admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:32:01 +00:00
parent 3195d5440f
commit a5d75bc6ac
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
60 changed files with 4116 additions and 4116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2003/1xxx/CVE-2003-1075.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1075", "ID": "CVE-2003-1075",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clients."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "50240", "description_data": [
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50240-1" "lang": "eng",
}, "value": "Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clients."
{ }
"name" : "6709", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/6709" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1005996", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1005996" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "7968", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/7968/" ]
}, },
{ "references": {
"name" : "solaris-ftpd-dos(11186)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11186" "name": "solaris-ftpd-dos(11186)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11186"
} },
} {
"name": "1005996",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1005996"
},
{
"name": "6709",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6709"
},
{
"name": "50240",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50240-1"
},
{
"name": "7968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/7968/"
}
]
}
}

34
2004/0xxx/CVE-2004-0023.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0023", "ID": "CVE-2004-0023",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

230
2004/0xxx/CVE-2004-0419.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0419", "ID": "CVE-2004-0419",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.xfree86.org/show_bug.cgi?id=1376", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.xfree86.org/show_bug.cgi?id=1376" "lang": "eng",
}, "value": "XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions."
{ }
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124900", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124900" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-200407-05", "description": [
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200407-05.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDKSA-2004:073", ]
"refsource" : "MANDRAKE", }
"url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:073" ]
}, },
{ "references": {
"name" : "20040526 008: SECURITY FIX: May 26, 2004", "reference_data": [
"refsource" : "OPENBSD", {
"url" : "http://www.openbsd.org/errata.html#xdm" "name": "12019",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/12019"
"name" : "RHSA-2004:478", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-478.html" "name": "xdm-socket-gain-access(16264)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16264"
"name" : "P-001", },
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/p-001.shtml" "name": "http://bugs.xfree86.org/show_bug.cgi?id=1376",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.xfree86.org/show_bug.cgi?id=1376"
"name" : "10423", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10423" "name": "MDKSA-2004:073",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:073"
"name" : "oval:org.mitre.oval:def:10161", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10161" "name": "oval:org.mitre.oval:def:10161",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10161"
"name" : "1010306", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1010306" "name": "GLSA-200407-05",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200407-05.xml"
"name" : "12019", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12019" "name": "P-001",
}, "refsource": "CIAC",
{ "url": "http://www.ciac.org/ciac/bulletins/p-001.shtml"
"name" : "xdm-socket-gain-access(16264)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16264" "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124900",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124900"
} },
} {
"name": "10423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10423"
},
{
"name": "1010306",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010306"
},
{
"name": "20040526 008: SECURITY FIX: May 26, 2004",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata.html#xdm"
},
{
"name": "RHSA-2004:478",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-478.html"
}
]
}
}

160
2004/0xxx/CVE-2004-0480.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0480", "ID": "CVE-2004-0480",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allows remote attackers to execute arbitrary code via a notes: URI that uses a UNC network share pathname to provide an alternate notes.ini configuration file to notes.exe."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040627 Lotus Notes URL argument injection vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=108843896506099&w=2" "lang": "eng",
}, "value": "Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allows remote attackers to execute arbitrary code via a notes: URI that uses a UNC network share pathname to provide an alternate notes.ini configuration file to notes.exe."
{ }
"name" : "http://www.idefense.com/application/poi/display?id=111&type=vulnerabilities", ]
"refsource" : "MISC", },
"url" : "http://www.idefense.com/application/poi/display?id=111&type=vulnerabilities" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www-1.ibm.com/support/docview.wss?rs=475/context=SSKTWP&uid=swg21169510", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www-1.ibm.com/support/docview.wss?rs=475/context=SSKTWP&uid=swg21169510" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "lotus-notes-xss(16496)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16496" ]
}, },
{ "references": {
"name" : "10600", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10600" "name": "http://www-1.ibm.com/support/docview.wss?rs=475/context=SSKTWP&uid=swg21169510",
} "refsource": "CONFIRM",
] "url": "http://www-1.ibm.com/support/docview.wss?rs=475/context=SSKTWP&uid=swg21169510"
} },
} {
"name": "10600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10600"
},
{
"name": "20040627 Lotus Notes URL argument injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108843896506099&w=2"
},
{
"name": "lotus-notes-xss(16496)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16496"
},
{
"name": "http://www.idefense.com/application/poi/display?id=111&type=vulnerabilities",
"refsource": "MISC",
"url": "http://www.idefense.com/application/poi/display?id=111&type=vulnerabilities"
}
]
}
}

160
2004/0xxx/CVE-2004-0534.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0534", "ID": "CVE-2004-0534",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040907 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026550.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document."
{ }
"name" : "20040917 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue", ]
"refsource" : "VULNWATCH", },
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "11209", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11209" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "12587", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/12587/" ]
}, },
{ "references": {
"name" : "webintelligence-input-document-xss(17419)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17419" "name": "20040907 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
} "refsource": "FULLDISC",
] "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026550.html"
} },
} {
"name": "12587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12587/"
},
{
"name": "11209",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11209"
},
{
"name": "20040917 Corsaire Security Advisory - Business Objects WebIntelligence XSS issue",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0057.html"
},
{
"name": "webintelligence-input-document-xss(17419)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17419"
}
]
}
}

140
2004/1xxx/CVE-2004-1000.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1000", "ID": "CVE-2004-1000",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-630", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2004/dsa-630" "lang": "eng",
}, "value": "lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack."
{ }
"name" : "13771", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/13771" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "lintian-symlink(18808)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18808" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "lintian-symlink(18808)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18808"
},
{
"name": "13771",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13771"
},
{
"name": "DSA-630",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-630"
}
]
}
}

