008-6737", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html" "name": "ADV-2009-0977",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/0977"
"name" : "GLSA-200808-03", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200808-03.xml" "name": "31069",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31069"
"name" : "MDVSA-2008:136", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=418356",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=418356"
"name" : "MDVSA-2008:155", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155" "name": "31008",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31008"
"name" : "RHSA-2008:0547", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0547.html" "name": "31377",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31377"
"name" : "RHSA-2008:0549", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0549.html" "name": "RHSA-2008:0616",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
"name" : "RHSA-2008:0569", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0569.html" "name": "ADV-2008-1993",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1993/references"
"name" : "RHSA-2008:0616", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2008-0616.html" "name": "31023",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31023"
"name" : "SSA:2008-191-03", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152" "name": "MDVSA-2008:155",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:155"
"name" : "SSA:2008-210-05", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484" "name": "30038",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/30038"
"name" : "SSA:2008-191", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911" "name": "30915",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30915"
"name" : "256408", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1" "name": "DSA-1607",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1607"
"name" : "SUSE-SA:2008:034", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html" "name": "GLSA-200808-03",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
"name" : "USN-619-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-619-1" "name": "oval:org.mitre.oval:def:10747",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10747"
"name" : "USN-629-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-629-1" "name": "31005",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31005"
"name" : "30038", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30038" "name": "33433",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33433"
"name" : "oval:org.mitre.oval:def:10747", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10747" "name": "FEDORA-2008-6127",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html"
"name" : "34501", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34501" "name": "1020419",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1020419"
"name" : "31076", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31076" "name": "31253",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31253"
"name" : "ADV-2008-1993", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1993/references" "name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15"
"name" : "1020419", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020419" "name": "FEDORA-2008-6737",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00125.html"
"name" : "30911", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30911" "name": "31183",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31183"
"name" : "30915", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30915" "name": "30903",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30903"
"name" : "30878", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30878" "name": "RHSA-2008:0547",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html"
"name" : "30898", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30898" "name": "FEDORA-2008-6193",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html"
"name" : "30903", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30903" "name": "USN-629-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-629-1"
"name" : "30949", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30949" "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-25.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-25.html"
"name" : "31005", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31005" "name": "256408",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
"name" : "31008", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31008" "name": "SSA:2008-191",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911"
"name" : "31069", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31069" "name": "SSA:2008-210-05",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.410484"
"name" : "31023", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31023" "name": "DSA-1615",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1615"
"name" : "31183", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31183" "name": "FEDORA-2008-6706",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00144.html"
"name" : "31195", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31195" "name": "31220",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31220"
"name" : "31220", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31220" "name": "31195",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31195"
"name" : "31253", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31253" "name": "31076",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31076"
"name" : "31377", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31377" "name": "USN-619-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-619-1"
"name" : "31286", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31286" "name": "30911",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30911"
"name" : "31403", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31403" "name": "RHSA-2008:0569",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html"
"name" : "31021", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31021" "name": "30878",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30878"
"name" : "33433", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33433" "name": "DSA-1621",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1621"
"name" : "ADV-2009-0977", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0977" "name": "20080708 rPSA-2008-0216-1 firefox",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded"
} },
} {
"name": "31286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31286"
},
{
"name": "FEDORA-2008-6196",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html"
},
{
"name": "34501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34501"
},
{
"name": "MDVSA-2008:136",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136"
}
]
}
}

140
2008/6xxx/CVE-2008-6189.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6189", "ID": "CVE-2008-6189",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, which is not properly handled in database-pgsql.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://gforge.org/tracker/index.php?func=detail&aid=5552&group_id=1&atid=105", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://gforge.org/tracker/index.php?func=detail&aid=5552&group_id=1&atid=105" "lang": "eng",
}, "value": "SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, which is not properly handled in database-pgsql.php."
{ }
"name" : "32217", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/32217" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "gforge-topusers-sql-injection(45802)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45802" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "32217",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32217"
},
{
"name": "http://gforge.org/tracker/index.php?func=detail&aid=5552&group_id=1&atid=105",
"refsource": "CONFIRM",
"url": "http://gforge.org/tracker/index.php?func=detail&aid=5552&group_id=1&atid=105"
},
{
"name": "gforge-topusers-sql-injection(45802)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45802"
}
]
}
}