270
2004/1xxx/CVE-2004-1184.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1184", "ID": "CVE-2004-1184",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060526 rPSA-2006-0083-1 enscript", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/435199/100/0/threaded" "lang": "eng",
}, "value": "The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters."
{ }
"name" : "http://support.apple.com/kb/HT3549", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT3549" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2009-05-12", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-654", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2005/dsa-654" ]
}, },
{ "references": {
"name" : "FLSA:152892", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://www.securityfocus.com/archive/1/419768/100/0/threaded" "name": "oval:org.mitre.oval:def:9658",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9658"
"name" : "GLSA-200502-03", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200502-03.xml" "name": "FLSA:152892",
}, "refsource": "FEDORA",
{ "url": "http://www.securityfocus.com/archive/1/419768/100/0/threaded"
"name" : "MDKSA-2005:033", },
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:033" "name": "12329",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/12329"
"name" : "RHSA-2005:040", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-040.html" "name": "http://support.apple.com/kb/HT3549",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT3549"
"name" : "USN-68-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/68-1/" "name": "MDKSA-2005:033",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:033"
"name" : "TA09-133A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" "name": "USN-68-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/68-1/"
"name" : "12329", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/12329" "name": "1012965",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1012965"
"name" : "oval:org.mitre.oval:def:9658", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9658" "name": "35074",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35074"
"name" : "1012965", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1012965" "name": "DSA-654",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2005/dsa-654"
"name" : "35074", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35074" "name": "APPLE-SA-2009-05-12",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
"name" : "ADV-2009-1297", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1297" "name": "20060526 rPSA-2006-0083-1 enscript",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/435199/100/0/threaded"
"name" : "enscript-epsf-command-ececution(19012)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19012" "name": "TA09-133A",
} "refsource": "CERT",
] "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
} },
} {
"name": "ADV-2009-1297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "RHSA-2005:040",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-040.html"
},
{
"name": "GLSA-200502-03",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-03.xml"
},
{
"name": "enscript-epsf-command-ececution(19012)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19012"
}
]
}
}

210
2004/1xxx/CVE-2004-1488.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1488", "ID": "CVE-2004-1488",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041209 wget: Arbitrary file overwriting/appending/creating and other vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110269474112384&w=2" "lang": "eng",
}, "value": "wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code."
{ }
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755", ]
"refsource" : "MISC", },
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2005:771", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-771.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SR:2006:016", ]
"refsource" : "SUSE", }
"url" : "http://www.novell.com/linux/security/advisories/2006_16_sr.html" ]
}, },
{ "references": {
"name" : "USN-145-1", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/145-1/" "name": "RHSA-2005:771",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2005-771.html"
"name" : "11871", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11871" "name": "11871",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/11871"
"name" : "oval:org.mitre.oval:def:9750", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9750" "name": "20041209 wget: Arbitrary file overwriting/appending/creating and other vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=110269474112384&w=2"
"name" : "1012472", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1012472" "name": "USN-145-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/145-1/"
"name" : "20960", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20960" "name": "SUSE-SR:2006:016",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
"name" : "wget-terminal-overwrite(18421)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18421" "name": "wget-terminal-overwrite(18421)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18421"
} },
} {
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755"
},
{
"name": "oval:org.mitre.oval:def:9750",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9750"
},
{
"name": "20960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20960"
},
{
"name": "1012472",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012472"
}
]
}
}

140
2004/1xxx/CVE-2004-1799.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1799", "ID": "CVE-2004-1799",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040105 firewall security bug?", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=107331321302113&w=2" "lang": "eng",
}, "value": "PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces."
{ }
"name" : "9362", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/9362" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "19105", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/19105" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "19105",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19105"
},
{
"name": "20040105 firewall security bug?",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=107331321302113&w=2"
},
{
"name": "9362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9362"
}
]
}
}

140
2004/1xxx/CVE-2004-1880.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1880", "ID": "CVE-2004-1880",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier allows remote attackers to cause a denial of service (memory consumption)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "CLSA-2003:685", "description_data": [
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000685" "lang": "eng",
}, "value": "Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier allows remote attackers to cause a denial of service (memory consumption)."
{ }
"name" : "17000", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/17000" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "9203", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/9203" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "CLSA-2003:685",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000685"
},
{
"name": "17000",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17000"
},
{
"name": "9203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9203"
}
]
}
}

170
2004/2xxx/CVE-2004-2092.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2092", "ID": "CVE-2004-2092",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "eTrust InoculateIT for Linux 6.0 uses insecure permissions for multiple files and directories, including the application's registry and tmp directories, which allows local users to delete, modify, or examine sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040209 [local problems] eTrust Virus Protection 6.0 InoculateIT for linux", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=107635584431518&w=2" "lang": "eng",
}, "value": "eTrust InoculateIT for Linux 6.0 uses insecure permissions for multiple files and directories, including the application's registry and tmp directories, which allows local users to delete, modify, or examine sensitive information."
{ }
"name" : "http://www.excluded.org/advisories/advisory10.txt", ]
"refsource" : "MISC", },
"url" : "http://www.excluded.org/advisories/advisory10.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "9616", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/9616" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3896", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/3896" ]
}, },
{ "references": {
"name" : "10833", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/10833" "name": "10833",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/10833"
"name" : "etrust-inoculateit-insecure-permissions(15103)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15103" "name": "http://www.excluded.org/advisories/advisory10.txt",
} "refsource": "MISC",
] "url": "http://www.excluded.org/advisories/advisory10.txt"
} },
} {
"name": "etrust-inoculateit-insecure-permissions(15103)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15103"
},
{
"name": "20040209 [local problems] eTrust Virus Protection 6.0 InoculateIT for linux",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107635584431518&w=2"
},
{
"name": "3896",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3896"
},
{
"name": "9616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9616"
}
]
}
}

140
2004/2xxx/CVE-2004-2313.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2313", "ID": "CVE-2004-2313",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040131 sqwebmail web login", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/352317" "lang": "eng",
}, "value": "Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks."
{ }
"name" : "9541", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/9541" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "sqwebmail-login-info-disclosure(15058)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15058" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20040131 sqwebmail web login",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/352317"
},
{
"name": "9541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9541"
},
{
"name": "sqwebmail-login-info-disclosure(15058)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15058"
}
]
}
}

150
2004/2xxx/CVE-2004-2629.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2629", "ID": "CVE-2004-2629",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple vulnerabilities in the H.323 protocol implementation for First Virtual Communications Click to Meet Express (when used with H.323 conferencing endpoints), Click to Meet Premier, Conference Server, and V-Gate allow remote attackers to cause a denial of service, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.fvc.com/eng/docs/misc_docs/H.323_Security_Bulletin.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.fvc.com/eng/docs/misc_docs/H.323_Security_Bulletin.pdf" "lang": "eng",
}, "value": "Multiple vulnerabilities in the H.323 protocol implementation for First Virtual Communications Click to Meet Express (when used with H.323 conferencing endpoints), Click to Meet Premier, Conference Server, and V-Gate allow remote attackers to cause a denial of service, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol."
{ }
"name" : "http://www.uniras.gov.uk/vuls/2004/006489/h323.htm", ]
"refsource" : "MISC", },
"url" : "http://www.uniras.gov.uk/vuls/2004/006489/h323.htm" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "CA-2004-01", "description": [
"refsource" : "CERT", {
"url" : "http://www.cert.org/advisories/CA-2004-01.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "11192", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/11192" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://support.fvc.com/eng/docs/misc_docs/H.323_Security_Bulletin.pdf",
"refsource": "CONFIRM",
"url": "http://support.fvc.com/eng/docs/misc_docs/H.323_Security_Bulletin.pdf"
},
{
"name": "11192",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11192"
},
{
"name": "http://www.uniras.gov.uk/vuls/2004/006489/h323.htm",
"refsource": "MISC",
"url": "http://www.uniras.gov.uk/vuls/2004/006489/h323.htm"
},
{
"name": "CA-2004-01",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2004-01.html"
}
]
}
}