130
2008/6xxx/CVE-2008-6774.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6774", "ID": "CVE-2008-6774",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end execution when an invalid username is detected, which allows remote attackers to bypass intended restrictions and edit toolbar settings via an invalid username. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "33272", "description_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33272" "lang": "eng",
}, "value": "internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end execution when an invalid username is detected, which allows remote attackers to bypass intended restrictions and edit toolbar settings via an invalid username. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "yourplace-edit-security-bypass(47566)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47566" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "yourplace-edit-security-bypass(47566)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47566"
},
{
"name": "33272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33272"
}
]
}
}

34
2012/1xxx/CVE-2012-1552.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1552", "ID": "CVE-2012-1552",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2012/1xxx/CVE-2012-1846.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1846", "ID": "CVE-2012-1846",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated \"it really doesn't matter if it's third-party code.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pwn2own.zerodayinitiative.com/status.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pwn2own.zerodayinitiative.com/status.html" "lang": "eng",
}, "value": "Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated \"it really doesn't matter if it's third-party code.\""
{ }
"name" : "http://twitter.com/vupen/statuses/177576000761237505", ]
"refsource" : "MISC", },
"url" : "http://twitter.com/vupen/statuses/177576000761237505" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/", "description": [
"refsource" : "MISC", {
"url" : "http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588", ]
"refsource" : "MISC", }
"url" : "http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:14940", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14940" "name": "http://pwn2own.zerodayinitiative.com/status.html",
}, "refsource": "MISC",
{ "url": "http://pwn2own.zerodayinitiative.com/status.html"
"name" : "chrome-sandbox-security-bypass(74324)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74324" "name": "http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/",
} "refsource": "MISC",
] "url": "http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/"
} },
} {
"name": "http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588",
"refsource": "MISC",
"url": "http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588"
},
{
"name": "http://twitter.com/vupen/statuses/177576000761237505",
"refsource": "MISC",
"url": "http://twitter.com/vupen/statuses/177576000761237505"
},
{
"name": "oval:org.mitre.oval:def:14940",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14940"
},
{
"name": "chrome-sandbox-security-bypass(74324)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74324"
}
]
}
}

150
2012/5xxx/CVE-2012-5260.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2012-5260", "ID": "CVE-2012-5260",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-22.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-22.html" "lang": "eng",
}, "value": "Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22."
{ }
"name" : "openSUSE-SU-2013:0370", ]
"refsource" : "SUSE", },
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00034.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "86037", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/86037" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "adobe-cve20125260-bo(79081)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79081" ]
} },
] "references": {
} "reference_data": [
} {
"name": "openSUSE-SU-2013:0370",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00034.html"
},
{
"name": "86037",
"refsource": "OSVDB",
"url": "http://osvdb.org/86037"
},
{
"name": "adobe-cve20125260-bo(79081)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79081"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-22.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-22.html"
}
]
}
}

160
2012/5xxx/CVE-2012-5483.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-5483", "ID": "CVE-2012-5483",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=873447", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=873447" "lang": "eng",
}, "value": "tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file."
{ }
"name" : "FEDORA-2012-19341", ]
"refsource" : "FEDORA", },
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2012:1556", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1556.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "56888", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/56888" ]
}, },
{ "references": {
"name" : "keystone-secret-key-info-disc(80612)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80612" "name": "56888",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/56888"
} },
} {
"name": "RHSA-2012:1556",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1556.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=873447",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=873447"
},
{
"name": "keystone-secret-key-info-disc(80612)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80612"
},
{
"name": "FEDORA-2012-19341",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html"
}
]
}
}

34
2012/5xxx/CVE-2012-5570.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5570", "ID": "CVE-2012-5570",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