210
2004/2xxx/CVE-2004-2632.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2632", "ID": "CVE-2004-2632",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040628 php codes injection in phpMyAdmin version 2.5.7.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-06/0444.html" "lang": "eng",
}, "value": "phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables."
{ }
"name" : "20040630 Re: php codes injection in phpMyAdmin version 2.5.7.", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-06/0473.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://eagle.kecapi.com/sec/fd/phpMyAdmin.html", "description": [
"refsource" : "MISC", {
"url" : "http://eagle.kecapi.com/sec/fd/phpMyAdmin.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-1", ]
"refsource" : "CONFIRM", }
"url" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-1" ]
}, },
{ "references": {
"name" : "GLSA-200407-22", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200407-22.xml" "name": "20040630 Re: php codes injection in phpMyAdmin version 2.5.7.",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0473.html"
"name" : "10629", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10629" "name": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-1",
}, "refsource": "CONFIRM",
{ "url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-1"
"name" : "7315", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/7315" "name": "11974",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11974"
"name" : "1010614", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/alerts/2004/Jun/1010614.html" "name": "20040628 php codes injection in phpMyAdmin version 2.5.7.",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0444.html"
"name" : "11974", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11974" "name": "7315",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/7315"
"name" : "phpmyadmin-code-manipulation(16555)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16555" "name": "10629",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/10629"
} },
} {
"name": "1010614",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/alerts/2004/Jun/1010614.html"
},
{
"name": "GLSA-200407-22",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200407-22.xml"
},
{
"name": "http://eagle.kecapi.com/sec/fd/phpMyAdmin.html",
"refsource": "MISC",
"url": "http://eagle.kecapi.com/sec/fd/phpMyAdmin.html"
},
{
"name": "phpmyadmin-code-manipulation(16555)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16555"
}
]
}
}

170
2008/2xxx/CVE-2008-2061.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2008-2061", "ID": "CVE-2008-2061",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080625 Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities", "description_data": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml" "lang": "eng",
}, "value": "The Computer Telephony Integration (CTI) Manager service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3c) and 6.x before 6.1(2) allows remote attackers to cause a denial of service (TSP crash) via malformed network traffic to TCP port 2748."
{ }
"name" : "29933", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29933" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-1933", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1933/references" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1020360", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1020360" ]
}, },
{ "references": {
"name" : "30848", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30848" "name": "29933",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/29933"
"name" : "cucm-ctimanager-dos(43349)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43349" "name": "cucm-ctimanager-dos(43349)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43349"
} },
} {
"name": "ADV-2008-1933",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1933/references"
},
{
"name": "30848",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30848"
},
{
"name": "1020360",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020360"
},
{
"name": "20080625 Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809b9011.shtml"
}
]
}
}

190
2008/2xxx/CVE-2008-2288.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2288", "ID": "CVE-2008-2288",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html" "lang": "eng",
}, "value": "Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 has insufficient access control for deletion and modification of registry keys, which allows local users to cause a denial of service or obtain sensitive information."
{ }
"name" : "HPSBMA02369", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=122167472229965&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT080115", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=122167472229965&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "29196", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/29196" ]
}, },
{ "references": {
"name" : "1020024", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020024" "name": "symantec-altiris-keys-data-manipulation(42441)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42441"
"name" : "ADV-2008-1542", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1542/references" "name": "ADV-2008-1542",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1542/references"
"name" : "30261", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30261" "name": "SSRT080115",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=122167472229965&w=2"
"name" : "symantec-altiris-keys-data-manipulation(42441)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42441" "name": "HPSBMA02369",
} "refsource": "HP",
] "url": "http://marc.info/?l=bugtraq&m=122167472229965&w=2"
} },
} {
"name": "29196",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29196"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"name": "1020024",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020024"
},
{
"name": "30261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30261"
}
]
}
}

160
2008/2xxx/CVE-2008-2568.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2568", "ID": "CVE-2008-2568",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5743", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5743" "lang": "eng",
}, "value": "SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php."
{ }
"name" : "5833", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/5833" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "29565", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29565" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "30461", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/30461" ]
}, },
{ "references": {
"name" : "simpleshopgalore-index-sql-injection(42871)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42871" "name": "30461",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/30461"
} },
} {
"name": "29565",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29565"
},
{
"name": "5743",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5743"
},
{
"name": "5833",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5833"
},
{
"name": "simpleshopgalore-index-sql-injection(42871)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42871"
}
]
}
}

140
2008/2xxx/CVE-2008-2685.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2685", "ID": "CVE-2008-2685",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter, a different vector than CVE-2008-2626."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.davethewebguy.com/battleblog/article.asp?entry=24", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.davethewebguy.com/battleblog/article.asp?entry=24" "lang": "eng",
}, "value": "SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter, a different vector than CVE-2008-2626."
{ }
"name" : "ADV-2008-1737", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2008/1737" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "battleblog-article-sql-injection(43018)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43018" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1737",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1737"
},
{
"name": "battleblog-article-sql-injection(43018)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43018"
},
{
"name": "http://www.davethewebguy.com/battleblog/article.asp?entry=24",
"refsource": "CONFIRM",
"url": "http://www.davethewebguy.com/battleblog/article.asp?entry=24"
}
]
}
}

34
2008/2xxx/CVE-2008-2741.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2741", "ID": "CVE-2008-2741",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

210
2008/3xxx/CVE-2008-3460.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2008-3460", "ID": "CVE-2008-3460",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the \"WPG Image File Heap Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080812 Microsoft Office WPG Image File Heap Buffer Overflow Vulnerability", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=737" "lang": "eng",
}, "value": "WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the \"WPG Image File Heap Corruption Vulnerability.\""
{ }
"name" : "HPSBST02360", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT080117", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MS08-044", ]
"refsource" : "MS", }
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-044" ]
}, },
{ "references": {
"name" : "TA08-225A", "reference_data": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-225A.html" "name": "MS08-044",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-044"
"name" : "30600", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30600" "name": "TA08-225A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
"name" : "oval:org.mitre.oval:def:6019", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6019" "name": "HPSBST02360",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
"name" : "ADV-2008-2348", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2348" "name": "oval:org.mitre.oval:def:6019",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6019"
"name" : "1020673", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020673" "name": "20080812 Microsoft Office WPG Image File Heap Buffer Overflow Vulnerability",
}, "refsource": "IDEFENSE",
{ "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=737"
"name" : "31336", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31336" "name": "1020673",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1020673"
} },
} {
"name": "SSRT080117",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
},
{
"name": "30600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30600"
},
{
"name": "ADV-2008-2348",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2348"
},
{
"name": "31336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31336"
}
]
}
}

34
2008/6xxx/CVE-2008-6432.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2008-6432", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2008-6432",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6432. Reason: This candidate is a duplicate of CVE-2007-6432. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2007-6432 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6432. Reason: This candidate is a duplicate of CVE-2007-6432. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2007-6432 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

130
2008/6xxx/CVE-2008-6468.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6468", "ID": "CVE-2008-6468",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Diesel Pay allows remote attackers to execute arbitrary SQL commands via the area parameter in a browse action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6502", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6502" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in Diesel Pay allows remote attackers to execute arbitrary SQL commands via the area parameter in a browse action."
{ }
"name" : "31276", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31276" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31276"
},
{
"name": "6502",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6502"
}
]
}
}

140
2008/6xxx/CVE-2008-6522.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6522", "ID": "CVE-2008-6522",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in the RenderFile function in ContentRender.class.php in Terracotta (aka OpenTerracotta) 0.6.1, and possibly other versions, allow remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the (1) CurrentDirectory and (2) File parameters to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080401 Terracotta Personal Edition Multiple vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/490341/100/0/threaded" "lang": "eng",
}, "value": "Multiple directory traversal vulnerabilities in the RenderFile function in ContentRender.class.php in Terracotta (aka OpenTerracotta) 0.6.1, and possibly other versions, allow remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the (1) CurrentDirectory and (2) File parameters to index.php."
{ }
"name" : "28550", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28550" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "terracotta-index-file-include(41572)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41572" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "28550",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28550"
},
{
"name": "20080401 Terracotta Personal Edition Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490341/100/0/threaded"
},
{
"name": "terracotta-index-file-include(41572)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41572"
}
]
}
}

160
2008/6xxx/CVE-2008-6732.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6732", "ID": "CVE-2008-6732",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Language skin object in DotNetNuke before 4.8.4 allows remote attackers to inject arbitrary web script or HTML via \"newly generated paths.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno20/tabid/1167/Default.aspx", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno20/tabid/1167/Default.aspx" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Language skin object in DotNetNuke before 4.8.4 allows remote attackers to inject arbitrary web script or HTML via \"newly generated paths.\""
{ }
"name" : "29686", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29686" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "46322", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/46322" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "30617", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/30617" ]
}, },
{ "references": {
"name" : "dotnetnuke-lso-xss(43030)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43030" "name": "29686",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/29686"
} },
} {
"name": "30617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30617"
},
{
"name": "dotnetnuke-lso-xss(43030)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43030"
},
{
"name": "http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno20/tabid/1167/Default.aspx",
"refsource": "CONFIRM",
"url": "http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno20/tabid/1167/Default.aspx"
},
{
"name": "46322",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/46322"
}
]
}
}

170
2008/6xxx/CVE-2008-6969.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6969", "ID": "CVE-2008-6969",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in checkout.php in Avactis Shopping Cart 1.8.0 and 1.8.1 allow remote attackers to inject arbitrary web script or HTML via the (1) step_id and (2) CHECKOUT_CZ_BLOWFISH_KEY parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://holisticinfosec.org/content/view/81/45/", "description_data": [
"refsource" : "MISC", {
"url" : "http://holisticinfosec.org/content/view/81/45/" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in checkout.php in Avactis Shopping Cart 1.8.0 and 1.8.1 allow remote attackers to inject arbitrary web script or HTML via the (1) step_id and (2) CHECKOUT_CZ_BLOWFISH_KEY parameters."
{ }
"name" : "http://www.avactis.com/forums/index.php?showtopic=3577", ]
"refsource" : "CONFIRM", },
"url" : "http://www.avactis.com/forums/index.php?showtopic=3577" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31054", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31054" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "47946", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/47946" ]
}, },
{ "references": {
"name" : "31768", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31768" "name": "31768",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31768"
"name" : "avactis-checkout-xss(44929)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44929" "name": "http://www.avactis.com/forums/index.php?showtopic=3577",
} "refsource": "CONFIRM",
] "url": "http://www.avactis.com/forums/index.php?showtopic=3577"
} },
} {
"name": "avactis-checkout-xss(44929)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44929"
},
{
"name": "47946",
"refsource": "OSVDB",
"url": "http://osvdb.org/47946"
},
{
"name": "http://holisticinfosec.org/content/view/81/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/81/45/"
},
{
"name": "31054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31054"
}
]
}
}

34
2012/5xxx/CVE-2012-5022.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5022", "ID": "CVE-2012-5022",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

230
2012/5xxx/CVE-2012-5276.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2012-5276", "ID": "CVE-2012-5276",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5277, and CVE-2012-5280."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-24.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-24.html" "lang": "eng",
}, "value": "Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5277, and CVE-2012-5280."
{ }
"name" : "RHSA-2012:1431", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1431.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SU-2012:1485", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00007.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2012:1480", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00005.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2013:0134", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00012.html" "name": "openSUSE-SU-2013:0134",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00012.html"
"name" : "openSUSE-SU-2013:0367", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00030.html" "name": "RHSA-2012:1431",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1431.html"
"name" : "1027730", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027730" "name": "51245",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51245"
"name" : "51245", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51245" "name": "1027730",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1027730"
"name" : "51186", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51186" "name": "openSUSE-SU-2013:0367",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00030.html"
"name" : "51207", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51207" "name": "51186",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51186"
"name" : "51213", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51213" "name": "openSUSE-SU-2012:1480",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00005.html"
"name" : "adobe-cve20125276-bo(79847)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79847" "name": "adobe-cve20125276-bo(79847)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79847"
} },
} {
"name": "http://www.adobe.com/support/security/bulletins/apsb12-24.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-24.html"
},
{
"name": "SUSE-SU-2012:1485",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00007.html"
},
{
"name": "51213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51213"
},
{
"name": "51207",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51207"
}
]
}
}

34
2012/5xxx/CVE-2012-5663.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5663", "ID": "CVE-2012-5663",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/11xxx/CVE-2017-11039.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11039", "ID": "CVE-2017-11039",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