200
2012/5xxx/CVE-2012-5573.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-5573", "ID": "CVE-2012-5573",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial of service (memory consumption or excessive cell reception rate) or bypass intended flow-control restrictions via a RELAY_COMMAND_SENDME command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20121126 Re: tor DoS via SENDME cells", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2012/11/26/11" "lang": "eng",
}, "value": "The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial of service (memory consumption or excessive cell reception rate) or bypass intended flow-control restrictions via a RELAY_COMMAND_SENDME command."
{ }
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=444804", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=444804" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=880310", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=880310" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://gitweb.torproject.org/arma/tor.git/commitdiff/b9b54568c0bb64c32bd0b362954bdbc8c1234b16", ]
"refsource" : "CONFIRM", }
"url" : "https://gitweb.torproject.org/arma/tor.git/commitdiff/b9b54568c0bb64c32bd0b362954bdbc8c1234b16" ]
}, },
{ "references": {
"name" : "https://gitweb.torproject.org/tor.git/blob/release-0.2.3:/ReleaseNotes", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://gitweb.torproject.org/tor.git/blob/release-0.2.3:/ReleaseNotes" "name": "GLSA-201301-03",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201301-03.xml"
"name" : "https://trac.torproject.org/projects/tor/ticket/6252", },
"refsource" : "CONFIRM", {
"url" : "https://trac.torproject.org/projects/tor/ticket/6252" "name": "https://trac.torproject.org/projects/tor/ticket/6252",
}, "refsource": "CONFIRM",
{ "url": "https://trac.torproject.org/projects/tor/ticket/6252"
"name" : "GLSA-201301-03", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201301-03.xml" "name": "https://bugs.gentoo.org/show_bug.cgi?id=444804",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.gentoo.org/show_bug.cgi?id=444804"
"name" : "51329", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51329" "name": "51329",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51329"
"name" : "tor-sendme-dos(80289)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80289" "name": "https://gitweb.torproject.org/arma/tor.git/commitdiff/b9b54568c0bb64c32bd0b362954bdbc8c1234b16",
} "refsource": "CONFIRM",
] "url": "https://gitweb.torproject.org/arma/tor.git/commitdiff/b9b54568c0bb64c32bd0b362954bdbc8c1234b16"
} },
} {
"name": "[oss-security] 20121126 Re: tor DoS via SENDME cells",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/11/26/11"
},
{
"name": "https://gitweb.torproject.org/tor.git/blob/release-0.2.3:/ReleaseNotes",
"refsource": "CONFIRM",
"url": "https://gitweb.torproject.org/tor.git/blob/release-0.2.3:/ReleaseNotes"
},
{
"name": "tor-sendme-dos(80289)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80289"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=880310",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880310"
}
]
}
}

140
2012/5xxx/CVE-2012-5678.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2012-5678", "ID": "CVE-2012-5678",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-27.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-27.html" "lang": "eng",
}, "value": "Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
{ }
"name" : "openSUSE-SU-2013:0139", ]
"refsource" : "SUSE", },
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00014.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "openSUSE-SU-2013:0368", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00033.html" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:0368",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00033.html"
},
{
"name": "openSUSE-SU-2013:0139",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00014.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-27.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-27.html"
}
]
}
}

140
2012/5xxx/CVE-2012-5977.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5977", "ID": "CVE-2012-5977",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://downloads.asterisk.org/pub/security/AST-2012-015", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://downloads.asterisk.org/pub/security/AST-2012-015" "lang": "eng",
}, "value": "Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache."
{ }
"name" : "https://issues.asterisk.org/jira/browse/ASTERISK-20175", ]
"refsource" : "CONFIRM", },
"url" : "https://issues.asterisk.org/jira/browse/ASTERISK-20175" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-2605", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2605" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "DSA-2605",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2605"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-20175",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20175"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-015",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-015"
}
]
}
}

120
2017/11xxx/CVE-2017-11240.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-11240", "ID": "CVE-2017-11240",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", "product_name": "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" "version_value": "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" "lang": "eng",
} "value": "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"
}
]
}
}

120
2017/11xxx/CVE-2017-11547.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11547", "ID": "CVE-2017-11547",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a setuid-root installation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://seclists.org/fulldisclosure/2017/Jul/83", "description_data": [
"refsource" : "MISC", {
"url" : "http://seclists.org/fulldisclosure/2017/Jul/83" "lang": "eng",
} "value": "The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a setuid-root installation."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Jul/83",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Jul/83"
}
]
}
}

120
2017/11xxx/CVE-2017-11608.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11608", "ID": "CVE-2017-11608",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1474276", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1474276" "lang": "eng",
} "value": "There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1474276",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1474276"
}
]
}
}

34
2017/11xxx/CVE-2017-11857.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11857", "ID": "CVE-2017-11857",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2017/15xxx/CVE-2017-15399.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2017-15399", "ID": "CVE-2017-15399",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Google Chrome prior to 62.0.3202.89 unknown", "product_name": "Google Chrome prior to 62.0.3202.89 unknown",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Google Chrome prior to 62.0.3202.89 unknown" "version_value": "Google Chrome prior to 62.0.3202.89 unknown"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use after free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html" "lang": "eng",
}, "value": "A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
{ }
"name" : "https://crbug.com/776677", ]
"refsource" : "MISC", },
"url" : "https://crbug.com/776677" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4024", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2017/dsa-4024" "lang": "eng",
}, "value": "Use after free"
{ }
"name" : "GLSA-201711-02", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201711-02" ]
}, },
{ "references": {
"name" : "RHSA-2017:3151", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:3151" "name": "https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html",
}, "refsource": "MISC",
{ "url": "https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html"
"name" : "101692", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/101692" "name": "101692",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/101692"
} },
} {
"name": "DSA-4024",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4024"
},
{
"name": "https://crbug.com/776677",
"refsource": "MISC",
"url": "https://crbug.com/776677"
},
{
"name": "GLSA-201711-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-02"
},
{
"name": "RHSA-2017:3151",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3151"
}
]
}
}

120
2017/15xxx/CVE-2017-15947.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15947", "ID": "CVE-2017-15947",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Simple ASC Content Management System v1.2 has XSS in the location field in the sign function, related to guestbook.asp, formgb.asp, and msggb.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.vulnerability-lab.com/get_content.php?id=2072", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.vulnerability-lab.com/get_content.php?id=2072" "lang": "eng",
} "value": "Simple ASC Content Management System v1.2 has XSS in the location field in the sign function, related to guestbook.asp, formgb.asp, and msggb.asp."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vulnerability-lab.com/get_content.php?id=2072",
"refsource": "MISC",
"url": "https://www.vulnerability-lab.com/get_content.php?id=2072"
}
]
}
}

142
2017/3xxx/CVE-2017-3247.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3247", "ID": "CVE-2017-3247",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "GlassFish Server", "product_name": "GlassFish Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.1.1" "version_value": "2.1.1"
}, },
{ {
"version_value" : "3.0.1" "version_value": "3.0.1"
}, },
{ {
"version_value" : "3.1.2" "version_value": "3.1.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle" "vendor_name": "Oracle"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data. CVSS v3.0 Base Score 4.3 (Integrity impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data. CVSS v3.0 Base Score 4.3 (Integrity impacts)."
{ }
"name" : "95483", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95483" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95483"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}

158
2017/3xxx/CVE-2017-3480.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3480", "ID": "CVE-2017-3480",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "FLEXCUBE Universal Banking", "product_name": "FLEXCUBE Universal Banking",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "11.3.0" "version_value": "11.3.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "11.4.0" "version_value": "11.4.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.0.1" "version_value": "12.0.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0 and 12.0.1. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0 and 12.0.1. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)."
{ }
"name" : "97832", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97832" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038304", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038304" "lang": "eng",
} "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name": "1038304",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038304"
},
{
"name": "97832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97832"
}
]
}
}