122
2017/11xxx/CVE-2017-11156.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@synology.com", "ASSIGNER": "security@synology.com",
"DATE_PUBLIC" : "2017-08-11T00:00:00", "DATE_PUBLIC": "2017-08-11T00:00:00",
"ID" : "CVE-2017-11156", "ID": "CVE-2017-11156",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Synology Download Station", "product_name": "Synology Download Station",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "3.8.x before 3.8.5-3475 and 3.x before 3.5-2984" "version_value": "3.8.x before 3.8.5-3475 and 3.x before 3.5-2984"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Synology" "vendor_name": "Synology"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect Default Permissions (CWE-276)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station" "lang": "eng",
} "value": "Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Default Permissions (CWE-276)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station",
"refsource": "CONFIRM",
"url": "https://www.synology.com/en-global/support/security/Synology_SA_17_28_Download_Station"
}
]
}
}

140
2017/11xxx/CVE-2017-11624.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11624", "ID": "CVE-2017-11624",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an \"infinite loop.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf.html" "lang": "eng",
}, "value": "A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an \"infinite loop.\""
{ }
"name" : "https://github.com/qpdf/qpdf/issues/117", ]
"refsource" : "MISC", },
"url" : "https://github.com/qpdf/qpdf/issues/117" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "USN-3638-1", "description": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3638-1/" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "USN-3638-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3638-1/"
},
{
"name": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf.html",
"refsource": "MISC",
"url": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf.html"
},
{
"name": "https://github.com/qpdf/qpdf/issues/117",
"refsource": "MISC",
"url": "https://github.com/qpdf/qpdf/issues/117"
}
]
}
}

120
2017/11xxx/CVE-2017-11646.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11646", "ID": "CVE-2017-11646",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. They does not contain any token that can mitigate CSRF vulnerabilities within the device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://iscouncil.blogspot.com/2017/07/cross-site-request-forgery.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://iscouncil.blogspot.com/2017/07/cross-site-request-forgery.html" "lang": "eng",
} "value": "NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. They does not contain any token that can mitigate CSRF vulnerabilities within the device."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://iscouncil.blogspot.com/2017/07/cross-site-request-forgery.html",
"refsource": "MISC",
"url": "https://iscouncil.blogspot.com/2017/07/cross-site-request-forgery.html"
}
]
}
}

122
2017/14xxx/CVE-2017-14879.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-01-02T00:00:00", "DATE_PUBLIC": "2018-01-02T00:00:00",
"ID" : "CVE-2017-14879", "ID": "CVE-2017-14879",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, by calling an IPA ioctl and searching for routing/filer/hdr rule handle from ipa_idr pointer using ipa_idr_find() function, the wrong structure pointer can be returned resulting in a slab out of bound access in the IPA driver."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use of Out-of-range Pointer Offset in IPA"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/pixel/2018-01-01" "lang": "eng",
} "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, by calling an IPA ioctl and searching for routing/filer/hdr rule handle from ipa_idr pointer using ipa_idr_find() function, the wrong structure pointer can be returned resulting in a slab out of bound access in the IPA driver."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Out-of-range Pointer Offset in IPA"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
}
]
}
}

34
2017/15xxx/CVE-2017-15485.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-15485", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-15485",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

130
2017/15xxx/CVE-2017-15613.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15613", "ID": "CVE-2017-15613",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/541655/100/0/threaded" "lang": "eng",
}, "value": "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file."
{ }
"name" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt", ]
"refsource" : "MISC", },
"url" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt",
"refsource": "MISC",
"url": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt"
},
{
"name": "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/541655/100/0/threaded"
}
]
}
}

130
2017/15xxx/CVE-2017-15636.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15636", "ID": "CVE-2017-15636",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/541655/100/0/threaded" "lang": "eng",
}, "value": "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file."
{ }
"name" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt", ]
"refsource" : "MISC", },
"url" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt",
"refsource": "MISC",
"url": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt"
},
{
"name": "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/541655/100/0/threaded"
}
]
}
}

120
2017/15xxx/CVE-2017-15761.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15761", "ID": "CVE-2017-15761",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"User Mode Write AV starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001ecaa.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15761", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15761" "lang": "eng",
} "value": "IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a \"User Mode Write AV starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001ecaa.\""
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15761",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15761"
}
]
}
}

132
2017/15xxx/CVE-2017-15823.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-03-26T00:00:00", "DATE_PUBLIC": "2018-03-26T00:00:00",
"ID" : "CVE-2017-15823", "ID": "CVE-2017-15823",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In spectral_create_samp_msg() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-11, some values from firmware are not properly validated potentially leading to a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Input Validation in WLAN"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=49c1ce19c8a4689c33e6e8f17ab77d77fae6ff93", "description_data": [
"refsource" : "MISC", {
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=49c1ce19c8a4689c33e6e8f17ab77d77fae6ff93" "lang": "eng",
}, "value": "In spectral_create_samp_msg() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-11, some values from firmware are not properly validated potentially leading to a buffer overflow."
{ }
"name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", ]
"refsource" : "CONFIRM", },
"url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Improper Input Validation in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=49c1ce19c8a4689c33e6e8f17ab77d77fae6ff93",
"refsource": "MISC",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=49c1ce19c8a4689c33e6e8f17ab77d77fae6ff93"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2018-02-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-02-01"
}
]
}
}

166
2017/3xxx/CVE-2017-3423.json
View File

@ -1,85 +1,85 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3423", "ID": "CVE-2017-3423",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "One-to-One Fulfillment", "product_name": "One-to-One Fulfillment",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "12.1.1" "version_value": "12.1.1"
}, },
{ {
"version_value" : "12.1.2" "version_value": "12.1.2"
}, },
{ {
"version_value" : "12.1.3" "version_value": "12.1.3"
}, },
{ {
"version_value" : "12.2.3" "version_value": "12.2.3"
}, },
{ {
"version_value" : "12.2.4" "version_value": "12.2.4"
}, },
{ {
"version_value" : "12.2.5" "version_value": "12.2.5"
}, },
{ {
"version_value" : "12.2.6" "version_value": "12.2.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle" "vendor_name": "Oracle"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
{ }
"name" : "95569", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95569" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95569"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}

34
2017/3xxx/CVE-2017-3690.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-3690", "ID": "CVE-2017-3690",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/3xxx/CVE-2017-3992.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-3992", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-3992",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

130
2017/8xxx/CVE-2017-8103.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8103", "ID": "CVE-2017-8103",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://seclists.org/fulldisclosure/2017/Apr/53", "description_data": [
"refsource" : "MISC", {
"url" : "http://seclists.org/fulldisclosure/2017/Apr/53" "lang": "eng",
}, "value": "In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event."
{ }
"name" : "https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/", ]
"refsource" : "MISC", },
"url" : "https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Apr/53",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Apr/53"
},
{
"name": "https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/",
"refsource": "MISC",
"url": "https://blog.mybb.com/2017/04/04/mybb-1-8-11-merge-system-1-8-11-release/"
}
]
}
}

150
2017/8xxx/CVE-2017-8487.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-8487", "ID": "CVE-2017-8487",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Windows", "product_name": "Microsoft Windows",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows XP SP3, Windows XP x64 SP2, Windows Server 2003 SP2" "version_value": "Windows XP SP3, Windows XP x64 SP2, Windows Server 2003 SP2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka \"Windows olecnv32.dll Remote Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42211", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42211/" "lang": "eng",
}, "value": "Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka \"Windows olecnv32.dll Remote Code Execution Vulnerability.\""
{ }
"name" : "https://support.microsoft.com/en-us/help/4025218/security-update-for-windows-xp-and-windows-server-2003", ]
"refsource" : "CONFIRM", },
"url" : "https://support.microsoft.com/en-us/help/4025218/security-update-for-windows-xp-and-windows-server-2003" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "99013", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99013" "lang": "eng",
}, "value": "Remote Code Execution"
{ }
"name" : "1038702", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1038702" ]
} },
] "references": {
} "reference_data": [
} {
"name": "42211",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42211/"
},
{
"name": "https://support.microsoft.com/en-us/help/4025218/security-update-for-windows-xp-and-windows-server-2003",
"refsource": "CONFIRM",
"url": "https://support.microsoft.com/en-us/help/4025218/security-update-for-windows-xp-and-windows-server-2003"
},
{
"name": "99013",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99013"
},
{
"name": "1038702",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038702"
}
]
}
}

142
2017/8xxx/CVE-2017-8566.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-07-11T00:00:00", "DATE_PUBLIC": "2017-07-11T00:00:00",
"ID" : "CVE-2017-8566", "ID": "CVE-2017-8566",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Windows 1607, 1703, and Windows Server 2016.", "product_name": "Microsoft Windows 1607, 1703, and Windows Server 2016.",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Windows" "version_value": "Microsoft Windows"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows Input Method Editor (IME) improperly handling parameters in a method of a DCOM class, aka \"Windows IME Elevation of Privilege Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8566", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8566" "lang": "eng",
}, "value": "Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows Input Method Editor (IME) improperly handling parameters in a method of a DCOM class, aka \"Windows IME Elevation of Privilege Vulnerability\"."
{ }
"name" : "99404", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99404" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038853", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038853" "lang": "eng",
} "value": "Elevation of Privilege"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "99404",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99404"
},
{
"name": "1038853",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038853"
},
{
"name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8566",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8566"
}
]
}
}

122
2018/12xxx/CVE-2018-12176.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@intel.com", "ASSIGNER": "secure@intel.com",
"DATE_PUBLIC" : "2018-09-11T00:00:00", "DATE_PUBLIC": "2018-09-11T00:00:00",
"ID" : "CVE-2018-12176", "ID": "CVE-2018-12176",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Intel(R) NUC Kits and Intel(R) Compute Cards", "product_name": "Intel(R) NUC Kits and Intel(R) Compute Cards",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Multiple Intel(R) NUC Kits and Intel(R) Compute Cards (see list in Intel advisory)." "version_value": "Multiple Intel(R) NUC Kits and Intel(R) Compute Cards (see list in Intel advisory)."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Intel Corporation" "vendor_name": "Intel Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Improper input validation in firmware for Intel NUC Kits may allow a privileged user to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Escalation of Privilege, Denial of Service, Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00176.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00176.html" "lang": "eng",
} "value": "Improper input validation in firmware for Intel NUC Kits may allow a privileged user to potentially execute arbitrary code resulting in information disclosure, escalation of privilege and/or denial of service via local access."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege, Denial of Service, Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00176.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00176.html"
}
]
}
}

306
2018/12xxx/CVE-2018-12405.json
View File

@ -1,155 +1,155 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@mozilla.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2018-12405", "ID": "CVE-2018-12405",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Thunderbird", "product_name": "Thunderbird",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "60.4" "version_value": "60.4"
} }
] ]
} }
}, },
{ {
"product_name" : "Firefox ESR", "product_name": "Firefox ESR",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "60.4" "version_value": "60.4"
} }
] ]
} }
}, },
{ {
"product_name" : "Firefox", "product_name": "Firefox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "64" "version_value": "64"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mozilla" "vendor_name": "Mozilla"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory safety bugs fixed in Firefox 64, Firefox ESR 60.4, and Thunderbird 60.4"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html" "lang": "eng",
}, "value": "Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64."
{ }
"name" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1494752%2C1498765%2C1503326%2C1505181%2C1500759%2C1504365%2C1506640%2C1503082%2C1502013%2C1510471", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1494752%2C1498765%2C1503326%2C1505181%2C1500759%2C1504365%2C1506640%2C1503082%2C1502013%2C1510471" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-29/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-29/" "lang": "eng",
}, "value": "Memory safety bugs fixed in Firefox 64, Firefox ESR 60.4, and Thunderbird 60.4"
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-30/", ]
"refsource" : "CONFIRM", }
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-30/" ]
}, },
{ "references": {
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-31/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-31/" "name": "https://www.mozilla.org/security/advisories/mfsa2018-29/",
}, "refsource": "CONFIRM",
{ "url": "https://www.mozilla.org/security/advisories/mfsa2018-29/"
"name" : "DSA-4354", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4354" "name": "[debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update",
}, "refsource": "MLIST",
{ "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html"
"name" : "DSA-4362", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2019/dsa-4362" "name": "RHSA-2018:3833",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:3833"
"name" : "GLSA-201903-04", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201903-04" "name": "RHSA-2018:3831",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:3831"
"name" : "RHSA-2018:3831", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3831" "name": "DSA-4362",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2019/dsa-4362"
"name" : "RHSA-2018:3833", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3833" "name": "GLSA-201903-04",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201903-04"
"name" : "RHSA-2019:0159", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2019:0159" "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1494752%2C1498765%2C1503326%2C1505181%2C1500759%2C1504365%2C1506640%2C1503082%2C1502013%2C1510471",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1494752%2C1498765%2C1503326%2C1505181%2C1500759%2C1504365%2C1506640%2C1503082%2C1502013%2C1510471"
"name" : "RHSA-2019:0160", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2019:0160" "name": "USN-3844-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3844-1/"
"name" : "USN-3844-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3844-1/" "name": "106168",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/106168"
"name" : "USN-3868-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3868-1/" "name": "RHSA-2019:0159",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2019:0159"
"name" : "106168", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106168" "name": "https://www.mozilla.org/security/advisories/mfsa2018-31/",
} "refsource": "CONFIRM",
] "url": "https://www.mozilla.org/security/advisories/mfsa2018-31/"
} },
} {
"name": "https://www.mozilla.org/security/advisories/mfsa2018-30/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-30/"
},
{
"name": "DSA-4354",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4354"
},
{
"name": "USN-3868-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3868-1/"
},
{
"name": "RHSA-2019:0160",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0160"
}
]
}
}