34
2017/3xxx/CVE-2017-3701.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-3701", "ID": "CVE-2017-3701",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2017/3xxx/CVE-2017-3819.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-3819", "ID": "CVE-2017-3819",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco StarOS", "product_name": "Cisco StarOS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco StarOS" "version_value": "Cisco StarOS"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. The following products have been confirmed to be vulnerable: Cisco ASR 5000/5500/5700 Series devices running StarOS after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 with SSH configured are vulnerable. Cisco Virtualized Packet Core - Single Instance (VPC-SI) and Distributed Instance (VPC-DI) devices running StarOS prior to N4.2.7 (19.3.v7) and N4.7 (20.2.v0) with SSH configured are vulnerable. Cisco Bug IDs: CSCva65853."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege Escalation Vulnerability CWE-264"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr" "lang": "eng",
}, "value": "A privilege escalation vulnerability in the Secure Shell (SSH) subsystem in the StarOS operating system for Cisco ASR 5000 Series, ASR 5500 Series, ASR 5700 Series devices, and Cisco Virtualized Packet Core could allow an authenticated, remote attacker to gain unrestricted, root shell access. The vulnerability is due to missing input validation of parameters passed during SSH or SFTP login. An attacker could exploit this vulnerability by providing crafted user input to the SSH or SFTP command-line interface (CLI) during SSH or SFTP login. An exploit could allow an authenticated attacker to gain root privileges access on the router. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered via both IPv4 and IPv6 traffic. An established TCP connection toward port 22, the SSH default port, is needed to perform the attack. The attacker must have valid credentials to login to the system via SSH or SFTP. The following products have been confirmed to be vulnerable: Cisco ASR 5000/5500/5700 Series devices running StarOS after 17.7.0 and prior to 18.7.4, 19.5, and 20.2.3 with SSH configured are vulnerable. Cisco Virtualized Packet Core - Single Instance (VPC-SI) and Distributed Instance (VPC-DI) devices running StarOS prior to N4.2.7 (19.3.v7) and N4.7 (20.2.v0) with SSH configured are vulnerable. Cisco Bug IDs: CSCva65853."
{ }
"name" : "96913", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96913" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038050", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038050" "lang": "eng",
} "value": "Privilege Escalation Vulnerability CWE-264"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "96913",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96913"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-asr"
},
{
"name": "1038050",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038050"
}
]
}
}

140
2017/3xxx/CVE-2017-3870.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-3870", "ID": "CVE-2017-3870",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Web Security Appliance", "product_name": "Cisco Web Security Appliance",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Web Security Appliance" "version_value": "Cisco Web Security Appliance"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA), both virtual and hardware appliances, that are configured with URL filters for email scanning. More Information: CSCvc69700. Known Affected Releases: 8.5.3-069 9.1.1-074 9.1.2-010."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "URL Filtering Bypass Vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wsa", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wsa" "lang": "eng",
}, "value": "A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA), both virtual and hardware appliances, that are configured with URL filters for email scanning. More Information: CSCvc69700. Known Affected Releases: 8.5.3-069 9.1.1-074 9.1.2-010."
{ }
"name" : "96907", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96907" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038043", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038043" "lang": "eng",
} "value": "URL Filtering Bypass Vulnerability"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wsa",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wsa"
},
{
"name": "96907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96907"
},
{
"name": "1038043",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038043"
}
]
}
}

140
2017/7xxx/CVE-2017-7210.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7210", "ID": "CVE-2017-7210",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21157", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21157" "lang": "eng",
}, "value": "objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash."
{ }
"name" : "GLSA-201801-01", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201801-01" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96992", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96992" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "96992",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96992"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=21157",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21157"
},
{
"name": "GLSA-201801-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201801-01"
}
]
}
}

160
2017/7xxx/CVE-2017-7620.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7620", "ID": "CVE-2017-7620",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \\/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42043", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42043/" "lang": "eng",
}, "value": "MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \\/ substring as introducing either a local pathname or a remote hostname, which leads to (1) arbitrary Permalink Injection via CSRF attacks on a permalink_page.php?url= URI and (2) an open redirect via a login_page.php?return= URI."
{ }
"name" : "http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt", ]
"refsource" : "MISC", },
"url" : "http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://mantisbt.org/bugs/view.php?id=22702", "description": [
"refsource" : "CONFIRM", {
"url" : "https://mantisbt.org/bugs/view.php?id=22702" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://mantisbt.org/bugs/view.php?id=22816", ]
"refsource" : "CONFIRM", }
"url" : "https://mantisbt.org/bugs/view.php?id=22816" ]
}, },
{ "references": {
"name" : "1038538", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038538" "name": "https://mantisbt.org/bugs/view.php?id=22816",
} "refsource": "CONFIRM",
] "url": "https://mantisbt.org/bugs/view.php?id=22816"
} },
} {
"name": "1038538",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038538"
},
{
"name": "42043",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42043/"
},
{
"name": "https://mantisbt.org/bugs/view.php?id=22702",
"refsource": "CONFIRM",
"url": "https://mantisbt.org/bugs/view.php?id=22702"
},
{
"name": "http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt",
"refsource": "MISC",
"url": "http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt"
}
]
}
}

34
2017/8xxx/CVE-2017-8096.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8096", "ID": "CVE-2017-8096",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/8xxx/CVE-2017-8760.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8760", "ID": "CVE-2017-8760",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb", "description_data": [
"refsource" : "MISC", {
"url" : "https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb" "lang": "eng",
} "value": "An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypassed by using some modifications to the payloads, e.g., URL encoding."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb",
"refsource": "MISC",
"url": "https://gist.github.com/anonymous/32e2894fa29176f3f32cb2b2bb7c24cb"
}
]
}
}

34
2018/10xxx/CVE-2018-10378.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10378", "ID": "CVE-2018-10378",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/12xxx/CVE-2018-12014.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"ID" : "CVE-2018-12014", "ID": "CVE-2018-12014",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in NAT module of freed pointer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free in HLOS Data"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.codeaurora.org/security-bulletin/2019/01/07/january-2019-code-aurora-security-bulletin", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.codeaurora.org/security-bulletin/2019/01/07/january-2019-code-aurora-security-bulletin" "lang": "eng",
}, "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in NAT module of freed pointer."
{ }
"name" : "106496", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106496" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Use After Free in HLOS Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2019/01/07/january-2019-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2019/01/07/january-2019-code-aurora-security-bulletin"
},
{
"name": "106496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106496"
}
]
}
}

34
2018/12xxx/CVE-2018-12451.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12451", "ID": "CVE-2018-12451",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

202
2018/12xxx/CVE-2018-12466.json
View File

@ -1,103 +1,103 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@suse.de", "ASSIGNER": "security@suse.com",
"DATE_PUBLIC" : "2018-07-24T00:00:00.000Z", "DATE_PUBLIC": "2018-07-24T00:00:00.000Z",
"ID" : "CVE-2018-12466", "ID": "CVE-2018-12466",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "openbuildservice allowed deleting packages via project links" "TITLE": "openbuildservice allowed deleting packages via project links"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "openbuildservice", "product_name": "openbuildservice",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<=", "affected": "<=",
"version_value" : "2.9.4" "version_value": "2.9.4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "opensuse" "vendor_name": "opensuse"
} }
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Marcus Hüwe"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "LOCAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.4,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285"
}
] ]
} }
] },
}, "credit": [
"references" : { {
"reference_data" : [ "lang": "eng",
{ "value": "Marcus H\u00fcwe"
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-12466", }
"refsource" : "CONFIRM", ],
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-12466" "data_format": "MITRE",
}, "data_type": "CVE",
{ "data_version": "4.0",
"name" : "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063", "description": {
"refsource" : "CONFIRM", "description_data": [
"url" : "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063" {
}, "lang": "eng",
{ "value": "openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links."
"name" : "104958", }
"refsource" : "BID", ]
"url" : "http://www.securityfocus.com/bid/104958" },
} "impact": {
] "cvss": {
}, "attackComplexity": "HIGH",
"source" : { "attackVector": "LOCAL",
"defect" : [ "availabilityImpact": "NONE",
"1098934" "baseScore": 4.4,
], "baseSeverity": "MEDIUM",
"discovery" : "EXTERNAL" "confidentialityImpact": "NONE",
} "integrityImpact": "HIGH",
} "privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104958",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104958"
},
{
"name": "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063",
"refsource": "CONFIRM",
"url": "https://github.com/openSUSE/open-build-service/commit/f57b660f49f830006766a8d4abc3b4af6e178063"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-12466",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2018-12466"
}
]
},
"source": {
"defect": [
"1098934"
],
"discovery": "EXTERNAL"
}
}

194
2018/12xxx/CVE-2018-12473.json
View File

@ -1,99 +1,99 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@suse.de", "ASSIGNER": "security@suse.com",
"DATE_PUBLIC" : "2018-09-26T00:00:00.000Z", "DATE_PUBLIC": "2018-09-26T00:00:00.000Z",
"ID" : "CVE-2018-12473", "ID": "CVE-2018-12473",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "path traversal in obs-service-tar_scm" "TITLE": "path traversal in obs-service-tar_scm"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Open Build Service", "product_name": "Open Build Service",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"version_value" : "70d1aa4cc4d7b940180553a63805c22fc62e2cf0" "version_value": "70d1aa4cc4d7b940180553a63805c22fc62e2cf0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "openSUSE" "vendor_name": "openSUSE"
} }
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Ludwig Nussel of SUSE"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 3.1,
"baseSeverity" : "LOW",
"confidentialityImpact" : "LOW",
"integrityImpact" : "NONE",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-23, path traversal"
}
] ]
} }
] },
}, "credit": [
"references" : { {
"reference_data" : [ "lang": "eng",
{ "value": "Ludwig Nussel of SUSE"
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1105361", }
"refsource" : "CONFIRM", ],
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1105361" "data_format": "MITRE",
}, "data_type": "CVE",
{ "data_version": "4.0",
"name" : "https://github.com/openSUSE/obs-service-tar_scm/pull/248", "description": {
"refsource" : "CONFIRM", "description_data": [
"url" : "https://github.com/openSUSE/obs-service-tar_scm/pull/248" {
} "lang": "eng",
] "value": "A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0."
}, }
"source" : { ]
"advisory" : "https://bugzilla.suse.com/show_bug.cgi?id=1105361", },
"defect" : [ "impact": {
"https://bugzilla.suse.com/show_bug.cgi?id=1105361" "cvss": {
], "attackComplexity": "HIGH",
"discovery" : "INTERNAL" "attackVector": "NETWORK",
} "availabilityImpact": "NONE",
} "baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23, path traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1105361",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1105361"
},
{
"name": "https://github.com/openSUSE/obs-service-tar_scm/pull/248",
"refsource": "CONFIRM",
"url": "https://github.com/openSUSE/obs-service-tar_scm/pull/248"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1105361",
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1105361"
],
"discovery": "INTERNAL"
}
}

120
2018/12xxx/CVE-2018-12989.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12989", "ID": "CVE-2018-12989",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://computeco.de/2018-07-29_1.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://computeco.de/2018-07-29_1.html" "lang": "eng",
} "value": "The report-viewing feature in Pearson VUE Certiport Console 8 and IQSystem 7 before 2018-06-26 mishandles child processes and consequently launches Internet Explorer or Microsoft Edge as Administrator, which allows local users to gain privileges."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://computeco.de/2018-07-29_1.html",
"refsource": "MISC",
"url": "https://computeco.de/2018-07-29_1.html"
}
]
}
}

130
2018/13xxx/CVE-2018-13506.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13506", "ID": "CVE-2018-13506",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for SDR22, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for SDR22, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SDR22", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SDR22" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SDR22",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SDR22"
}
]
}
}

34
2018/13xxx/CVE-2018-13936.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13936", "ID": "CVE-2018-13936",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/16xxx/CVE-2018-16655.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16655", "ID": "CVE-2018-16655",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/lengjibo/lengjibo.github.io/blob/master/gxlcms/index.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/lengjibo/lengjibo.github.io/blob/master/gxlcms/index.html" "lang": "eng",
}, "value": "Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php."
{ }
"name" : "https://lengjibo.github.io/gxlcms/", ]
"refsource" : "MISC", },
"url" : "https://lengjibo.github.io/gxlcms/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lengjibo.github.io/gxlcms/",
"refsource": "MISC",
"url": "https://lengjibo.github.io/gxlcms/"
},
{
"name": "https://github.com/lengjibo/lengjibo.github.io/blob/master/gxlcms/index.html",
"refsource": "MISC",
"url": "https://github.com/lengjibo/lengjibo.github.io/blob/master/gxlcms/index.html"
}
]
}
}

120
2018/16xxx/CVE-2018-16951.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16951", "ID": "CVE-2018-16951",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ysrc/xunfeng/issues/176", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/ysrc/xunfeng/issues/176" "lang": "eng",
} "value": "xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ysrc/xunfeng/issues/176",
"refsource": "MISC",
"url": "https://github.com/ysrc/xunfeng/issues/176"
}
]
}
}

150
2018/17xxx/CVE-2018-17159.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secteam@freebsd.org", "ASSIGNER": "secteam@freebsd.org",
"ID" : "CVE-2018-17159", "ID": "CVE-2018-17159",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "FreeBSD", "product_name": "FreeBSD",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "FreeBSD 11.2 before 11.2-RELEASE-p5" "version_value": "FreeBSD 11.2 before 11.2-RELEASE-p5"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "FreeBSD" "vendor_name": "FreeBSD"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Kernel improper bounds checking"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/", "description_data": [
"refsource" : "MISC", {
"url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/" "lang": "eng",
}, "value": "In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Unprivileged remote users with access to the NFS server can cause a resource exhaustion by forcing the server to allocate an arbitrarily large memory allocation."
{ }
"name" : "FreeBSD-SA-18:13", ]
"refsource" : "FREEBSD", },
"url" : "https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "106192", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106192" "lang": "eng",
}, "value": "Kernel improper bounds checking"
{ }
"name" : "1042164", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1042164" ]
} },
] "references": {
} "reference_data": [
} {
"name": "106192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106192"
},
{
"name": "FreeBSD-SA-18:13",
"refsource": "FREEBSD",
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-18:13.nfs.asc"
},
{
"name": "1042164",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042164"
},
{
"name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/",
"refsource": "MISC",
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-24/"
}
]
}
}

130
2018/17xxx/CVE-2018-17173.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17173", "ID": "CVE-2018-17173",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45448", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45448/" "lang": "eng",
}, "value": "LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail."
{ }
"name" : "http://mamaquieroserpentester.blogspot.com/2018/09/lg-supersign-rce-to-luna-and-back-to.html", ]
"refsource" : "MISC", },
"url" : "http://mamaquieroserpentester.blogspot.com/2018/09/lg-supersign-rce-to-luna-and-back-to.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45448",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45448/"
},
{
"name": "http://mamaquieroserpentester.blogspot.com/2018/09/lg-supersign-rce-to-luna-and-back-to.html",
"refsource": "MISC",
"url": "http://mamaquieroserpentester.blogspot.com/2018/09/lg-supersign-rce-to-luna-and-back-to.html"
}
]
}
}

130
2018/17xxx/CVE-2018-17635.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-17635", "ID": "CVE-2018-17635",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Reader", "product_name": "Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.2.0.9297" "version_value": "9.2.0.9297"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the desc property. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6471."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416: Use After Free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1177/", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1177/" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the desc property. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6471."
{ }
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", ]
"refsource" : "CONFIRM", },
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1177/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1177/"
}
]
}
}

130
2018/17xxx/CVE-2018-17696.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-17696", "ID": "CVE-2018-17696",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Reader", "product_name": "Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.2.0.9297" "version_value": "9.2.0.9297"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the dataObjects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7169."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416: Use After Free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1223/", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1223/" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the dataObjects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7169."
{ }
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", ]
"refsource" : "CONFIRM", },
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1223/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1223/"
}
]
}
}

140
2018/17xxx/CVE-2018-17884.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17884", "ID": "CVE-2018-17884",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.defensecode.com/advisories/DC-2018-05-008_WordPress_Gwolle_Guestbook_Plugin_Advisory.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.defensecode.com/advisories/DC-2018-05-008_WordPress_Gwolle_Guestbook_Plugin_Advisory.pdf" "lang": "eng",
}, "value": "XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php"
{ }
"name" : "https://seclists.org/bugtraq/2018/Jul/74", ]
"refsource" : "MISC", },
"url" : "https://seclists.org/bugtraq/2018/Jul/74" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://wordpress.org/plugins/gwolle-gb/#developers", "description": [
"refsource" : "MISC", {
"url" : "https://wordpress.org/plugins/gwolle-gb/#developers" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/bugtraq/2018/Jul/74",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2018/Jul/74"
},
{
"name": "http://www.defensecode.com/advisories/DC-2018-05-008_WordPress_Gwolle_Guestbook_Plugin_Advisory.pdf",
"refsource": "MISC",
"url": "http://www.defensecode.com/advisories/DC-2018-05-008_WordPress_Gwolle_Guestbook_Plugin_Advisory.pdf"
},
{
"name": "https://wordpress.org/plugins/gwolle-gb/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/gwolle-gb/#developers"
}
]
}
}