150
2018/12xxx/CVE-2018-12538.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "emo@eclipse.org", "ASSIGNER": "security@eclipse.org",
"ID" : "CVE-2018-12538", "ID": "CVE-2018-12538",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Eclipse Jetty", "product_name": "Eclipse Jetty",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "9.4.9" "version_value": "9.4.9"
}, },
{ {
"version_affected" : ">=", "version_affected": ">=",
"version_value" : "9.4.0" "version_value": "9.4.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "The Eclipse Foundation" "vendor_name": "The Eclipse Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-6: J2EE Misconfiguration: Insufficient Session-ID Length"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018" "lang": "eng",
}, "value": "In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore."
{ }
"name" : "https://security.netapp.com/advisory/ntap-20181014-0001/", ]
"refsource" : "CONFIRM", },
"url" : "https://security.netapp.com/advisory/ntap-20181014-0001/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041194", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041194" "lang": "eng",
} "value": "CWE-6: J2EE Misconfiguration: Insufficient Session-ID Length"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1041194",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041194"
},
{
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018",
"refsource": "CONFIRM",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536018"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181014-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181014-0001/"
}
]
}
}

130
2018/12xxx/CVE-2018-12562.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12562", "ID": "CVE-2018-12562",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home/../tmp/* string)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.openwall.com/lists/oss-security/2018/06/18/1", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.openwall.com/lists/oss-security/2018/06/18/1" "lang": "eng",
}, "value": "An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home/../tmp/* string)."
{ }
"name" : "https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3", ]
"refsource" : "MISC", },
"url" : "https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3",
"refsource": "MISC",
"url": "https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3"
},
{
"name": "http://www.openwall.com/lists/oss-security/2018/06/18/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2018/06/18/1"
}
]
}
}

130
2018/13xxx/CVE-2018-13131.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13131", "ID": "CVE-2018-13131",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SpadePreSale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/dwfault/AirTokens/blob/master/SPXToken/mint%20interger%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/dwfault/AirTokens/blob/master/SPXToken/mint%20interger%20overflow.md" "lang": "eng",
}, "value": "SpadePreSale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner."
{ }
"name" : "https://github.com/dwfault/AirTokens/tree/master/SpadePreSale", ]
"refsource" : "MISC", },
"url" : "https://github.com/dwfault/AirTokens/tree/master/SpadePreSale" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dwfault/AirTokens/blob/master/SPXToken/mint%20interger%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/dwfault/AirTokens/blob/master/SPXToken/mint%20interger%20overflow.md"
},
{
"name": "https://github.com/dwfault/AirTokens/tree/master/SpadePreSale",
"refsource": "MISC",
"url": "https://github.com/dwfault/AirTokens/tree/master/SpadePreSale"
}
]
}
}

130
2018/13xxx/CVE-2018-13191.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13191", "ID": "CVE-2018-13191",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for Super Carbon Coin (SCC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for Super Carbon Coin (SCC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SuperCarbonCoinToken", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SuperCarbonCoinToken" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SuperCarbonCoinToken",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SuperCarbonCoinToken"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
}

120
2018/13xxx/CVE-2018-13350.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13350", "ID": "CVE-2018-13350",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the \"Event\" parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a", "description_data": [
"refsource" : "MISC", {
"url" : "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a" "lang": "eng",
} "value": "SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the \"Event\" parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/vulnerabilities-in-terramaster-tos-3-1-03-fb99cf88b86a"
}
]
}
}

130
2018/13xxx/CVE-2018-13682.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13682", "ID": "CVE-2018-13682",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for ViteMoneyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for ViteMoneyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ViteMoneyCoin", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ViteMoneyCoin" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ViteMoneyCoin",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ViteMoneyCoin"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
}

190
2018/16xxx/CVE-2018-16540.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16540", "ID": "CVE-2018-16540",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html" "lang": "eng",
}, "value": "In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact."
{ }
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c432131c3fdb2143e148e8ba88555f7f7a63b25e", ]
"refsource" : "MISC", },
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c432131c3fdb2143e148e8ba88555f7f7a63b25e" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=699661", "description": [
"refsource" : "MISC", {
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=699661" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.artifex.com/news/ghostscript-security-resolved/", ]
"refsource" : "MISC", }
"url" : "https://www.artifex.com/news/ghostscript-security-resolved/" ]
}, },
{ "references": {
"name" : "DSA-4288", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4288" "name": "RHSA-2019:0229",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2019:0229"
"name" : "GLSA-201811-12", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201811-12" "name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c432131c3fdb2143e148e8ba88555f7f7a63b25e",
}, "refsource": "MISC",
{ "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c432131c3fdb2143e148e8ba88555f7f7a63b25e"
"name" : "RHSA-2019:0229", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2019:0229" "name": "GLSA-201811-12",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201811-12"
"name" : "USN-3768-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3768-1/" "name": "https://bugs.ghostscript.com/show_bug.cgi?id=699661",
} "refsource": "MISC",
] "url": "https://bugs.ghostscript.com/show_bug.cgi?id=699661"
} },
} {
"name": "USN-3768-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3768-1/"
},
{
"name": "https://www.artifex.com/news/ghostscript-security-resolved/",
"refsource": "MISC",
"url": "https://www.artifex.com/news/ghostscript-security-resolved/"
},
{
"name": "DSA-4288",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4288"
},
{
"name": "[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html"
}
]
}
}

180
2018/16xxx/CVE-2018-16847.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "lpardo@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2018-16847", "ID": "CVE-2018-16847",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "QEMU:", "product_name": "QEMU:",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "[UNKNOWN]" "vendor_name": "[UNKNOWN]"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "7/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-787"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20181102 CVE-2018-16847 QEMU: nvme: Out-of-bounds r/w buffer access in cmb operations", "description_data": [
"refsource" : "MLIST", {
"url" : "https://www.openwall.com/lists/oss-security/2018/11/02/1" "lang": "eng",
}, "value": "An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process."
{ }
"name" : "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html", ]
"refsource" : "MISC", },
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html" "impact": {
}, "cvss": [
{ [
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847", {
"refsource" : "CONFIRM", "vectorString": "7/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847" "version": "3.0"
}, }
{ ]
"name" : "USN-3826-1", ]
"refsource" : "UBUNTU", },
"url" : "https://usn.ubuntu.com/3826-1/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "105866", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/105866" "lang": "eng",
} "value": "CWE-787"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847"
},
{
"name": "[oss-security] 20181102 CVE-2018-16847 QEMU: nvme: Out-of-bounds r/w buffer access in cmb operations",
"refsource": "MLIST",
"url": "https://www.openwall.com/lists/oss-security/2018/11/02/1"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html"
},
{
"name": "USN-3826-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "105866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105866"
}
]
}
}

130
2018/16xxx/CVE-2018-16870.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2018-16870", "ID": "CVE-2018-16870",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "wolfssl", "product_name": "wolfssl",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "before 3.15.7" "version_value": "before 3.15.7"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://cat.eyalro.net/", "description_data": [
"refsource" : "MISC", {
"url" : "http://cat.eyalro.net/" "lang": "eng",
}, "value": "It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data."
{ }
"name" : "https://github.com/wolfSSL/wolfssl/pull/1950", ]
"refsource" : "MISC", },
"url" : "https://github.com/wolfSSL/wolfssl/pull/1950" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wolfSSL/wolfssl/pull/1950",
"refsource": "MISC",
"url": "https://github.com/wolfSSL/wolfssl/pull/1950"
},
{
"name": "http://cat.eyalro.net/",
"refsource": "MISC",
"url": "http://cat.eyalro.net/"
}
]
}
}

140
2018/17xxx/CVE-2018-17831.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17831", "ID": "CVE-2018-17831",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/redaxo/redaxo/issues/2043", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/redaxo/redaxo/issues/2043" "lang": "eng",
}, "value": "In REDAXO before 5.6.3, a critical SQL injection vulnerability has been discovered in the rex_list class because of the prepareQuery function in core/lib/list.php, via the index.php?page=users/users sort parameter. Endangered was the backend and the frontend only if rex_list were used."
{ }
"name" : "https://github.com/redaxo/redaxo/releases/tag/5.6.3", ]
"refsource" : "MISC", },
"url" : "https://github.com/redaxo/redaxo/releases/tag/5.6.3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://redaxo.org/cms/news/sicherheitsluecke-und-neue-yform-version/", "description": [
"refsource" : "MISC", {
"url" : "https://redaxo.org/cms/news/sicherheitsluecke-und-neue-yform-version/" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/redaxo/redaxo/issues/2043",
"refsource": "MISC",
"url": "https://github.com/redaxo/redaxo/issues/2043"
},
{
"name": "https://github.com/redaxo/redaxo/releases/tag/5.6.3",
"refsource": "MISC",
"url": "https://github.com/redaxo/redaxo/releases/tag/5.6.3"
},
{
"name": "https://redaxo.org/cms/news/sicherheitsluecke-und-neue-yform-version/",
"refsource": "MISC",
"url": "https://redaxo.org/cms/news/sicherheitsluecke-und-neue-yform-version/"
}
]
}
}

150
2018/17xxx/CVE-2018-17925.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-10-09T00:00:00", "DATE_PUBLIC": "2018-10-09T00:00:00",
"ID" : "CVE-2018-17925", "ID": "CVE-2018-17925",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "iFix", "product_name": "iFix",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.0 - 5.0" "version_value": "2.0 - 5.0"
}, },
{ {
"version_value" : "5.1" "version_value": "5.1"
}, },
{ {
"version_value" : "5.5" "version_value": "5.5"
}, },
{ {
"version_value" : "5.8" "version_value": "5.8"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "GE" "vendor_name": "GE"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. Only the independent use of the Gigasoft charting package outside the iFIX product may expose users to the reported vulnerability. The reported method shown to impact Internet Explorer is not exposed in the iFIX product, nor is the core functionality of the iFIX product known to be impacted."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unsafe ActiveX Control Marked Safe For Scripting CWE-623"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-282-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-282-01" "lang": "eng",
}, "value": "Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. Only the independent use of the Gigasoft charting package outside the iFIX product may expose users to the reported vulnerability. The reported method shown to impact Internet Explorer is not exposed in the iFIX product, nor is the core functionality of the iFIX product known to be impacted."
{ }
"name" : "105540", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105540" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Unsafe ActiveX Control Marked Safe For Scripting CWE-623"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105540",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105540"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-282-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-282-01"
}
]
}
}

150
2018/17xxx/CVE-2018-17980.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17980", "ID": "CVE-2018-17980",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is executed. (The directory could, in general, be on a local filesystem or a network share.)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45611", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45611/" "lang": "eng",
}, "value": "NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is executed. (The directory could, in general, be on a local filesystem or a network share.)."
{ }
"name" : "http://hyp3rlinx.altervista.org/advisories/NOMACHINE-TROJAN-FILE-REMOTE-CODE-EXECUTION.txt", ]
"refsource" : "MISC", },
"url" : "http://hyp3rlinx.altervista.org/advisories/NOMACHINE-TROJAN-FILE-REMOTE-CODE-EXECUTION.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/149784/NoMachine-5.3.26-Remote-Code-Execution.html", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/149784/NoMachine-5.3.26-Remote-Code-Execution.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.nomachine.com/TR10P08887", ]
"refsource" : "CONFIRM", }
"url" : "https://www.nomachine.com/TR10P08887" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://www.nomachine.com/TR10P08887",
"refsource": "CONFIRM",
"url": "https://www.nomachine.com/TR10P08887"
},
{
"name": "45611",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45611/"
},
{
"name": "http://packetstormsecurity.com/files/149784/NoMachine-5.3.26-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/149784/NoMachine-5.3.26-Remote-Code-Execution.html"
},
{
"name": "http://hyp3rlinx.altervista.org/advisories/NOMACHINE-TROJAN-FILE-REMOTE-CODE-EXECUTION.txt",
"refsource": "MISC",
"url": "http://hyp3rlinx.altervista.org/advisories/NOMACHINE-TROJAN-FILE-REMOTE-CODE-EXECUTION.txt"
}
]
}
}

150
2018/4xxx/CVE-2018-4230.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2018-4230", "ID": "CVE-2018-4230",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the \"NVIDIA Graphics Drivers\" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of a race condition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44847", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44847/" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the \"NVIDIA Graphics Drivers\" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that triggers a SetAppSupportBits use-after-free because of a race condition."
{ }
"name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1549", ]
"refsource" : "MISC", },
"url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1549" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT208849", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208849" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1041027", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1041027" ]
} },
] "references": {
} "reference_data": [
} {
"name": "44847",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44847/"
},
{
"name": "1041027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041027"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1549",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1549"
},
{
"name": "https://support.apple.com/HT208849",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208849"
}
]
}
}

34
2018/4xxx/CVE-2018-4728.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4728", "ID": "CVE-2018-4728",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }